@netboy Never mind I had an entry error in hosts.conf!!!

Not as far as I know.

As before it might be possible to bring it back as a package if any developers have the available cycles.

Steve

Well you might be able to force it by setting the interface MTU sufficiently small on the interface closest to the laptop. Or on the laptop itself.

There are a lot of reports of it being broken in the Fortinet client though.

@Prez_Mgmt
Ok can confirm releasing the ip, puling out the ethernet and adding it back sorted that.. thanks for all your help @viragomann

@Gertjan Thank you.

@PsyMan2000 said in disaster recovery:

any 3rd party backups for CE or plus that will do a full job?

Have a look at this.

All you need is a 'Windows' PC.
Even better would be a server type Microsoft device.
All you need to do is creating a "Microsoft Windows Cron task" (scheduler something) and have it execute every day - mine fires at 08h00 AM (moments before I start to mess with my pfSense).
It will do a SSH login, retrieve the current config, and manage your downloaded config files, so you can say "keep the latest 100 days".
A real "set it and forget it tool" - and is a nice complement to the ABC solution.

Btw : other, comparable solution exist, I guess.

@makq
not sure whats exactly your question, but yes we have two VDSL and one LTE WAN.

It's a known issue with log rotation. Some of those firewall logs are rotating at ~1min intervals which I would class as quickly rotating.

Though I can't actually find a bug for it right now. 🤔

Well, I was wasting too much time. I blew away the build and rebuilt from scratch. Working fine now with exact same settings.

Very disappointed that a working site is brought down by upgrading.

Thanks for the reply and the attempt to help me.

When you run pkg it tries to update itself and right now the FreeBSD 14 repo has a significantly newer version. 1.2X has a few changes from 1.9X that you're hitting. But you should always be able to use pkg-static.

You should just be able to remove the <sysctl> section from the config and it will go back to using the defaults.

Steve

Yep! I can login to the GUI just fine assuming my user is part of the "pfSense_Admin" group - the same group I have setup in the shell auth group section

@SteveITS

Thanks for the input.

Not sure exactly how you mean to do this. Got some images? Already did this - when I stated seeing the errors in the logs, I did some research and it advised this. Some others (which I have not done yet - give instructions on setting up DNNSEC from the ADDS side). I am guessing you mean this (images) - this is what I have setup (should I change anything? I always question the Network Interfaces and Outgoing settings):

fbb105ca-6466-4583-b754-f5816cda747e-image.png
cd74ce90-5da0-4b81-95ec-2e9c7a8ff3ea-image.png

Thanks for all feedback.

I've upgraded my setup to a xeon e3 1270 and added the 4 port NIC.

It's much faster now but I'm only using 2 ports as usual, LAN and WAN.

As I want the simplest solution I'll just get the switch and solve all my limitations at once.

@AlphaSecurity said in GovCloud Compliance of Google vs. pfSense Open Source Security and Privacy Interests:

I am blocked out from changing the password to one of sufficient quality

Your saying your pfsense was breached, you had it open to the public? The web gui is not available to the public internet out of the box..

If someone accessed your pfsense and changed the password, just console in and reset the password. You then for good measure reinstall clean, etc. The pfsense gui should never be exposed to the public internet without restrictions on what IP can access, or only via vpn access, etc.

@JMV43-0 you know how your router at home nats your public IP to your rfc1918 address. CGnat is like that - the nat is just done in the isp network, and then your router nats the cgnat space 100.64/10 (normally) to your rfc1918 space 192.168/16,10/8 or 172.16/12

Thanks
both IP ranges are /24 now ans can see each other

(feel so silly)

@SteveITS that fs and disk troubleshooting has lots of very useful info - shame it's buried there!

I could certainly image that the faster you push traffic the more is lost, though not necessarily as a percentage.

Do you see the same when connected to other servers? Is that server in London far from you, is the latency high?

Steve

@NollipfSense said in Hot / Standby Pfsense PC:

@stevencavanagh said in Hot / Standby Pfsense PC:

Assuming I back it all up

You're just backing up your workable configuration...nothing more.

Yep, all backed up so just need to order another disk