Yes they are Macs. I installed that package and enabled it but something does not appear correct? I ran: avahi-browse --all and got back: Failed to create client object: Daemon not running EDIT: Never mind even though I enabled it and restarted pfSense, the service was not actually running. I started the service and it is now working. Thanks so much, I did not know this was a package on pfSense! This will most likely solve my other issue of not seeing a homebridge that was running on my wired LAN!!

Thanks for all your input. I am starting to understand the required configuration now. But, it appears there might have been some confusion with what I originally requested. So I decided to put them on a diagram. Attached is a simple diagram (I hate to call it a network diagram) that shows the exact setup I have in mind.  I will try to walk you through with what I am describing in that diagram. Before we get started: I plan to use https://store.pfsense.org/HIGH-AVAILABILITY-SG-4860-1U-pfSense-Systems-P47.aspx as the HA PFSense firewall. OR I might use https://store.pfsense.org/XG-1540/ My Data Center (DC as noted in the diagram) said they will provide one uplink connection with /29. I am hoping to get a second uplink (cross connect?) from them with another /29.  My DC said I can buy more IP addresses as necessary (more on this below). My idea is to connect these two uplink connections provided by the DC to the two managed switches (I like to call them the core switches).  The "core swiches" will be interconnected to provide redundancy between them. 2)  There will be some servers connected directly to the "core switches" with direct Internet access (software firewall). These servers will have public IPv4 assigned to them. I will buy additional /27 or /26 addresses and assign them to these servers as necessary. One connection from each core switch will go into the WAN link of the above PFSense HA device. There will be another two managed switches that will be connected to PFSense LAN link(?) and these switches will split the connections to each server with dual NIC on them. So, the idea is if one of the switch dies the server doesn't loose any network connectivity. Again, these servers will also have public IPv4 assigned to them. I will buy additional /27 or /26 addresses as necessary and assign it to these servers. These additional IP addresses are the ones that need to protected by PFSense. Having said that I am open to any other ideas or suggestions you might have for the network hardware redundancy that I am trying to achieve in order to keep the network downtime minimal. Thank you again. [image: Diagram.PNG] [image: Diagram.PNG_thumb]

why? because its easier.

You are correct derelict – how did miss that?? ;) So is problem is most likely just can not resolve because he is not pointing to his AD dns.. Good catch..

disclaimer: this is just speculation based on some googling is tso offloading enabled? if yes => try todisable it. ifconfig igb1-tso These commands may be placed into a shellcmd tag to execute at boot time to make the change persistent.  (install shellcmd package) this appears similar for em-driver (no clue if its related). https://reviews.freebsd.org/D3192

I was suffering high load on a 2.2.5 system that had DHCP6 enabled on a WAN interface.  It was working (ISP was TimeWarnerCable) but sometime in the middle of the night they decided to switch my modem from bridge mode to router/NAT mode and start handing out 192.168.0.2 to my WAN interface.  This broke DHCP6… Suddenly I saw high load on my pfSense (caused by dhcpd and unbound according to top) and clog -f /var/log/system showed this pattern over and over again every 1-2 seconds: Dec 14 11:52:42 php-fpm[30155]: /rc.newwanipv6: Removing static route for monitor 24.29.99.36 and adding a new route through 192.168.0.1 Dec 14 11:52:42 php-fpm[30155]: /rc.newwanipv6: Removing static route for monitor 2607:f8b0:4006:807::1000 and adding a new route through fe80::8e09:f4ff:fe10:217 Dec 14 11:52:42 php-fpm[30155]: /rc.newwanipv6: Removing static route for monitor 68.237.161.12 and adding a new route through 108.30.185.1 Dec 14 11:52:42 php-fpm[30155]: /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::8e09:f4ff:fe10:217%igb2 Dec 14 11:52:41 check_reload_status: Syncing firewall Dec 14 11:52:37 php-fpm[30155]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2604:2000:f10b:300:208:a2ff:fe09:9bd3) (interface: opt2) (real interface: igb2). Dec 14 11:52:37 php-fpm[30155]: /rc.newwanipv6: rc.newwanipv6: Info: starting on igb2. Dec 14 11:52:36 check_reload_status: Reloading filter Dec 14 11:52:36 php-fpm[98434]: /rc.newwanipv6: Removing static route for monitor 24.29.99.36 and adding a new route through 192.168.0.1 Dec 14 11:52:36 php-fpm[98434]: /rc.newwanipv6: Removing static route for monitor 2607:f8b0:4006:807::1000 and adding a new route through fe80::8e09:f4ff:fe10:217 Dec 14 11:52:36 php-fpm[98434]: /rc.newwanipv6: Removing static route for monitor 68.237.161.12 and adding a new route through 108.30.185.1 Dec 14 11:52:36 php-fpm[98434]: /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::8e09:f4ff:fe10:217%igb2 Dec 14 11:52:31 php-fpm[98434]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2604:2000:f10b:300:208:a2ff:fe09:9bd3) (interface: opt2) (real interface: igb2). Dec 14 11:52:31 php-fpm[98434]: /rc.newwanipv6: rc.newwanipv6: Info: starting on igb2. Dec 14 11:52:30 check_reload_status: Reloading filter Dec 14 11:52:30 php-fpm[67665]: /rc.newwanipv6: Removing static route for monitor 24.29.99.36 and adding a new route through 192.168.0.1 Dec 14 11:52:30 php-fpm[67665]: /rc.newwanipv6: Removing static route for monitor 2607:f8b0:4006:807::1000 and adding a new route through fe80::8e09:f4ff:fe10:217 Dec 14 11:52:30 php-fpm[67665]: /rc.newwanipv6: Removing static route for monitor 68.237.161.12 and adding a new route through 108.30.185.1 Dec 14 11:52:30 php-fpm[67665]: /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::8e09:f4ff:fe10:217%igb2 For now I just disabled that WAN interface completely which has caused things to settle.  Not sure why the lack of valid DHCP6 would cause the router to go into a tailspin though.

If I use the ldap option, the User will be required to enter login / password to browse. NTLM takes the User section, requiring no login / password. Thank help everyone.

OK, thanks. That answered my question.

For future usage or other new switches it might be working also well, to connect the switch at first to your PC and change the IP address to the default IP address from the switch with a small tool named NetSetMan for this.

+800 public schools, each one with his own internet access.

Thank you so much John. I will play around with it and update this thread (probably looking for more help) with my finding. Regards Jacob

My mail provider is Google. As I created an application password (16 characters), it reports some SMTP activity each time I push on send "TestMail". If I alter the password and resend a TEST mail … the System-log reports it all fine but the "Activity reported on the account" does not report any trace of the attempt. Fishy ... \T,