Very true.. Some isp device might have filters put in place..  But seems odd that they would filter multicast traffic between switch ports.  But possible they might of done that between the wifi and the wired.. Not a fan of any of the devices where you put multiple technologies into one box..  Switch should be your switch, wifi should be AP(s) connected to your switch ;) and your router/firewall should be just that your firewall/router.  This way you don't run into any inconsistencies to how things work like a switch blocking multicast unless you specifically set it to do that, which any decent smart/managed switch would allow you to do. For example I have a low end smart netgear switch that allows you to enable igmp snooping, but can not limit or pick which ports that is enabled on etc.  Its either on or off for everything.  While my cisco switch gives me full control over stuff like that.

^What he said. You can also try Dansguardian, although it's mostly used for managing access to sites rather than direct proxying per se.

Also update my server address to the CN as per the certificate generated by ClearOS, still no luck…. :(

How are you checking the MAC address? Did you perhaps enable MAC spoofing in the interface options? Your ISP appears to only accept DHCP requests from verified MAC addresses, am I wrong?

@KOM: https://doc.pfsense.org/index.php/VoIP_Configuration This may apply to you: Set Conservative state table optimization The default UDP timeouts in pf are too low for some VoIP services. If phones mostly work, but randomly disconnect, set Firewall Optimization Options to Conservative under System > Advanced, Firewall/NAT tab. A keep-alive or re-registration on the phone set for 20-30 seconds or so can also help, and is often a better solution. Hey KOM, Thanks for your help. Just got back on pfSense and made firewall change as per your suggestion a few minutes ago. Will see if this stops the disconnections after a couple hours inactivity on the phone. I am not sure how to apply the 'keep alive'? Is that on the pfSense side or a setting on the phone side? Not really sure how to proceed. Thanks for your help!

did you put the rule it needs to be above other rules that would allow. Also curious are you natting from your lan to you wan?  If your wanting to use pfsense as router/firewall between your rfc1918 networks there is no reason to nat.. But out of the box pfsense would nat.  What did you use for the protocol on your block rule.. Default when you create a new rule to tcp… Which would allow icmp.

I understand, I will reinstall tonight after all clients go home :0 Thanks all for support :D

This is not a primary spam solution, but it does help. One thing I do that seems to word very well is: Install pfBlocker and block everything outside the commercially valuable countries (US and Canada for our company) Put your mail server inbound rule below these pfBlocker rules. Create a second MX record and install SpamD Point the MX record to your pfSense box. This way, mail outside the commercially valuable countries is subject to SpamD rules.

@andyroo54: They are a quad port nic.. right? Still separate interfaces like em0, em1, etc… for the OS. A quad-port NIC is NOT a switch. Those are 4 dedicated NICs on a single plug-in card.

Thanks

if your connection goes down every 5 minutes, then there is something seriously wrong. are you having conflicting subnets between wan & lan?

I have see something : I need to put my lagg0 in promiscuous mode? or I need to put my nics (bge0,em0,em1,em2,em3) in promiscuous mode? it is the right thing to do for my problem?

Ok! :D if I want to log the sites visitated in http e https? Thanks

Generally the only thing that would cause those symptoms is a WAN subnet that overlaps with your LAN, or putting the same IP on WAN as on LAN. Using option 15 at the console to go back to the previous config (and reboot after doing so) will get you back to where you started.

What type of WAN? DHCP, PPPoE, …? What logs are you getting at the time?

@ragnor: I am running pfsense in a VM so maybe it is something to do with that. What about removing the USB support (at least : this port/device) from your VM ?

Fixed it! Now it's working nicely! I used to have a VM with pi-hole.net but if I can have ad filter directly on the router, much better Now I will have to read more about easylist, so I can add Adblock lists!