@stephenw10 Thanks for the info. I came across pfMonitor which is a central management for pfSense devices. https://pfmonitor.com/index.php Do you know what are the differences between pfMonitor and the upcoming Multi-Instance Management from Netgate ?

@stephenw10 will try standard boot instead of efi, this is a Qotom Mini PC Q20331G9 1U.

I wouldn't consider my opinions more educated than others - I just had more time to make mistakes compared to other folks due to my age - and tried to remember a few of the things that went boom in my career. @chpalmer said in pfSense Installer Hinders Offline Network Deployment: I would ask if you had actually downloaded any of the installers before arriving at your venue?? I am having my ol' and trusty images by now plus a couple of ISO files on a Ventoy stick to save me some trouble as even a readily installed device can fail and you need to reinstall on a fresh disk in a pinch. Been there, done that. @chpalmer said in pfSense Installer Hinders Offline Network Deployment: But my advice is to always look for what could bite you in the days before during the planning stages.. Borrowed hardware on a budget is a sure way to bite you. Question is not 'if', it's 'when'. Especially when you receive certain parts just on site. We do get sponsored hardware at some point which are questionable as well and you get them a couple of hours before the opening. So firmware and stuff is really handy and a small fileserver in the admin vlan hosting that stuff is a must have at that point. My worries is really about the future deployments to come especially on some crucial infrastructure like a firewall...

@kwangmien There is a section in this forum for IDS/IPS where you find all you need on Suricata and Snort. Then there is another package called pfBlockerNG which I guess is what you might be thinking of as web filter. https://forum.netgate.com/category/53/ids-ips https://forum.netgate.com/category/62/pfblockerng No software licenses required and there are both free and paid versions of the rulesets used. And for pfblocker you would benefit from getting a MaxMind license, also free.

Changing the nic type and opting out of the CGNAT network address space seems to have corrected whatever issue I was having.

That implies the client cannot ARP for the IP. That could be because the LAN stops responding entirely but no way to be sure without more tests.

Wow...this is still going...

@stephenw10 Issue #15734 created. -nic

@aaronssh said in FW rules for subnet-only traffic?: Adding this rule to allow traffic within the subnet solved my problem This rule does work but is suboptimal. "More correct" would be to change the second _net to _address.

The Nord DNS servers are only accessible via the VPN. So setting it to 'none' or 'wan_pppoe' in general will fail. I have no idea how you have the lancache server setup. I would assume anything you want to use that has to also use it for DNS. In turn its own dns queries can only be either via the VPN or not. So I'd expect to only use it for VPN clients or non-VPN clients. In general. Though you could use domain overrides in Unbound to forward specific queries to it.

@johnpoz the firewall router to which the workstation from which I ran the command is connected is pfsense

@WhoAmI68 said in Sed stream editor on the filter.log file: I am using this sed stream editor "sed -i '' '/65.20.170.33/d' /var/log/filter.log" to delete the match line from the filter.log file. sed reads the file, 'seds' it and rewrites the same file ? But what about this ? AFAIK : can syslog 'grep' what it is outputting ? Thus filtering the messages. ? If so, have a look at where /etc/syslog.conf is created, add your grep instructions and call it a day ?

It will fragment if the MTU is to large

@NaibElSayel said in intel i350-t4 always shows network connection down on pfsense 2.6 and higher: @stephenw10 nope no issue, it seems legit @WN1X Awesome!

@michmoor said in DNS Resolver not resolving a specific hostname: Ok...Figured it out. It was due to logging settings Previous global letting setting wouldn't have shown me the blocks Lesson to be learned ... - Anytime you have a blocking package installed (pfBlockerNG, DNSBL, Snort, or Suricata) and something acts weird or does not work, 99 times out of 100 it's going to be the blocking package(s) that is the cause.

Mmm what are the devices in these subnets you are testing between? The fact you mentioned 'TV-stream supplier' initially makes me thing there is more in play here than simply routing between two subnets.

I would use snort also :)

@stephenw10 That's good to know. This event has prompted me to review and record all the firewalls we manage and note down their keys. TBH, the pfsense HA config is like magic when restoring. I always expect it to be more of a hassle to rebuild a firewall that has lots of interfaces, vlans, DMZs, and special rules but it always works out like magic!

Yup I would always set a limited source for that.

Big grin on my face...