You mean on the console? If it gives you a login prompt there, that usually means that the console is password protected. There is an option for that in the GUI under System > Advanced on the Admin Access tab. You should be able to login at the prompt with your admin or root credentials, too.

You could try adding a directive under Advanced features - Custom ACLS like this: acl YourWWWServer dstdomain .YourDomain.tld always_direct allow YourWWWServer This assumes that you have split DNS returning www.YourDomain.tld as a LAN IP address in your DMZ.

You generally wouldn't want to use the firewall GUI web server as a general web server. It defaults to HTTPS (and should stay HTTPS), and it's best not to mix your roles in that way. On 2.2.x and before, it uses lighttpd, and on 2.3 it is now nginx. You're better off standing up a small but dedicated http server somewhere else on the network to serve up those files instead of attempting to use the firewall as a file server.

Not enough info to go by, check the output of "ifconfig -a", "netstat -ni", and look at the link speed and if there are any interface errors. Could be any number of factors though. What type of WAN is it? PPPoE? DHCP? Static IP address?  Is it cable, DSL, fiber, or what?

You seem to have mixed up a few terms. 1. pfSense log files in general are CLOG format, a binary circular log. You can't open them properly in a plain text editor. 2. pfSense firewall log entries on 2.2 and later are in a form of CSV format described at https://doc.pfsense.org/index.php/Filter_Log_Format_for_pfSense_2.2, the log itself is still a clog file. 3. The "BNF" term is used on the link above is for Backus–Naur Form which is the type of grammar used to convey the actual layout of data in the filter log entries. The log is comma-separated, BNF refers to the way the page shows you how the CSV data can be present in the log entries. Long story short, you'll need to run the log files through clog to get plain text as described in the link on point 1 if you wish to open them in a text editor.

Install the cron package and then use "/usr/local/sbin/pfSsh.php playback svc restart openvpn client X" where "X" is the ID of the client you want to restart.

No, that is not possible. Squid can't use authentication if transparent is active on any interface.

/usr/local/sbin/pfSsh.php playback svc restart <name></name>

cisco are a bit pricy… Why not take a look at the unifi stuff.. the new gen AC models, the lite is like $89 and the Pro is $149 https://www.ubnt.com/unifi/unifi-ap-ac-lite/ The new gen AC models support band steering, ATF - DFS is not yet supported in the US..  But there are many enterprise level sort of features but for a home budget price. I have an older v2 AC model, the new Lite and LR models in use.. And as soon as the pro's show back up in stock will be replacing the old v2 with new pro model.  While it works and all.. They don't seem to be giving the band steering and ATF love to the older models. I would be up for selling it for a good price ;)  If you have any interest in that.  If not it will prob just sit on my shelf as a spare..

I would try a different brand of modem.  Zoom makes a few different ones that work well on Comcast, just make sure it's at least DOCSIS 3 and check the number of channels bonded up and down. I've been using a Zoom 5341J that has been pretty good for me. As to "why"  if you can get to a web interface, see if there is anything about "statistics".  Look for errors and such on the channels.  Cable modems are very sensitive to signal levels and SNRs.  There maybe a bad or marginal device inbetween the cable modem and the wore from the street.  If you have any splitters, try removing them (yes you may have to give up TV for the test).  You may need better quality and higher bandwidth ones.  See if you can make a straight run from the outside to the cable mode.

Adam, Sorry for the delay, yesterday was a crazy day! The box that Storm put in is not a switch at all (that's what the guys called that installed it), it's a router that can do PPPoE. The brand is MikroTIK, type is 750UP. I suppose they have it set up in pass-through, so packets are just passed along. It does solve the problem though. -Rob-

Working perfect after replacing the RAM. Thanks!

We don't consider SSDs (mSATA or otherwise) or eMMC as "embedded filesystems" in the traditional sense. They are high quality current-tier disks and don't suffer from the classic limits of flash media like CF or SD cards. They get full installations and can run any packages, assuming they don't eat up all the disk space and RAM of course.

your sure its not 127.0.0.1??  172.0.0.1 seems odd… Does your trace return this for the name? ;; ANSWER SECTION: 1.0.0.172.in-addr.arpa. 7200    IN      PTR    172-0-0-1.lightspeed.brhmal.sbcglobal.net. Can you post up this traceroute..  Are you in Birmingham, Alabama area??  That is what I believe brhmal stands for.

Don't setup squid as a transparent proxy.  It won't do anything to filter HTTPS sites.  If you decide to go the squid route, run it in explicit mode in conjunction with WPAD.

hi I find a way to solve this. use ssh connect to server and edit /etc/inc/services.inc file find {$custoptions} below this add this option dhcp-parameter-request-list 125; and save file restart dhcp it work fine

Just had an epiphany, the traffic stops look like they all happen just after the hour. within the first 5 minutes of the hour, must be a hourly cron job that is causing the problem?

Everything on the same LAN?  Your router should have nothing to do with it.  Are you crossing subnets? If your talking having your DVR on one connection and the cameras on another thats a different story.  (with the pfSense WANs in the path) Cameras open to the internet?  Can you see them from outside your setup?