Check the system logs on the secondary, odds are it's being pushed a setting that it can't properly apply (usually trying to add a VIP to a missing interface or similar)

@xenHR: What would my cables have anything to do with it. Because with rules like above, there is absolutely ZERO chance you'd get webGUI access blocked by firewall on LAN. Except that you claim that instead can access it on "WAN". Cannot see anything productive coming out of this. Wipe the mess and reinstall the box from scratch, making sure you set up both WAN and LAN properly at install time. @xenHR: The LAN is operating fine except I can't get out or to web gui. Sure. If you plug the cables to a dumb switch, no firewall is involved in traffic flow between boxes on that switch.

Snort has blocked things a time or two for users. You can test DNS from Diagnostics > DNS Lookup or using "host" from the shell. You can check general connectivity by trying to ping a host on the Internet by name. Usually if your DNS and routing are OK, and packages still do not load, it turns out to be either something like snort blocking or maybe broken IPv6 routing that makes pfSense believe you have IPv6 connectivity when you do not. See https://doc.pfsense.org/index.php/Controlling_IPv6_or_IPv4_Preference for a fix for that.

Possible but not recommended. It's best that everyone have a unique certificate, otherwise you may as well not use certificates at all and use auth only.

@BBcan17: Is there a reason why the "COMM" command is not included in the pfSense /USR/BIN folder? Is there any way to download that file from a secure source? Reasoning is the same as any other "missing" item, we remove things that aren't needed and/or to save space. We don't have a need for that utility and nobody has required it before, so it's not included. You can copy the utility from any other FreeBSD installation that is of the same version as pfSense you're using.

yes i read that while searching for an alternative - dns blacklist. sad to say its not updated upto its current version of pfsense. well yeah i use squid3 in order to run smoothly squidguard. but i am hoping for an alternative, a web filter without having a proxy anymore - aside from opendns.

That should work OK with VLANs. You'd put pfSense on a trunk port, and make a separate VLAN for each WAN, and then in pfsense define the VLANs and assign them so they each appear as a separate interface.

That is possible with squid+squidGuard if you're just talking about an HTTP site.

@johnpoz: What about if the url is say https://something.ads.com/somepath/dir/ad.html ?  Since this does not exist on whatever webserver you point to your webserver would normally return 404, and your browser might bark that the SSL on the https isn't trusted.  So you would need to make sure your browsers trust whatever ssl cert your using.. That's still up to the web server. It's quite easy in Apache to have it answer any request with a specific file via mod_rewrite or similar. Other web server software probably has a similar mechanism. Beyond the scope of the forum here, but it turns up easy in a google search, or just look at what CMS packages like Wordpress use in their .htaccess files.

I have tried using the intel card for both LAN and WAN, and separate intel cards, one for LAN and one for WAN without any effect.

got it as I found it in the docs. https://doc.pfsense.org/index.php/Automatically_Restore_During_Install The example with the USB drive gave the answer.

@marvosa: Glad to hear everything is working! As far as the "Allow DNS server list to be overridden by DHCP/PPP on WAN" option, I have it un-checked, although it's moot for me because I have a static IP.  You would only need this option if you're getting your WAN via DHCP and you want to be updated automatically if your ISP changes it's DNS servers. i.e. If you're static, un-check it.  If you're DHCP, check it. you make my Day, thank you so much, and everyone does helps !

The Emerging Threats Rules has a "Policy" category that has Flash alerts. I am using the Paid version, so I am not 100% sure if those rules are in the Free ET Version. If you use Chrome as a browser, Flash and PDF viewing of files is builtin. You can pretty much get away without installing FLASH and Adobe Reader for most installations by using Chrome.

The rules are for traffic arriving on an interface. You can delete rules on each LAN that have "source LAN3" because LAN3 source IPs will never arrive on either LAN. Also delete rules on each LAN3 that have "source LAN" because traffic from the LAN that is local to each pfSense will never arrive on LAN3. You need a rule on LAN3 that allows traffic with source "the LAN subnet of the opposite pfSense". It is probably easiest to make an Alias on pfSense1 for the pfSense2 LAN subnet - "RemoteLAN" - and then add a rule on pfSense1 LAN3 to pass source "OtherLAN". Then do the same pattern of thing on pfSense2 to allow traffic from pfSense1 LAN.

Just to verify, where is PFsense in this scenario?  Can the servers in the DMZ access the LAN?  We need to know the IP schema.  Also, post your server1.conf