Yeah your going to want to look here for your answers http://technet.microsoft.com/en-us/library/ff793419.aspx KMS Activation Spells out the default port of tcp 1688 and then section 2 lists what records your dns server must have.

The problem with those test sites is that they all run some java client or some other very high level code that consumes massive system resources in order to display a shiny graph and a 'speedometer'.  >:( The machine I'm writing this on is quite capable of saturating my WAN connections but it can't keep up with the java front end hence it always shows something completely unrealistic. Steve

Squid is first, havp is set as parent for squid

While using Opendns do not forget to block access to outside dns servers from hosts you do want to restrict access.

First step is to assign these ips on firewall -> virtual ips, than change outbound nat (firewall -> nat ) to manual and create your own outbound nat rules to match server with ips.

Not there, no, but if you make an alias with a recognizable name and document it there, then use the alias in that box, it may make more sense later.

I figured it out. You have to login using the "root" account with the same password as the "admin" account. Then it works fine.

It's been a couple of days without incident. So it looks like there's some incompatibility issues with the stock scsi raid in the 345s. The 6i is working fine though.

if you create an url that returns this ip list, then you can create an url or url_table alias and apply it to a rule.

Even if you could copy the log files to Linux, you'd be missing the "clog" binary to read them. Setting up a syslog server on your LAN is a good idea, so the logs are automatically copied over the network as they happen in a standard format.

Are you running it on Internet explorer? If so, change to a supported browser like google chrome or firefox. If not, did you changed any gui permissions do admin user?

Unfortunatelly I have still same problem. This time WAN1 went down and I have to reboot Firewall. I cannot post log about WAN1 failure because this happened at weekend and when I was in office logs about WAN1 failure was already "flooded away" by dhpc- & arping-logs. Some idea? cu Floh

Thx for answering!! My first concern is actually with the network configuration. Should I go with option 1 (the image above) or option 2? In option 2, the public network is connected directly on firewall (pfSense). What would be easier to configure? I'll use Router1 just for routing. Option 2: [image: m1.jpg]

@stephenw10: Tunable name should be: dev.cpu.0.cx_lowest I wouldn't worry about the firewall values unless you have a specific problem. Steve Thanks for the clarification ;D

To reset the states for one IP… pfctl -k x.x.x.x pfctl -k 0.0.0.0/0 -k x.x.x.x To reset all states pfctl -F state And to give the GUI a full reset, which is probably what you want to do anyhow… killall -9 php; killall -9 lighttpd; /etc/rc.restart_webgui

You need to be aware that traffic routed to a load balanced gateway cannot use the system routing table, it all goes to the gateway. This means that if you have any other interfaces, OPT1 say, you won't be able access it from lan. If you need to do that you need a rule to allow it above the default any rule. I'm sure there are many way to acheive external DNS blocking. I'm far from an expert myself, I await any other views.  :) Steve