Think I've answered my own question, I think it's multicast and broadcasts. I did try a packet capture on the LAN & OPT1 interfaces but I see everything.

Never mind the right google search has set me free.. lol This works really well.. https://forum.pfsense.org/index.php?topic=33218.0

@w0w: You should try to run without wifi. I will. After several tries, including a partial upgrade to v2.3.1_1 (due to the "pfSense-Status_Monitoring-1.4.1_1.txz: Not Found" error) which has generated a big increase of MBUF Usage, I have decided to reinstall v2.3.1 from scratch and make a complete Backup/Restore. I notice a big increase of the MBUF buffer size (247804 instead of 26584 on a pfSense upgraded from 2.2 to 2.3). I'm now with 12h uptime, and MBUF Usage is still correct (classic 1520->1776). I keep you informed.

@nicholfd: Thanks for your feedback. I thought my question was more "generic" is why I didn't include more details.  The question was meant to ask why, in general, one method might be better than the other (trunking VLAN's to pfSense vs. separate VLAN to pfSense/). Thanks, Frank Then you'll want a hybrid approach as I mentioned. You don't want to try and route very high bandwidth traffic use cases through the pfSense box if the Brocade can help route it. E.g. Servers to networked storage. Let the Brocade do VLAN (L3 routing) and apply ACLs accordingly there. For traffic that needs more isolation/ protection, let pfSense handle the firewalling with a VLAN interface (so called trunked to pfSense). Note that certain networks don't even need to be routed in many cases. Typically, your SAN will ride on iSCSI and those networks don't actually need an internet gateway of any sort. If you do actually need internet access on those networks for any reason (obtaining firmware updates etc), then add a pfSense VLAN interface on that network and apply firewall rules + NAT. I don't recommend this approach though. You should always download and check the updates onto a system that is direct attached to the storage networks and use it to apply the updates to the units.

Can anyone help on this as not able to get any connection to anywhere  via vlan!

.

can you please explain to me? :)

Thank you for reviewing the crash report. All of the schedulers in my traffic shaper are set to CBQ and none of them have the "CoDel active queue" setting enabled. How do I determine if CoDel is being used and how do I disable it if it is?

At the moment I'm using an old ThinkPad laptop with the addition of a USB ethernet NIC which only supports 100Mb, the onboard Intel NIC does 1GB, so there is obviously  a bottle neck. I've been looking for a 1GB USB NIC which FreeBSD supports but have been unable to locate one. I do have both USB and PCMCIA 1Gb NICs but can't find drivers for them… Incidentally, is there any way to measure performance of my pfSense box?

NVM, I found out how: Diagnostics > Edit File > /conf/config.xml > Delete everything between tags.

I thought you were asking if the info in the traffic graph is correct. It is. If that wasn't the question, I don't know what you're asking. To answer your original question, the tool that shows the IPs and their throughput is 'rate'.

There is no _2. https://forum.pfsense.org/index.php?topic=113435.msg630835#msg630835 If you messed around with it while things were being changed around earlier, run 'pkg update -f', and upgrade back to 2.3.1_1 if you're on 2.3.1 now.

I tried the manual method, watching what the code/player was doing.  It looks like Vimeo was sending them in pieces (a new piece every 5-10 seconds).  Wether this was to try & prevent copying, for managing live, variable quality/resolution streaming, who knows (anyone?) I found a decent plugin for Chrome (https://chrome.google.com/webstore/detail/download-vimeo-videos-pre/phpaiffimemgakmakpcehgbophkbllkf) and just gave up on trying to do it myself.  The quality seems excellent.  This plug-in is free for a day, then a subscription model.  I grabbed the rest of the hangouts I didn't have and called it a day.

I decided to do the old Windows trick - switch it off and switch it back on (reboot actually)  and lo and behold it started working again…. At least I'll know what to do if it happens again.

4 per minute is nothing. I was getting several per second before I turned off logging on the default block rule. With my 100Mb connection, I could scan the entire Internet in about 1.5 hours. During that scan I will have hit you at least once. Over the period of the day, I will have hit you almost 16 times. That's one computer. There are hundreds and thousands of compromised computers constantly scanning. If it was showing 5-10 per day, then it wasn't showing you everything.

started working, weird. Maybe it was the browser cache. What made me look is I got traffic from China and I set to top 20.