Perfect.  Thanks.

The configuration I created for them was straight LDAP on the pfsense side originally, and it failed.  I was assured by the second party they were NOT running LDAPS, and that I must be typing the account credentials wrong.  Once I loaded the ldap verbose logging tool in pfsense, I suspected that LDAPS was in play, and explained that we needed to exchange root certificates and that conversation hit a brick wall fast.  I would always prefer secure setups, but my issue is that I don't always work with people that understand their own networks.  Every now and then I have to tell people (nicely) that they are in fact running something they think they aren't, and I always want good technical information to back me up when I do . Thanks again for the prompt reply, this was a big help.

Mind your B's and b's. :-)

Thank you sir  ;D I've been fiddling with the network card tweaks (apparently I had some, but according to the forum not all). I think the problem has gone away like a fart in the wind ( ;D ;D ;D )

It is fairly general. If I have a notice and go to a webGUI page that is longer than the screen, then scroll down to the middle/bottom of the page, then click the "unread notice" button, the page jumps back to the top and/but the Acknowledge All Notices popup appears somewhere down the page on the right-hand side. I am on Firefox 31.4.0ESR

Uhm… is there something wrong with the RRD graphs?

Given you have a VMWare stack available, have you tried installing a test pfSense system in parallel to see whether you can duplicate these effects on a different guest on the same VM environment? It might be worth setting this up using NICs defined within the VM config instead and see whether the same issue arises. I've heard of a number of issues concerning upgrading to 2.2 and maybe a clean install would be a useful way to establish if the problem is down to the (in-place?) upgrade.

@johnpoz: doesn't make any difference to the rule..  but just makes it look cleaner ;) I like things to look clean ;) btw im going rethink my whole network, sketch it first. Thank you guys for you time and help

:P :P :P

Keep an eye on that file, if it has anything in it, post back with its contents.

This was also reported some time ago: https://redmine.pfsense.org/issues/2901 I guess you have some traffic shaper set up. What is in /tmp/rules.debug?

Until these issues are worked through, does anyone know a quick & easy way to just restart the apinger service every XX hours on a schedule using cron, or e.g. every day at midnight etc?

Great find! This should be pinned and probably added as example in the pfSense UI.

Ok I found the issue. Due to a bug in the gui-code, the PAP-setting wasn't written to disk. After fixing this, everything now works. https://github.com/pfsense/pfsense/pull/1472 /Basse

@galto: To try an understand how pfSense works, I was going to see if I could figure out how the captive portal and radius plugin implemented. I have a demo VM setup. My VM setup is working as expected. I also have a cloned the repository. But now realize I don't know where to start trying to understand the implemented architecture. Are there any guides that would be a good starting point? Nothing great, but for what you're wanting to dig into it won't require much. Check out the development board here. https://forum.pfsense.org/index.php?board=32.0 But mostly all you need to know for what you're looking at there, check /etc/inc/captiveportal.inc and you'll find all of how captive portal works. Find the specific part there that you're after, and you can trace functions further from there as needed (most of which will be from something in /etc/inc/).

I figured out what was going on and I am posting here in case anyone else has the issue and can use the information… It turns out the black arrow pointing to the left in the interface column in the firewall log means that it is a communication that is OUTBOUND from the WAN interface itself, not from a host using the WAN interface. This was happening because I had created a separate VLAN (say, VLAN5 at 192.168.5.0), assigned an Access port to it and set it as that port's PVID. I had then connected a LAN port on a Linksys 4-port router to that port on my L3 switch thinking that the Linksys would just act as a dumb switch and allow the wireless clients to connect. What was happening is that a wireless host would communicate OUTBOUND, and the external host would reply but the NAT on the router was routing the reply back to the WAN port on the firewall (since, to the Linksys, the initial communication came from there) rather than the internal host that had initiated the conversation. When the WAN port would attempt to reply, the default block rule blocked it and it was logged. That's why it continued to block and log it even after I set a rule, as a test, allowing the WAN port to communicate externally to any IP using any protocol. To fix it, I reflashed the router using DD-WRT which allowed me to set it up as a true dumb switch, which also allows wireless clients to connect and seem to the rest of the networks like they are simply hosts physically connected to one of the physical ports. Now the router does no NAT, the WAN port on the router is disabled and everything is working as it should. Thanks again to marvosa for the time and assistance.

OK,I will use livecd to test NIC.I hope can upgrade to 2.2  :D