Time zone mismatches can cause problems with other systems or flag up alerts, less so with Windows as it doesnt record time properly in the first place which is why you'll never see windows being used in High Frequency Trading platforms which rely on fractions of a second to carry out trades, but even this years leap second will cause some problems if the programmers are not aware of it.

Thank you Derelict

A fix will go in for 2.2 that will correct the issue.

ok well i might have answered my own question.  i reset pf and the modem, disabled ip passthrough.  The PF wan nic got a 192.6i.15 address, i plugged my laptop into the switch where the pf lan nic is uplinking to, i pulled a dhcp ip from pfsense however i cannot ping out. am i screwed with the idea of using pfsense in this situation?  i need and want to loadbalance these lines. i sit here not totally sure of what the actual problem is. right nbow pf only has 1 ipdsl line pluggedd into a wan nic, and since i reset pf to defaults there is no other config confusing it.  it has 1 wan and 1 lan and i still cannot get outside.  WTF am i doing wrong here?

@Derelict: I would do a couple things: First, /24s are fine and everyone expects them. I would pick something at random like 172.24.0.0 then split that into /24s. 172.24.0.0/24 172.24.8.0/24 172.24.16.0/24 172.24.24.0/24 172.24.32.0/24 … That way you can increase any of the subnets if you want later.  You can cover everything with 172.24.0.0/16 if you want. If you're going to renumber, just get off 192.168.0.0/24, 192.168.1.0/24, and 10.anything/anything.  Your likelihood of having a collision over a VPN with the above 172.24.0.0 networks is pretty slim. No need to go nuts.  Main thing is to get off the common networks to avoid future collisions. I lied. I forgot an interface/VLAN. It's actually this: Current Setup: WAN1 - 5x Static IP's from ISP1 WAN2 - DHCP from ISP2 LAN - 10.x.x.x/24 OPT1 - 10.x.x.x/24 (wifi) OPT2 - 10.x.x.x/?? (VLAN to kids/family wireless router) OPT3 - 10.x.x.x/24 (VLAN to ESXi Cluster1) OPT4 - 10.x.x.x/24 (VLAN to ESXi Cluster2) OPT5 - 10.x.x.x/24 (VLAN to ESXi VMkernels) I see your point with the 10-dot Class C's… but it is what it is at this point and I/we have used these numbers for years so they correspond to things and would be a PITA to change. The only thing that will EVER be attached to that VLAN is that one wireless router. VLAN's are easy enough to create and/or modify anyway. Unless anyone has reason not to I'll just give the thing a full Class-C and be done with it. Thanks.

If it were me I'd take a backup of the config, install fresh, and put a minimal config on it (just WAN/LAN/NAT, no snort, no packages,etc.).  If it still does it, you've pretty much eliminated pfSense and can start looking elsewhere. You can always restore the config and be back where you are now.

@donaldo: so is the warning something to be concerned about? It'll cause GUI display issues and the error pasted by OP because of the PHP bug linked earlier in this thread. Things that actually use the certs though should all be fine as none of that is dependent on PHP.

I think, you have some trouble with network classes. A class A net has the CIDR /8, a class C /24. https://en.wikipedia.org/wiki/Classful_network 192.168.1.10 /255 is no possible network. A class A net for wifi??? You will need thousands of APs to serve the clients. But this is your beer and not the topic. If you don't remove the default allow rule on LAN interface or add a block rule for your local network on the top the wifi clients will also be able to access your local hosts! So the firewall will have no effect! To access the 192.168.1.10 WAN IP at first you have to remove the check at "Block private networks" at the interface configuration tab. Then you have to add a rule (Firewall > rules > WAN) to allow traffic on WAN interface to WAN address and the Webconfigurators port (by default 80 and 443 > therefor you may use an alias). You may also restrict the source to allow access just from a view IPs.

@doktornotor: @TyMac: Also, I still cannot actually log in with the AD admin user. Cannot log in where? You know, this works just fine here for the WebGUI, with RouterAdmins AD group, and same pfS local group with proper permissions assigned. Worked in 2.1.x, still works with 2.2. Also working for OpenVPN + Radius/AD. Post some logs/info, nothing to work with here! Can't log in to the pfsense web admin page with the admin AD user I created that works with the bind credentials parameter.  What log do you want me to post?

Thanks for coming back with that useful info. Must be quite a few people that have been hit by this. Safari 5.0.1 was released in 2010 though so almost everyone using would be affected you'd think. Steve

You could try disabling and then re-enabling RRD backend graphing. Select 'Status/RRD Graphs' from the top menu. Select the 'Settings' tab then untick and re-tick the 'enables' option.

sorry went on holiday and busy. the issue was the first switch, it is a fast Ethernet, i switched the switches. I now have full gigabit on both wan and lan. thank you guys for putting up with my ignorance, I greatly appreciate you guys being fast on your responses and taking the time to help me out.

WAN should default to DHCP.  Is your DSL PPPoE or DHCP?  You might need to call your ISP for the details. Have them also tell you how to get your DSL modem in bridge mode so it's transparent and the pfSense WAN address picks up the outside IP address. Then you need to configure your WAN interface for either DHCP or PPPoE according to their instructions.

Does not make any sense whatsoever unless it's a managed switch with VLANs. Cannot even see how does that fix the "everytime we control internet access (giving internet access to specific IP, blocking websites etc.) we always call our ISP to perform the task" issue.

If you want to see the requests like that with URLs, you need Squid and its logging. Squid is essentially equivalent to TMG's logging of proxied traffic in that regard.

I've had good results with Snort.  pfSense also has Suricata.  Both are IDS engines (Intrusion Detection System) that load daily update files with threat parameters.

Hmmm I just tried again and it worked OK, not sure what I did wrong. Maybe I'll delete this thread.

If your topic "Want to Hire A Consultant" is right then have a look here: https://www.pfsense.org/get-support/#commercial-support