Soulds like you should fix your COM port speed in PuTTY to get more useful screen output.

DNS is enabled now with TCP/UDP and it is working thanks guys!

The configuration of everything is in config.xml including package settings. The trickier part of really being "ready to go" with the backup system is that you need to get the actual package code/binaries onto it. If it happens to use DHCP on WAN then you can plug it in somewhere that is not the live office LAN (because that IP range will already be on the LAN side of the backup device) and let it get DHCP. Then you can do an upgrade of pfSense to the latest version and let it install all the packages… while it is running a copy of your real config.xml. If the production WAN settings are some static IP or PPPoE or... then it only works when connected to your production ISP link. You have to either: a) Modify the WAN settings to get it internet access from somewhere, do the upgrade, package installs, change the WAN settings back to (hopefully) the correct ones for production, or; b) Take the production system offline for a bit (downtime), put the backup system in place, upgrade the backup with package installs..., shutdown the backup spare and put the production back online. It is all a bit tricky to get a full operative cold spare installed and completely ready-to-go in a reliable way without interrupting production. Maybe someone else has a good method for this?

Resetting the LAN ip worked.  Thanks much.

@cmb: They may have a standard of requiring a static IP, or have equipment where it isn't possible to configure it without one. Yep - one of the above is true.  They are insisting on a static IP before they'll set the tunnel up. Thanks, Frank

Well, you made good point. Thank you very much for support.

@pfBug If the Modem/Router in your small drawing is a real router from the ISP and it is making also DHCP it could be that your pfSense will be getting even a new IP address as WAN IP! This is really not so good and luckily like it perhaps sounds to you. From my point of view you could go now tow different way, that will fitting your needs and solve the problem. If your switches are only plain unmanaged switches the pfSense as a firewall would not really making sense at this place you are setting it up for my understanding, sorry but there fore it should be one VLAN where only the router and the pfSense is in. If there are no other devices are connected to this switches and only behind the pfSense then it would be running smooth. Set up the ISP or border Router in the so called "bridge mode", so that he is acting only as a modem And then connect the pfSense WAN Port to the LAN Port 1 of this device, thats it. If this router is then acting only as a modem, there will be no DHCP and WLAN or other services in normal. Set up a router cascade or double NAT would be running straight without any problems. But we must know this first, that is this a modem or a router or a router acting as a modem! Disable DHCP there on the first router, setting up a static IP at the WAN interface at the pfSense. As an example: ISP Router: Net: 192.168.178.0/24 (255.255.255.0) IP: 192.168.178.1/24 DHCP: off pfSense WAN: WAN IP: 192.168.178.254/24 (255.255.255.0) DNS 1: 192.168.178.1/24 DNS 2: empty pfSense LAN: pfSense net: 172.16.1.0/24 pfSense Gateway IP: 172.16.1.1/24 DHCP range: 172.16.1.2 - 172.16.1.254/24 DHCP on:

Do you want laptops and smartphones connect to your rocket M5?

@doktornotor: Like, fix your timezone? Timezone fixed. Like thanks dude totally rad.

Read the GUI notes. Click the appropriate weekday Header to select all occurrences of that weekday. There is no need to do anything with the months.

@pLu: @TyMac: I cannot telnet to port 123. NTP is only listening on UDP. @TyMac: Do I need to configure a firewall rule? Yes, unless you have a permissive "Default allow LAN to any rule". ok thanks creating a rule worked. was expecting that to happen on auto…

Nevermind…grrrr Somehow a "virtual ip" was set on my laptop on the same subnet as lan1. I saw it when i did a nm-tool command in the terminal. I had to delete my network profile and recreate it on my laptop to get rid of it. All is well. Sorry for the wasted time...i was looking all over pfsense for the problem, and couldnt find it because that isn't where the problem even was! -alan

@KOM: Looking though all the errors, I'm amazed it worked at all. Indeed, I'm more surprised it ever worked at all than that it stopped working, given how broken the network was.

did you setup NAT for your DMZ ? Don't confuse the issue.  He's just trying to get out from DMZ at this point, not in from WAN.

Are that mean i must configure it manually on all phones ?!!! Yes.  Android support for WPAD is strangely absent.

I found the fix to my issue. The issue was being compounded by one of my troubleshooting steps. When I disabled packet filtering to verify that it wasn't the firewall rules causing the issue, outbound nat would also be turned off, which won't allow traffic through the wan. The firewall rules I had were only allowing TCP to flow. I was troubleshooting using PING with is ICMP.