I was hoping for a nicely formatted display similar to the arp table webpage. Anyways cleaned it up a bit to make it easier to read. arp -a | awk '{print $1""$2""$4}' | sed 's/_/ /g Thanks.

Figured it out : we had smtp notification enabled and the SMTP server configured was not accessible in this test setup. pfSense was always trying to warn about the main gateway being down. When I disabled notifiaction, I was able to open the rule edit page without any delay. The most useful thing that I learned is that the php errors are logged in /var/log/system.log (on my system at least). Once you see the error, it is easier to fix. Thanks for the help !

And what is the AP connection to pfsense - are you directly connected to nic in pfsense or switch?  If only 1 machine goes to shit while others are fine, then it sure not a mismatch on the duplex wired connection, etc. The high ping times could be something wrong with the wifi.  Something wrong with the laptop, etc.  Run a sniff what kind of traffic you seeing? Sniffing on the pfsense nic connected to the AP should tell you what kind of stuff its seeing.  Is there a broadcast flooding going on, is someone running p2p..  Did pfsense see the icmp and really take 500 ms to put it back on the wire? etc. etc..

Weird…..after a reboot, I lost my HAVP group setting again......

Try running a packet capture on the WAN. Look for the DHCP requests from pfSense and the replies from the upstream DHCP server. Try putting some other DHCP server connected to the pfSense WAN (the e4200 perhaps) does it receive an address then? Steve

pfSense is FreeBSD, not Linux. Since it is a Dell server chassis it should have a DRAC card. Maybe and maybe not.  It's an option, and it has licensed features.  The basic DRAC was quite limited, if I remember correctly. but the speed of the network is not as it once was. Do you mean Internet access is slow, or client to client on the LAN is slow? My big question is "How can I check the server for any hardware problems?" There should be a status LED on the front panel that will turn orange or red or flash if there is a problem.

shouldn't this work? http://answers.splunk.com/answers/142652/how-to-get-splunk-to-work-with-freebsd-10.html

Your drive seems dead. Post some information about the HW.

Well, this is odd. Second SSD is now complaining the same as the first. Both SSDs used to sit in my NAS (ZFS) as cache drives so either they both got porked while in there or this motherboard is killing them or psSense is killing them. Both SSDs are 4 years old (found the invoice, was hoping on warranty). Guess a new on is needed and will see from there. pfSense is still running so no rebooting until spare drive arrives…

you are trying to fix a layer2 problem by using a layer3+ solution …. this will never work very well. the solution you actually want involves dynamic vlans & 802.1x authentication. (see this juniper page for a short explanation: http://www.juniper.net/documentation/en_US/junos11.4/topics/concept/802-1x-pnac-dynamic-vlan-understanding.html )

On pfSense console menu (12) developer shell, you can: playback gitsync If you know what you are doing and why, you can GitSync to get the latest changes from the GitHub repo. e.g. for testing coming 2.2.2-DEVELOPMENT script changes without instaling a whole development snapshot.

Only if you've disabled filtering on the bridge members. You can limit and shape on bridged interfaces as far as I'm aware. Bit old but for example: http://blog.davidvassallo.me/2012/10/23/traffic-shaping-pfsense/ There are some restrictions though, such as: https://redmine.pfsense.org/issues/3824 And more importantly in 2.2: https://redmine.pfsense.org/issues/4405 Steve

Haha. I am sorry, but I was not close to a terminal with WebUI access while I asked that question. So I assumed there was a textbox present instead. Good, then this answers my questions. :) ~repne

While you are correct he didn't mention it.. from this statement "Also, when I had SSH enabled I was able to see multiple attempts to break in by brute force;" But sure guess its possible for someone on his LAN trying to brute force his pfsense ssh connection.

@johnpoz: I don't get it??  Why would anyone set up something like that?? And you have multiple down stream routers for different segments as well? Is there anything below those routers?  More routers?  Oh so that is what you meant by gateways..  Why so many??  Where is the core of this network?  So all your routers are running vyatta?  On what hardware?  Why would you not just put in a nice layer3 switch and be done? So what pix, you mentioned a 515 you got rid of.. What are the existing ones?  Why don't you just replace those all with 1 pfsense box?  You can easy add multiple ports there.  But I don't understand why you need so many segments?  If you want the ext and internal - great that is 2 boxes ;)  And then a L3 switch below there for your other segments.  Sure set them up in HA if you want, etc.  So say 4 boxes 2 ext, 2 internal and 2 L3 switches. With the absense of Layer 3 switches would the following be possible? Likely to cause any issues? Green and Orange represent data flow along different VLans (only drawn 2 I have 25 in use) on the internal network. Blue would be a Vlan on the external side for traffic between subnets and would be on a private address range, red would be vlan for internet bound traffic, with the interface being public ips Black lines are the physical connections and would pretty much all be trunk connections. Hopefully that all makes sense, and thank you for your input