I don't know why but after clicking around some more the hybrid outbound nat automatically created the correct rules. Now there is a source 10.0.8.0/24 destination lan address entry and I'm able to access my lan :) Going to set up a fresh VM tonight on my htpc if I got time. Thanks.

"Interesting, is there no way to move this around between ports?" Huh??  Yes there is.. Just assign your interface to the mac you want.  You can do it via the console cli or even in the gui.. But if your doing it from the web gui your prob going to knock your self off.. You need to know the mac of what port you want to assign the interface too.  As you can see with mine the mac are made up since my pfsense virtual.  I did that on purpose so I know exactly which interface is which in my vm setup. But its the same thing for a multiple port nic, each port on the nic will have its own mac, they normally increment by 1.. As to which port is which.. Normally going to go from 1 side or the other so like eth0 might be the top as you look at it or might be the bottom, but the port next to it should be eth1 and then eth2, etc.. [image: assignports_.jpg_thumb] [image: assignports_.jpg]

Root cause of that is this: https://redmine.pfsense.org/issues/6499 if you're in a situation where you're hitting that routinely, the latest 2.3.2 snapshots are stable and include the fix to properly expire those states. System>Update, Update Settings, switch to Development and click Save. Then back to the System Update tab and upgrade there. Upping the max fragment entries will prolong how long it takes to reach the maximum and may suffice for some people.

Can't go wrong with that.

Thanks everyone. I have successfully blocked the device using a MAC address filter on my wireless APs so that the phone can't even even to the wifi network. This keeps the network stable when the employee comes in the the office and forgets to turn off the wifi or tor orbot app on his phone. The only other options I can think of are to A.) change the IP configuration on the Orbot app or B.) Change my pfSense IP. I will continue looking on Android and Tor forums for more info.

If it has 100Mb ports, maybe it's running half-duplex. Old 100Mb port to to new 1Gb ports duplex mismatch is a common reason for errors.

Managed to test this already - with great success! Thanks for your help.

You had the update URL hard coded to the wrong thing in your config in that case. Yes that's also why your RRD data is gone. Reinstall and restore config is the best thing. It's no longer possible to switch architectures even if you force it, so that can't happen again in the future.

I checked and it is passing decrypted traffic. Has anyone tried to the perform SSL break and inspect with pfsense without using the native SSL MITM capability? Do I need to configure it with ICAP?

Well, there is syslog-ng package, at least in 2.3, so you can try to use it. "syslog-ng  1.1.2_3  Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server. Package Dependencies:  logrotate-3.9.2    syslog-ng-3.7.3_1   "

Guessing that's probably while you have something continually loading the dashboard? The dashboard is significantly more CPU-intensive than it used to be especially if you have a lot of widgets, as more things dynamically update.

Some modern SSDs have the same or more writes than mechanical drives. The only difference is the SSD is faster which allows it to reach its limit faster. That said, don't get cheap crap. Look at reviews. If you're concerned about reliability, don't get the latest greatest, look at something that has been out for a year. Or use GEOM RAID1 and get two different types of SSDs, so they shouldn't fail at the same time for the same reason.

@xBlue: I'm having the same issue. How did you solve it? There is a privilege that prevents users from writing changes to the config file…make sure that isn't added. That's how I fixed mine...I guess CTRL+A is the work of the devil just like copy and paste. [image: priv.PNG] [image: priv.PNG_thumb]

NP - glad you got it sorted.  I would suggest you move to current 2.3 vesion.  2.1 is not really a supported version. You might want to look into maybe doing something with what I would guess is bufferbloat since looks like when your downloading something your pings are going through the roof..  A somewhat simple help for that is just turning on codel