With your listed uses, that hardware is tons of power (both network wise and electrically  ;)  ) Unless you get into RAM intensive packages like Suricata/Snort 2GB will be lots. HD vs SSD similarly won't gain you anything unless your package requirements change (even then - not likely). If and when you move to 500/500 speeds, you might have to look at more CPU power, but probably not.

i have upgraded pfsense to 2.2.4-RELEASE (amd64) built on Sat Jul 25 19:57:37 CDT 2015 FreeBSD 10.1-RELEASE-p15 Congratulations! but i am facing problem with LACP. ??? Would this perhaps help you out with the right information? LAGG (LACP) Behavior Change LAGG LACP defaults to strict mode in FreeBSD >= 10 my switch (that was working prior this changes) probably doesnt' support LACP strict, There are two different ways to set up a LAG (Link Aggregation Group) dynamic LAGs automatically using the LACP (Link Aggregation Control Protocol) static LAGs manually using "setting up" the LAG right and fully identically on both sides by hand Which mode your Switch is supporting? but if i put the sysctl modify proposed here (net.link.lagg.0.lacp.lacp_strict_mode) https://doc.pfsense.org/index.php/Upgrade_Guide#LAGG_LACP_Behavior_Change Ok you where now having created a so called work around to get your switch with limited LAG capabilities or functions working, is this correct? But did you also create a /boot/loader.conf.local file to store this informations for the next pfSense update or upgrade process? Because then all files will be new written and created and your small work around is gone! but if you were creating a loader.con.local file there are not gone! at reboot this option doesn't get kept. For sure! You are changing something at the system and this changes will be persist, for sure, it is a must be because after a reboot no one want to set it up once more and more and more again! can you please give me some information about that? The update or upgrade process will be write all or many files new! So that the former information is not there after this process. Create a /boot/loader.conf.local and put all the changes you made there in and then after an upgrade of the whole pfSense system, do a reboot and all changes will be made once more again automatically.

Something you perhaps misunderstand, given what you describe: when configuring FW, rules apply at "input" level, not "output". This means that is you want to, e.g. grant access to DMZ from internet, you will have to configure rules at WAN interface, source being, most likely, "*", destination being your DMZ.

If you wiped your config and didn't upgrade you're doing it wrong.

Depends on how big of a config it is. George should get back to you on Monday, probably will want to setup a quick Webex to review what you have in place now to put together a scope of work and cost.

go into the developer shell once and create a script: pfSense shell: record checkopenvpn_status Recording of checkopenvpn_status started. pfSense shell: require_once("openvpn.inc"); pfSense shell: $clients = openvpn_get_active_clients(); pfSense shell: print_r(array_values($clients)); pfSense shell: stoprecording Recording stopped. then either do from devshell playback checkopenvpn_status or from normal shell or console: [2.3-ALPHA][root@pfsense.xxxx]/root: pfSsh.php playback checkopenvpn_status Starting the pfSense developer shell.... Array (     [0] => Array         (             [port] =>             [name] => vpn to xxxx             [vpnid] => 1             [mgmt] => client1             [status] => up             [connect_time] => Sat Oct 3 1:49:14 2015             [virtual_addr] => xxxx             [remote_host] => xxxxx             [bytes_recv] => 151003156             [bytes_sent] => 151211004         ) ) adjust however you want offcourse. relevant functions: openvpn_get_active_servers(); openvpn_get_active_servers("p2p"); openvpn_get_active_clients(); for more insight: https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/status_openvpn.php

Much easier fix: https://github.com/pfsense/pfsense/pull/1954 - merged and will be fixed in next 2.2.5 snapshot.

use cheap webhosting instead of vps :) ssh everywhere

Thanks!  I kinda had that vibe.  Just wanted to check

Same here, I noticed a "clear package lock" button in that area: Diagnostics -> Backup/Restore -> Reinstall packages Then I noticed on the installed packages list that there were several packages that had available updates.  So one of the packages isn't re-installing well.  I just manually updated / reinstalled the packages that had updates in the pkg button.

Ended up starting over after a system factory default. Now two weeks later there are problems again!!  >:( Read here > https://forum.pfsense.org/index.php?topic=100549.0

@icemanncsu: … spoofing the MAC address ... and I statically assign the originally assigned DHCP address as a static to the WAN interface. Why that? If you already spoof the MAC then it should pull the same IP from DHCP server. Remember to K.I.S.S.!

@muswellhillbilly: A thought: Every one of the packages you've installed generates log files - quite big ones depending on traffic volume. Have you checked to see whether your filesystem is getting used up with log data? all seems to be logging normal messages. nothing in the logs seems to be a clue.

yeah, the system on that segment (PBX) has its own DHCP server, the person who set it up set it up with DHCP giving out addresses from 192.168.2.1-99, well of course the router interface is 192.168.2.1, so that was the failure.

This is an example directly in Squid. Almost similar behaviour can be achieved using Squidguard that is also able to handle ACL, users and groups. It should perhaps be feasible using pfSense GUI, this I don't know as I'm not Squid user on pfSense  8) logic is always pretty much the same: define white list covering what is allowed to all allow white list access deny group of restricted users authorize all others

Well, I've managed to answer and fix this myself, I had to set the gateway group on the firewall rule, I also had to change the ESXi vswitch configuration and instead of using vlans on pfsense I created seperate vlans on the port group and added a vnic for each vlan…working like a dream. Just thought I'd write back for anyone who may come to face the same/similar issues.

@ivor: Sure, it backs up everything. So when you restore the config upon reboot it will install the package. Thank you, i already install fresh pfsense on 2 new hard drive for backup pusrpose. :) @doktornotor: You should have rather backed up your computer before installing the Acronis POS. Dead serious about it. I don't know about that, thank you i really appreciate it.

I've fixed it. I don't think, that installing newer version helped, since my old one 2.1.2 was working like a charm. More likely it was hardware problem. Network card, that was designated as LAN was prioritised on hardware level, so all traffic tried to go through LAN. I've just switched IP's on network cards and everything working just fine. To whoever might be looking for similar problem - check if your network adapters assigned right and their priority. Thanks to everyone for help.