This could be a nice one to have a watch too as you are totally new to pfSense:- A 50mins video with pfSense 2.2.2 firewall setup and features overview. https://youtu.be/dfix8WsNSHc

You already have the most optimal setup. What's wrong with having the wireless AP connected to the switch? What cable modem do you have? Some Hitron models have been known to have major problem connecting to 100Mbit NICs.

NTPD RRD shows an average of 0.14ms offset and a maximum 0.4ms offset over the past 24 hours.

Hi neo243, wow that is exactly what fixed it! I constantly had to chose between VLAN6 or PPPoE on my interface but this has enabled me to do both! Thanks everyone for all your efforts! Grt Bram

OK - so Scythe sent me another set of brackets, install is now complete and working fine.  So, for anybody wanting to do a motherboard swap, I can confirm that, in my case at least, everything went just fine.  I did end up keeping my NC360T card and hooking up my WAN/LAN wires to the exact same ports (keeping the motherboard's NICs for future expansion or what not), but pfSense just fired up as if nothing had happened. Two questions, though : 1.  I used to see the CPU temp in the dashboard, with my AMD CPU.  I don't anymore with the X3430.  Is there a reason for this?  Can I restore it? 2.  Is there such a thing as ipmitool in pfsense?  My searches seem to indicate there is, but a simple command to reset the IPMI password, which worked fine on FreeNAS (ipmitool -I open user set password 2 ADMIN, to reset to the default "ADMIN" for example) didn't work in pfSense - device not found or some such.  I didn't try modifying fan parameters with ipmitool, just figured I'd ask you guys first. Totally unrelated : anybody else seeing arpwatch as a red "X" on the dashboard ever since update to 2.2.3? Cheers!

Are you certain the user is being put into the correct group? I can't think of any reason why that privilege wouldn't work from LDAP unless the user wasn't actually being detected as a member of the group that included the privilege.

Incoming traffic on WAN is blocked by default.  LAN is wide open.  Any extra interfaces like OPT1 will have to have at least one rule added to allow access out. https://doc.pfsense.org/index.php/Main_Page

Huh… No, restarting webserver does no network damage.  :o

Ipsec may be a more hopeful possibility with the TZ210. You might post a question in the IPSEC forum about creating a connection with Sonicwall. I would like to just install openvpn on the phone and PC but, she still needs access To other network resources. If you create a RoadWarrior setup and install the client on your wife's PC she can have access to anything at work and at home as necessary. One useful piece of information - the TZ210 is now EOL as of 2015-06-01. Might be another reason to switch to a better supported firewall (hint hint).

Except that https works fine with some mixed case domain names.  Such as https://www.Team-CYMRU.org/Services/Bogons/fullbogons-ipv4.txt for instance.

What a pain in teh ass.  You would think they would incorporate a defrag/compaction feature into the virtual machine definition like VMware does.

You need to segregate those clients on a separate LAN (or VLAN).  That means: A second WiFi Access Point, or a WAP that understands VLANs and lets you assign the different SSIDs to different VLANs A switch that understands VLANs, or a separate interface on the pfSense firewall box I'm doing a mix of the two methods, I have VLANs on my network switches, and one of those VLANs is for "guests".  The guest VLAN connects to a cheap consumer WAP which doesn't understand VLANs, but the network switch handles that issue. Now that the guest WAP is on a separate VLAN, I can assign limiters in the pfSense firewall rules to any traffic coming from the guest VLAN and going to/from the internet.

A little update since I stumbled upon something good recently: Using LibreOffice Draw and the VRT Network Equipment shape set is great. The shapes are open source, available as a LibreOffice extension, and they have a decent license which includes an exception from the attribution clause for their intended use (meaning you don't have to put their name/link on all your diagrams) My main nitpick is that connector placement/adjustment in LibreOffice Draw isn't as good as Visio, but things can still be tweaked into acceptable places.

I have had switch/router devices before that would stop responding to ping on an interface if the interface was physically down - from memory it was Cabletron/Enterasys gear. Once you knew the behaviour, it meant you knew when the cable had fallen out at a remote place.

Thank you for your answers, at the moment I can't reprogram the software and I need connection. I'll try to create a VPN server and a routing table to fix it. Thank you,

I don't really have an environment to test that. But the static IP machines are not going to be getting any settings from a DHCP server. Normally the DHCP server would send them some default domain information that lets them learn a domain to use. So you probably need to either: a) Explicitly set the domain somewhere in the static clients or b) Set up some static mapping in the DHCP server so that those clients can use DHCP, and will thus get the domain name along with their static-mapped IP. Or I don't really understand the whole combination of systems/settings and someone else will have a good idea :)