@heper: @Harvy66: Just picking one of the high end ASA boxes, ASA 5555-X, it has pretty bad specs. 4Gb/s under ideal conditions 1.5Gb/s of stateful multi-protocol traffic 700Mb/s of VPN 1.1m PPS 1mil sessions $10k for something that amounts to an Intel i3/i5 is willful highway robbery. You're probably paying for a mix of brandname and support. Having someone to point the blame-finger at is a form of job security, even if you pay 10x for it. depending on the type of vpn … no simple i3 of i5 will push 700mbit over openvpn easily. also depending on cpu 4GB/s of throughput isn't all that easy if all that has to be NATTED aswell. (NAT on pf is still singletheaded afaik) so while it shouldnt be all that difficult to build a system for half (or a quarter) the price of you cisco  ... i don't see it happening on a cheapo i3 I actually have an i3-2100 box that does incredibly well under those loads (with the exception of the OpenVPN metric, I will test that this week just to see).  The CPU barely blips.  My specs are in my sig.  $400 box. I know that I can put 4.8M states on the box and set the upper limit to 8M states just for kicks.  NAT was enabled. As Supermule noted, there is an underlying bug somewhere that we are aggressively trying to find.  I have my theories and am collecting more data to validate them. Also, pfSense is based on FreeBSD, which is not Linux.

no clue but …. pleaseuse your switches to create mirror ports. using a PC to be a switch is a bad idea every time. PC hardware has serious issues duplicating/switching a massive ammount of packets, ASICs in switches do it without breaking a sweat.

all open issues with word "limiter' in title: http://tinyurl.com/pcrgqb9 (had to use a url-shortener services, because the forum didn't like a zillion character url between it's brackets )

I am an Optimum customer (business and home), and you can do what you're trying to do.  However, there are some challenges. If the camera is behind a firewall, you can create a persistent VPN tunnel from one to the other (assuming both FW can create tunnels). Your cameras would probably be able to get onto Optimum, but you're screwed with the authentication unless you register the devices with Optimum.  This can be done via the web interface on your account or when the device joins the network.  I am not aware of any camera that supports web-based authentication like what Optimum requires, so that might be a deal breaker.  You'd need to be able to get the devices onto the network and manage that re-authentication somehow.  Optimum designed the WiFi public network to prevent people from hopping onto it and consuming a ton of bandwidth, so assume you'll probably get throttled and disconnected after a certain amount of time.  That's by design. I'd also suggest going to http://www.dslreports.com/forum/ool and asking the question there.  You'll get some answers to your question, and of course you'll attract some trolls.  But for the most part, you'll get the best Optimum-specific answers to your questions regarding their service.  OOL resources regularly read the forums, and sometimes there's a chance you'll get a PM from one.

Have you tried changing the firewall optimization options from normal to conservative?  It's located on the System–Advanced--Firewall/NAT tab.  This is recommended by another SIP PBX vendor for use with their system.

Other than DHCP leases, etc, you are looking for functionality typically found in a wireless controller.

https://doc.pfsense.org/

When I said port in "port based limit", I meant switch interface.  I specifically did not mean anything like TCP port 80, or 443 or UDP 5060. Using a switch upstream of the two edge devices and limiting your ingress and egress to the two interfaces is so simple, and it does everything you want. I'm a big believer in: A) Use the right tool for the job. B) Keep it Simple, Stupid. My test, was speedtest.net.  Simple, effective, TCP 80 HTTP test.  The ISP that provides 20Mb bandwidth to my office uses the same kind of limiter, on a Catalyst switch.  I pump all kinds of TCP, UDP and who knows what else through that pipe.

This is how I setup OVH with pfsense 2.2 OVH networking setup Add a failover IP in OVH console (y.y.y.y) Create a virtual mac in OVH console for failover IP VMWare setup 3. Edit the vm guest nic settings.  On the network adapter in vmware, change it to manual and give it the virtual mac assigned from step 2 PFsense setup 4. The failover ip from step 1 is the nic ip (y.y.y.y).  The gateway is the primary OVH server IP with 254 for last Octet (x.x.x.254).  Subnet mask is 32. Pfsense will complain in command line setup of networking.  Just set this up in GUI. 5. The following lines can be added from the shell (option 8 from command prompt in Pfsense) - the first time you setup pfsense.  They are needed to make the default gateway work because it is not on the same subnet. 6. route add -host x.x.x254 -iface vmx0 (or whatever interface you have) route add default x.x.x.254 7. To add them to pfsense so it works after reboot, Install the shellcmd package for pfsense.  Add them in the same order as above.  The type is shellcmd

Dont know if these links are genuine. http://healthstory.co.uk/torrentr/hua/huawei-hg658b-firmware Theres not alot you can do when you consider hindsight and whats practical, but some of the things you can do is your own encryption methods which are not unlike what was used during WW2 with code books, but that has limited use in that you need to trust the other party and in the case of the web, will your favourite websites/services entertain you with your own form of encryption? There are things you can do to obfuscate you own online actvities like write a bot to access web sites, a bit like a spider crawls websites and then provides some cover as to what you might be looking at, but I'm always reminded of the fact in maths its possible to workout the unknowns in any formula, and what the spooks call quantum cryptography is just their ability to brute force crack encrypted data from decades ago that used what was back then cutting edge levels of encryption but is old hat today as our processing capabilities grow. You could also try routing your traffic around the world to countrys that dont share data with your own, introduce some random time delays to make it harder to calculate if some traffic is yours when it reenters a country that does share data. In this instance being able to deploy instructions to a bot that can act in days, weeks, months or years in advance could be useful, it depends on how far you can plan ahead in that respect. But the phrase you can run but not hide also springs to mind. You might be able to stay one step ahead of the enforcement/hackers but ultimately you will always be looking over your shoulder and thats if you have the capability to spot when you are being spied on and being played or not.  ;D Perhaps these books might be of interest to you if looking for parallels with today. http://en.wikipedia.org/wiki/Brave_New_World http://en.wikipedia.org/wiki/Nineteen_Eighty-Four http://en.wikipedia.org/wiki/Fahrenheit_451s The last one is quite interesting to note when you consider its harder to change the printed word unlike a website. Its interesting to see the changes some onlines news organisations changing stories once released.  https://www.changedetection.com/ Its also interesting to note that for many people, things dont happen unless they see it on the news and only believe what is said on the news, not someone elses narrative. An uphill struggle to remove agenda's and bias from individuals admittedly but not impossible.  ;)

well they are actually different networks so you can actually firewall between them.  Your just using specific ips inside 1 network for different things.  Buys you pretty much nothing, other than maybe ability to group ips for firewall rules to the internet currently.  Which you could do with aliases anyway. To be honest I see no point to what your doing other than making what IPs your devices get more complicated ;)  and possible breaking of your own rules when you maybe picked out wrong number of ips you wanted for specific types of devices.

@Supermule: When you max out your internet connection, then the traffic from Apinger gets in the cue. Thats why it reports GW offline. You saturate your bandwith and thats why it fails. He's not concerned about how apinger thinks the interface is offline, he's concerned how apinger thinks the interface comes back online and reports the wrong information. apinger has a known bug that gives false readings.

Check out the dashboard. Memory usage is right there.  If the % is high, memory is low.

Not really without captive portal, plus completely futile if done on blacklist instead of whitelist basis.