got it as I found it in the docs. https://doc.pfsense.org/index.php/Automatically_Restore_During_Install The example with the USB drive gave the answer.

@marvosa: Glad to hear everything is working! As far as the "Allow DNS server list to be overridden by DHCP/PPP on WAN" option, I have it un-checked, although it's moot for me because I have a static IP.  You would only need this option if you're getting your WAN via DHCP and you want to be updated automatically if your ISP changes it's DNS servers. i.e. If you're static, un-check it.  If you're DHCP, check it. you make my Day, thank you so much, and everyone does helps !

The Emerging Threats Rules has a "Policy" category that has Flash alerts. I am using the Paid version, so I am not 100% sure if those rules are in the Free ET Version. If you use Chrome as a browser, Flash and PDF viewing of files is builtin. You can pretty much get away without installing FLASH and Adobe Reader for most installations by using Chrome.

The rules are for traffic arriving on an interface. You can delete rules on each LAN that have "source LAN3" because LAN3 source IPs will never arrive on either LAN. Also delete rules on each LAN3 that have "source LAN" because traffic from the LAN that is local to each pfSense will never arrive on LAN3. You need a rule on LAN3 that allows traffic with source "the LAN subnet of the opposite pfSense". It is probably easiest to make an Alias on pfSense1 for the pfSense2 LAN subnet - "RemoteLAN" - and then add a rule on pfSense1 LAN3 to pass source "OtherLAN". Then do the same pattern of thing on pfSense2 to allow traffic from pfSense1 LAN.

Just to verify, where is PFsense in this scenario?  Can the servers in the DMZ access the LAN?  We need to know the IP schema.  Also, post your server1.conf

You'll have to forgive me, but I do not see a question here.

I think I found a solution from this thread https://forum.pfsense.org/index.php?topic=51468.0 I did 2 changes: 1. Change WAN IPV6 Configuration, from DHCP to NONE 2. Advanced - Networking - IPV6, uncheck Allowed IPV6 Problem solved. I hope it will help other people. Thanks [image: status_rrd_graph_img_cpu_disableipv6.png] [image: status_rrd_graph_img_cpu_disableipv6.png_thumb]

I just wanted to inform you that a fresh ibstallation of pfSense did the trick, WITH Lan as a private network in Hyper-V and WAN as an external network  ;)

Does anyone have any theory as to the cause? I would restart apinger or reboot the firewall and it would go away, as some have mentioned, for a matter of hours and then be back. Mysteriously, the problem seems to have subsided. Anything further I can do in regards to troubleshooting or additional information gathering? Worth submitting a bug report?

If the error count is accumulative, there are none shown. Status up MAC address 1c:af:f7:0e:57:da IPv4 address xxx.xxx.xx.xx  Subnet mask IPv4 255.255.255.0 Gateway IPv4 WANGW xxx.xxx.xx.x IPv6 Link Local fe80::1eaf:f7ff:fe0e:57da%vr0  ISP DNS servers 127.0.0.1 xxx.xxx.xxx.xxx x.x.x.x Media 100baseTX <full-duplex>In/out packets 701359/732555 (328.44 MB/324.27 MB) In/out packets (pass) 701359/732555 (328.44 MB/324.27 MB) In/out packets (block) 716/2 (121 KB/152 bytes) In/out errors 0/0 Collisions 0</full-duplex>

A couple of days later and - without touching the pfSense box - this problem seems to have disappeared. Weird!

Yes, pfSense is capable of VLAN for most interfaces. If you create a VLAN20 in pfsense, then you could block access back to the corporate LAN and limit the speed to the internet.

I haven't been able to figure out what is going on here.  I went ahead and disabled port 8843 from the outside and logged all ping request, however the odd traffic continues. In terms of packages, here is what is installed: Lightsquid mailreport NRPE v2 pfBlocker - 4 lists set to download daily Sarg squid squidGuard I will keep looking at the States table, but nothing it jumping out at me.  Any other thoughts would be greatly appreciated. Thanks for the help so far.

Yep!  All is well now.  Thanks for your help cmb

Hello Steve, thank you for the clarification. As for the 2 WAN IPs, I am not looking for a failover setup. It will be straight inbound NAT and the same subnet should be not a problem in this situation. Maybe I will get a bit more fancy as with monowall and will install some extra packages.  ;) Johannes

Huge fan of running pfsense virtual - but why not just put say esxi on the hardware and then run pfsense as a vm, and then whatever other os you want to host your website, etc. As to running services out of the house - other than playing/learning there is little reason to host your own site.  You would be be much better off just hosting the site offsite.  The electric alone is going to cost you more than hosting it somewhere most likely.  You can get low end vps for like $15 a year that can host up websites for example.  I have 2 of these low cost vpses – they make great endpoints for vpn, they are perfect for testing from other locations and other networks for network issues, etc.  I have a honeypot running on one for example that I host up a website I can access to get info about the honeypot, etc. etc. But if for learning experience I really love doing pfsense off a vm!! [image: websiteofflowend.png] [image: websiteofflowend.png_thumb]

@djoyce: Very helpful. From the research I've done it looks like DansGuardian is ~$100 for commercial depolyment and free for home and non-profit. I think that's a one-time fee, right? So, if I've put this all together correctly, the only costs to get a firewall, multi-interface, content filtering, domain filtering box is the cost of the hardware plus DG if I need a paid version, plus any donation to pfSense, right? So, in most cases I'll be out about $250-450 depending on hardware. Am I on the right track? Now, for support. Can I purchase one block of hours as my business and use it for pfSense deployments at more than one customer or do I have to purchase for each customer? Thanks for your help. We're a registered charity, so as you say there was no cost for DG.  The base charge for pfSense support is $600/year.  That includes 5 hours of support, extra 5 hour buckets @ $500 per, and if the support relationship is between you and pfSense, I don't see an issue with using that bucket of time for multiple sites - but as the other poster suggested, you can always connect with them for further clarification. I think if you want the end-user/company to be able to contact pfSense directly, then a separate agreement may be required per company.  If you are always the one initiating the support case, I imagine there isn't an issue.  The automated backup is supported for multiple sites/firewalls, but be aware that each site can see the other's backup file(s) from within the GUI, so if the client has access to manage the firewall, you might want/need separate accounts. P