Removing the coax caused pfsense to lose connection, but maintain the DCHP address it had. I was logged in to the gui and could still use it as long as I stayed away from the dashboard. The dashboard did load very slowly but did load after a few minutes. Logging out and then logging back in, where the default starting point is the gui, did not ever load and eventually returned this: [image: 1594594724498-screen-shot-2020-07-12-at-4.51.54-pm.png] I read this is due to widgets, ie the version checking for updates and needing DNS but not having it and eventually timing out. The 8987 bug shows resolved, but did say that the issue is not resolvable at the time. Once I reconnected the coax, everything became stable again and no reboots on the modem or pfsense were needed. That is not what happened to me yesterday, I had to reboot both the modem and pfsense. Is this something I need to live with, not being able to check the status of my WAN via pfSense when my isp goes down? Is there a command line equivalent of this gateway status shown in the dashboard? [image: 1594595191411-screen-shot-2020-07-12-at-5.05.53-pm.png] Thanks, Jerold

I'm still unable to backup my config. Same issue from first post.

@anamuco247 Hi, Basically, USG and pfSense are different philosophies. (somewhere each is network security device, but on a different basis) so there is no way to migrate settings from USG to pfSense one at a time. You can, of course, keep the network topology, but first you learn how to use pfSense (test environment) and then configure it the way you need it. The starting point will be: https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-book.pdf a little later: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/

@zxjinn Thank you, my setup started working after matching the group name from pfSense with the group name on Synology. That was the missing part for me!

@Bipin Perhaps you could set up a policy where anyone caught sharing would be suspended. You can run WiFi scanner apps on a phone or tablet to see what SSIDs are visible. With WiFi Analyzer, there's even a signal strength meter, so that you can determine where a signal is coming from.

Awesome, thank you.

@sugi said in Chrome problem reaching my on premiss site in the same physical network: why only the chrome? I don't know what Chrome is ... / don't use Chrome.

You can move config files between factory and CE, that's not the issue. XML (config) sync will not work between different pfSense versions. Both 2.4.2p1 and 2.4.3 are very old you should upgrade both to current, 2.4.5p1. State sync will not work between nodes with disimilar NICs. You cannot have igb NICs in one and em NICs in the other. None of that should stop it booting. Where does it stop? Most likely is the manually edited xml is invalid. Steve

@ti-sangiogoadv Hi, I hope this is what you thought (it works for us): https://www.firewallhardware.it/en/pfsense-and-openvpn-timed-access-for-openvpn-and-limitations-on-the-lan/ +++edit: @ti-sangiogoadv "Good afternoon ladies and gentlemen." it's very cool

If it only appears at boot then, yes, it probably can be ignored. It looks like it's also associated with setting the QMA to CoDel which is not usually necessary. Leaving it as Taildrop with FQ-CoDel as the Scheduler should get the same results. Steve

Thanks for the answer Gertjan I'll have a look at it Ciao

Ah, that would do it!

As long as that single IP they assign you is outside the /24 then you don't need to add any routes. They would be statically routing the /24 to that IP but pfSense would just route between it's interfaces, the single IP on WAN and the /24 on LAN, by default. Steve

@gullible-goose-gander said in Router web UI locked up and won't boot: Is this something I should be worried about recurring? You should probably change some rules. It's 2020 : we are still allowed to pull the plug on a (some) coffee machines. All other devices , you have to activate the shut down method. if the GUI, accessible with a web browser, doesn't work, you could use the other, even more important interface : SSH (it should be activated on at least LAN) and this port : COM: Support 1*RJ45 COM（Support CONSOLE Function） That port, the console port, permit you to shut down properly, do file system checks (see one of the latest Netgate videao on Youtube). Just ripping out he power could mess up the file system. What happens then can be easily tested : try with your PC : boot and cut the power several times .... it won't take long for your PC not to boot any more.

@NollipfSense said in Pfsense solve my latency ! why ?: @Raffi_ said in Pfsense solve my latency ! why ?: Interesting, does it block bad IPs with the default config? Being a firewall it blocks anything incoming by default, but I didn't think it filtered out bad sites without some kind of package like pfblocker. You intuitively got the answer that I implied ... with a package such as pfBlockerNG as well as by default it blocks all. :) Got it. pfSense and you guys in the community seem to teach me something new all the time. I wanted to make sure it wasn't new pfSense magic I wasn't aware of.

The docs are probably wrong on that. That section may have been copied over from one of the other similar pages like PPTP which used to have two RADIUS servers.

good to know, thanks

@pi said in Can a modem/router combo & Netgate SG-1100: @Raffi_ said in Can a modem/router combo & Netgate SG-1100: @stephenw10 said in Can a modem/router combo & Netgate SG-1100: I'm not sure how you could use the wifi parts of a modem/router when it's in bridge mode since it will not have a public IP itself. I guess I could imagine using it to access the modem for admin purposes. Even if it were possible in some roundabout way with VLANs it's impossible to recommend a setup like that unless you really had no other choice. If you want to filter all your traffic through the SG-1100 put the modem in bridge mode and forget about using the wifi on it. Steve I second this. I think you have to choose if you want it to be a modem or wifi access point. If your ISP is charging a modem rental fee, then replacing it makes sense. Put it in bridge mode, you'll most likely sacrifice the wifi capability, but you'll be avoiding that fee. If the ISP is giving you the modem for free, then use the Motorola as a wifi access point. Disable, all services like DHCP and only use the LAN ports on the Motorola. The LAN from the Motorola can go to Opt 1. This sounds like a good idea. I’ll try that out Make sure to check with the ISP on the modem fee though. Because even ISP's that state the modem is "free", it never really is, they just include it in the cost. What I mean by that is unless you explicitly ask if there is a discount on your bill for BYOD, they will get away with billing you for that "free" modem. In other words, they should give you credit for your own device even if they're not billing you for their modem. If they don't offer credit, or they really aren't billing you for it, then wifi it up.

Thanks for this thread. I'm using a cron job with ifconfig run0_wlan0 up , and ifconfig run0_wlan0 down Seems to work nicely, enabling and disabling guest wifi on regular schedule.