I will need to connect one camera via PFSense I believe as I would like to use person detection software to integrate with Home Assistant for triggering when someones on the property.

@daddygo said in Hardware Recommendations: @shinta0saint said in Hardware Recommendations: I just have some concerns connecting an additional 2.5" SSD. I'll start at the beginning... In my reading, ZFS is mandatory(!) because you see its benefits 16-32 GB of storage is sufficient for most pfSense installations. (so you don't need an awful lot of capacity (storage)) The pfSense is a NGFW, + router and such does not require large storage stuff. All of our Supermicro-based installations have SataDOM for emergencies... (it has very good performance and 32GB is enough, it includes a mirror copy of the current pfSense installation) BTW: We only use ZFS RAID setup (2 or more disk(s), SSD(s)) in production environment, due to redundancy. +++edit: I note: the Lawrence tutorials are very good, use these instead of a lot of stupid other Youtube videos +++edit2: and these, of course: https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-documentation.pdf and for the sake of my @Raffi_ friend (he will understand :) https://docs.netgate.com/pfsense/en/latest/ Thanks so much for your time and knowledge, most appreciated, Take care :)

https://redmine.pfsense.org/issues/10409

Hey all, I used the stencil provided above and created a new one for the Netgate appliance xg-7100 with the optional interface card for 2 more SFP ports. If anyone is interested. [0_1609891911039_NetgateFirewall.vssx](Uploading 0%) NetgateFirewall.zip

Also DNS-SD (see http://dns-sd.org) doesn't work when connecting with OpenVPN and forwarding to the client correct DNS suffix name. I've setup my internal DNS server to publish many of my service on my LAN ... but them not get discovered on iOS.

If it's a static IP then it does not have to reach out for dhcp. If there have not been any connection to it inside the arp expire time it will not show. If you ping it from the firewall it will show again in the tabel. You can add that as a static dhcp lease even if it's not using dhcp so pfSense knows about it. If you have Unbound resolving static leases you can use it's hostname dircetly. Steve

Does it still have the original Celeron CPU in it? You won't see 900Mbps through that. somewhere in 500-600Mbps range is more likely. I assume you mean 150Mbps not 150MB? Bits per second not Bytes? Since that would be over 1G.... That hardware is 32bit. It has not been able to run a current version of pfSense for several years. Whatever version you have on there is obsolete, you should think about upgrading. Steve

It wouldn't make any difference in terms of the dhcp server. I would use routed IPSec there if the other router supports it if only because there are issues with GRE/IPSec in pfSense which it's better to avoid. And you definitely want to use encryption. Steve

My Amazon smile donations go towards FreeBSD

Do you mean the CARP VIPs remain master on the secondary node? And backup on the primary node? The primary may have demoted itself if an interface went down. Check the advskew value in the ifconfig output. Steve

Nice catch.

Mmm, that's fun!

@nds2k said in Torrent kills PFSense DELL R210II Box: I shall try that when once other family members are not using the network. If you know what device is using the torrent, and you have a ISP router in front of your pfSEnse, you could hook up that device only without taking your network down. @nds2k said in Torrent kills PFSense DELL R210II Box: Noted! You didn't know that most ISP's do not like at all the usage of P2P protocols as they are used for distributing very legal info like Windows updates and the like, and also less legal files like ripped DVD etc ? If the destination IP is from these "Windows updates" servers, then the content isn't blocked, of course.

@diegus83 said in Automatic Backups from previous owner: I decided "I should try that now while it is not an emergency instead of when I break something and the internet stops working" I approve of this decision.

Yes, unless you have outbound NAT configured on that interface. Check the state table for that states on that interface. Steve

Yes exporting syslog and netflow data is the way to go for that. Long term data is not intended to be held in pfSense directly.

@stephenw10 yeah. let's say i have an openvpn user that comes from ad. can i utilize the freeradius to add mfa to it?

Do you see it being routed in packet captures or the state table when you try to reach 1.1.1.1? Where does it fail?

Got it working finally. For this I reset everything to default and started again from scratch. And both options now works. If I do it via NAT it works. And if I change this to a static route in the destination network (so without NAT) it also works. I think I have the same configured as before. But apparently something was wrong before, because now it works. Thank you all for your input and suggestions.