For the vast majority of traffic you would see no difference. But as a general rule you should add only the rules that are required and since you know what subnet that traffic is coming from you can use that as the source IP there. There should never be traffic arriving there from a different subnet but if it did it should not be passed. Steve

@sparkyjf Can you share the JumpCloud config on pfsense would be really helpful. Thanks,

Yes, I'd go ahead and do that. That interface type is probably the least well used. Or maybe pptp! It's likely a display bug only. You can see the actual interface does not have an IPv6 address. Steve

Hi, You got your answer here :) @romor said in pfSense 2.5.0 release date?: Hi, i did upgrade one of test pfSense to 2.5.0 and then i tried pkg audit to check vulnerabilities. All was ok without vulnerabilities. That mean, release of 2.5.0 is important for us :-) pkg update/upgrade on version 2.4.5.p1 i tested, but there is only a few updates, not all security updates. After install upgrades is count of vulnerabilities same (16 in 10 packages). https://forum.netgate.com/topic/160456/pfsense-2-5-0-release-date?_=1613340248630

@jknott Ah - right - ive got a couple of EnGenius access points one wifi5 and the other one wifi6

Aha, well the simplest answer is usually the right one.

Yup. Case matters!

You can try starting it with debug mode by stopping the service then starting it at the command line with: /usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -d -P /var/run/miniupnpd.pid That should give you some more useful error output. But that error that is shown implies something is trying to open a port to/from an IP that either already has that assigned or no longer exists on the firewall. Steve

The best thing you can do it hook up a serial console and log it's output to something locally. If it is a drive or drive controller failure it may not be able to record that event but it will spew a load of errors to the console. The next best thing is set up log exporting via syslog: https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html Steve

Probably need a diagram to diagnose that. There are potentially some significant differences between a VM and real device espacially when what you're trying to access is the VM host. It's probably something in the hypervisor setup. Steve

Yes, you can do that. Just set the IPSec tunnel to use the 2nd WAN interface. The other end of the tunnel would obviously have to be set to the new WAN IP also. Steve

Yes it would show a gateway IP if it has connected. Check the systemlog or PPP log. It will shows the PPP connection attempts there. You would not normally check the 'dial on demand' box there though if you have permenant connection on it, which "broadband" almost always would be. What exactly is that other connection? Steve

@shjfliejfasel said in Is there any way to use the guest mode on my soho router?: I'm guessing this keeps devices on the guest network from accessing personal devices on the regular network. You need to know what it actually does before we can answer that. Since it is removed in AP mode, which probably turns it into a pure layer 2 device, it probably does something at layer 3. Like passing traffic only for external IPs. In which case you can replicate that with rules in pfSense instead. Steve

@jknott they did say they are monitoring and I did get a text saying they are working on it. I'm not sure if that means they found something or not. Can I get more information on this script? Seems like a great idea. Does it run right on pfsense?

@shjfliejfasel Have your added rules to allow it?

@johnpoz Well, pfsense allows you to put multiple prefixes, including ULA on an interface and router advertisements allow for multiple routers. I would expect those to be within the same prefix, but I don't know that's required.

@cre8toruk : if you a have a Windows PC somewhere on your pfSense LAN network, check out :https://github.com/KoenZomers/pfSenseBackup Just set up a daily task that downloads the complete config.xml. You could retain the last 30 or 60 files (= 2 months) When you need to use your spare pfSense box, fire it up, import the latests backup, and your ok. No USB drive needed. Normally, no more need to think about it. Just, ones in a while, check if the daily backup is made. I'm using this backup tool for years now, and have always the latest 60 days / config.xml locally available.

@stephenw10 Thank you for the help, I guess this is due to some older version of snort package which is causing problem.