@meem said in diagnose stuttering performance: I can see that I get 30-40 dns HUPS per hour - looking at the settings, I hadn't changed the default lease time for my new VLANS so i've made that change now. It was at the default (2hours)... made it 8 hours now. Looking at my Splunk logs I can see that i've been getting 30-40 HUPS per hour every hour (including throughout the night) That could do it. Hopefully, changing that to 8 hours is enough. I've seen rogue DHCP clients ask for an address every hour regardless of the default setting in pfSense. If changing that is not enough, see if unchecking DHCP registration helps just as test. You then have to decide if your need to lookup hosts by names outweighs having stable DNS, or you can try to track down any remaining rogue DHCP clients on the network not following the 8 hour lease time.

Indeed, when the resolution value for the same period is deepened, the values obtained in the report are different. Below the last 30 days with 01 hour resolution on the same network. [image: 1601384960619-monitoring-traffic-1h.png]

Just trying to add as much potentially useful info here: Here's two traceroutes in both directions. Run on workstation: traceroute to VM traceroute to 192.168.100.184 (192.168.100.184), 30 hops max, 60 byte packets 1 192.168.10.1 (192.168.10.1) 1.207 ms 1.173 ms 1.158 ms 2 server.localdomain (192.168.10.101) 1.196 ms 1.199 ms 1.198 ms 3 192.168.100.184 (192.168.100.184) 1.459 ms 1.473 ms 1.461 ms Run on VM: traceroute to workstation traceroute to 192.168.10.100 (192.168.10.100), 30 hops max, 60 byte packets 1 192.168.100.1 (192.168.100.1) 0.154 ms 0.130 ms 0.117 ms 2 workstation.localdomain (192.168.10.100) 1.105 ms 1.097 ms 1.085 ms

No, not really. Nothing like that exists in pfSense. Steve

Do you have the full crash report? We need at least the full panic string from the message buffer and the backtrace from the ddb file. But it's unlikely we can do much in 2.3.5. Steve

@ProfessorManhattan said in Unable to Mount NVME Hard Drive: If I use this method, can I have a usable hard drive? First, check out what ZFS is. If your pfSense isn't using ZFS right : it is an install option, something you choose at the very beginning. You could compare adding a drive to pfSense as adding a drive to a PC using some Windows OS : It (the SATA port) has to be enabled in the BIOS) and the BIOS has to recognize it. When booting your OS Windows, there will be NO D: or E: that represents the drive. You have to use the DiskManger thing to partition it. And format it using FAT32 or more recent scheme. You have to assign a drive letter. Only then ... you ... can use that D:\ drive - Windows itself doesn't care about it, it lives on the C:\ and won't touch the new D:\ what so ever. FreeBSD drives are mounted using the /etc/fstab file. This file can be edited, and will get overwritten by pfSense whenever it sees fit (upgrades etc). Consider using the EarlyShellCmd and have your drive mounted wherever you want. It will be something like /root/mybidrive/ The directory /root/mybidrive/ will be situated on your new big drive, not the original pfSense drive. You could even do more dramatic things like placing the entire /var/ on another drive but you wind up modifying hardcoded settings and files. It not worth it ... Just re install pfSense on the newer, bigger drive. Don't forget : it's a firewall , not some Desktop PC etc.

As it turns out, I have a computer running malwarebytes on my network and it kept trying to report "usage and threat statistics" back to malwarebytes. turning this off seems to have resolved it. I will post back if this reoccurs. Thanks.

Yes, that could be if the limiters never caught that traffic. Glad you were able to resolve it. Steve

I have a single UAP-AC-LR that I have on the ceiling of a ground floor room. I can connect to that from anywhere across 3 floors in a brick building with good signal levels. Generally speaking higher is better for APs but not through floors! Steve

@johnpoz sorry bro i’m french canadian ! so that’s the only word who came in my mind for traduction ! have a nice one peace ya

@Derelict Exactly what the ISP service line did saturday with one of our Wan connections here Settin this box in bridge mode or as they call it dummy mode After they did it A) connection improved B) speed improved C) more noise (cuz lack of providers global block list) Feels goood

@viragomann said in pfsense running on unused subnet: Check Status > Interfaces and Firewall > Virtual IPs. These are two different things: Status > Interfaces and Firewall > Virtual IPs Though VPN servers are virtual IPs as well, which aren't displayed there.

@serbus said in Where can I apply an easyrule?: proceed at your own risk... That.

No worries. Good to put info where it's likely to be found.

Yes. Filebeat is not directly a syslog server as far as I can see. You have to configure it with the syslog input module: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html And possibly some other config there. As I say I've never used it. Steve

You could post up these rules you created on the lagg interfaces. You stated you can not ping the pfsense IP of another interface? Lets say lagg1 is 192.168.1.1, and lagg2 is 192.168.2.1 And your on a client on 192.168.1/24 say 192.168.1.100, and it can ping 192.168.1.1, and it uses pfsense (192.168.1.1) as its gateway? But can not ping 192.168.2.1? Lets see the rules you have on lagg1 interface.

Thanks for coming back to me, that makes complete sense. however we don't have the admin user logged in at all. I am thinking that this could be caused by CARP using the admin user to perform operations with the admin user. I believe this is most likely going to be expected behaviour. I'll look to filter out the logs.

That's what the device reported as its hostname. Normally the DHCP daemon wouldn't allow invalid text in there, but that's up to the ISC DHCP daemon, not us. We just list what's in the lease file.