@arnoldg: i have some problem with one specific lan ip adres, but i don't know how to monitor all of it's trafic on all of it port's If the problem is in interaction with other systems on the same IP network then you can't really do anything on the firewall to help because the traffic goes direct, bypassing the firewall. If the traffic goes through the firewall you can monitor it by running tcpdump from the pfsense shell or through the web GUI at Diagnostics -> Packet Capture and specify the IP address of the system "of interest".

thank you jimp, I googled the wrong ifconfig manpage ;-) a question on creating the bridge from a newbie like me: I currently have a vlan interface, lets call it vlanForMonitoring. There's always only one client connected to it, this client shall be used for analyzing traffic from and to the wan interface. Can I do something like the following? #ifconfig bridge0 create // create the bridge #ifconfig vlanForMonitoring up monitor // set vlan interface to monitoring #ifconfig bridge0 addm wanInterface span vlanForMonitoring up // bridge wan to the monitored interface How about Firewall rules? Is the bridge enough to pass traffic from WAN to vlanForMonitoring or do I still have to create firewall rules? How would they have to look like? Thanks for any hint :-)

@costasppc: Crashes stopped when I removed the specific gateway from the gateway groups that contained it (Load balancer and https failover). I set the tier to Never. I had no crash since. Do I still need to bring the firewall down for memory diagnostic check? It'd be a good idea to run memtest86+ on that system, just in case …

I see Chris already responded to your ticket. We try to respond to tickets ASAP, typically that means within a few hours, up to 24 business hours (weekends don't usually count, but we do respond to some tickets over the weekend). Also depends on the nature and immediacy of the problem as well, obviously issues where a system is down entirely will see a response faster than one that is not urgent. If an issue becomes urgent you can always phone in and if we aren't on the normal support hours someone can still be reached.

If you want to capitalize on the LACP links now, try using Robocopy with MT option.  That turns on multi-threaded mode that allows multiple concurrent connections (provided you are transferring more than 1 file).

Why shouldn't it? Just define two scopes which do not overlap. Client then takes the "first" to respond.

Is there any other way to test the flash drives health?

I've seen it happen with a few of them, firewall logs, service status, and interface status. I don't think it has anything to do with the widget, but without being able to replicate it, it's hard to say.

Yea agree! One thing i would love like in the watchguard products is the custom use of Notifications. So if say an SMTP packet was detected on the LAN was trying to get out, PFsense would email me and let me know. But for each rule you can turn this off and on if you so choose. ONE THING I AM LOOKING FORWARD TO IS PFCENTRE!

I have an ADSL Provider in my area, and they provided me with a router, with 5 useable IP addresses. I swapped it out for a Zyxel router really nice. I used the first IP for that device… And then with my pfsense i used the secondary IP in the range and my gateway was the Zyxel Router (first IP). Then added the rest using Alias in pfsense. The reason for this, is so that i can still access the Zyxel interface if i need. And plus if i was ever outside the network i could ping the Zyxel to make sure the internet was up without compromising the network, and Pfsense.

The easiest way in my opinion is to enable SSH Shell login, and with Filezilla a free SSH/FTP client logon to the box with root and whatever your admin password is and browse to.. usr/local/www/themes Under here is where your find all the themes. When i got bored i downloaded a theme and started to play around with the CSS to change colours etc. My pfsense is now amazing! lol

That URL will show 404 in a browser because it has no index.html (or similar) and directory listings are denied. It is not meant to be viewed in a browser, the 404 has nothing to do with whether or not your system can check for updates. That always boils down to either broken routing/WAN configuration, or broken DNS. Start a new thread rather than hijacking an old one.

Yep.

Ditto on that.  Those SRW switches cause an unreasonable amount of trouble.  And half the time, upgrading firmware bricks it.

Thanks guys, I will give a try if something happen, we can move to fbsd anyway :-).

I would make sure each node has a static IP address and then assign limiters to this, with the built in feature Traffic shaper. There is cool Youtube video on how to do this. http://www.youtube.com/watch?v=Usi195rK35I

You dont have to open up port 80 at all! all there should be is port 443 secure SSL. make sure loop back for NAT is disabled. go into Advanced the firewall/NAt Disable NAT Reflection for 1:1 NAT Tick the box.