@Modesty Based on http://37.120.203.163 I am going to say it is a NordVPN server.

@guardian Click on the version number in the package screen. [image: 1605975063006-capture3.png]

You wouldn't be changing it on the "modem" you would be making sure that pfsense as it routes and nats that it doesn't drop the ttl.. This is common method of hiding a nat from some device that only wants directly attached device vs many.. This question has been around for ages and ages.. Here is a very very old thread where you edit the scrub value to set a min ttl https://forum.netgate.com/topic/4435/modify-ttl-value-for-security-reasons This will mangle your ttl to be a normal default value, 64, 128, 255 etc.. In your attempt that you have a router with more devices behind it..

@guardian Unbound restart: Status --> Services Find unbound , and press the "Circle arrow" [image: 1605947186296-067cb738-7c41-45df-8f8d-a52b5b6e621e-image.png]

@bingo600 said in Unifi controller on pfsense?: Right .. But in a multi floor building w. a Vlan for each floor. It's pretty cool to just be wandering around with your lappy , and a VoIP call wo. a drop. I don't like the price (WLC) , but love the feature. I first heard of such a system about 11 - 12 years ago. I don't recall the make, but they called it a "blanket". Each AP had to be connected directly back to the controller, without even a switch in between. Back in 2005 I was working at IBM (my 2nd time there) supporting a major U.S. telecom. One woman called in complaining that the Wifi didn't work in the parking garage, an area that specifically didn't have Wifi. She didn't want to accept that as an answer.

@johnpoz @stephenw10 @Gertjan @marvosa Thank you guys for your help. I am able to resolve the issue. Issue was on vmware side. I had to create new NIC for pfsense and new NIC for server. Everything is working fine now, Thanks again for your input. Kishan

@bingo600 i did not remove, I stoped service ntopng. On Monday I will try to enable ntopng again, weekend we watch a bit tv, and i will not run around and fix things.

@johnpoz Awesome! Thanks soooooooooo much!

If it's a supernet to include a number of subnets that's fine. As long as there is a reason for using it. You'd be surprised how many people believe there are only 3 private subnets available. Steve

Ah, never mind. Figured it out. Wasn't exactly my fault. One of the lists I had added had suddenly included a block for github which is the location for many of my other lists... so many that I thought all or almost all were suddenly failing. The whole SSL thing was a red herring. DNSBL was blocking DNSBL list updates. Once I figured out the offending list, I disabled it and redid the downloads and everything is happy again now.

In the shaping wizard there was an option for VoIP and has one enter the remote IPs. Otherwise there's not a great way for pfSense to know what is VoIP traffic. And since you don't know what IPs all of those use it becomes difficult to maintain. One option might be to prioritize all UDP traffic from your device using those services, but there is a caveat noted in the docs, that the shaper works on outgoing traffic and on the WAN (upload) that happens after NAT. So you can't use your private IPs in the rule that applies the outgoing shaping. What you can do is tag the packets from those IPs, and use that tag. https://docs.netgate.com/pfsense/en/latest/trafficshaper/advanced.html#shaper-rule-matching-tips rule with source of your PC IP: [image: 1605803792376-e59b8ab6-0347-4380-9573-63ff7acd758e-image.png] rule with source and dest of Any that only applies to the tag, and assigns the queue: [image: 1605803840620-08a4ee1e-f89e-4dc1-9782-b3858f424b2f-image.png]

Playback restartallwan from developers shell might do what ya want

I'll leave it at it is. Thanks for the insights!

Yeah, I'm seeing it in all 2.5 snaps now. No idea what I was looking at earlier. Too many test boxes!

@Gertjan said in Cert expired on snapshots.pfsense.org: Anyway. Case closed. Mmm, not really since it should have been swapped out when it was created. We continue to investigate... Anyway thanks for reporting. Steve

@david-williams It has 256MB of RAM so even in late 2020 I would encourage you to try out OpenBSD, FreeBSD or NetBSD on it. A minimal install of Debian Linux would work also. I'm of course suggesting you build a router/firewall completely from scratch. Note this would only work if you can replace the 64MB flash card with something larger. At least 1GB but that's only if you perform a very minimal install. I would suggest installing the system in virtualbox first then convert the vdi to an img in order to copy it onto the asa's flash card. https://www.router-switch.com/pdf/asa5510-bun-k9-datasheet.pdf

You mean in the 'Alternate Hostnames' field in Sys > Adv > Admin Access? It has to be a hostname. So: firewall.mydomain.com for example. Steve

@EddyT Hi - I am trying to create graphs with ntopng and pfsense like yours - do you mind to share your json