@stephenw10 currently I only have a need for one public ip at the moment. I honestly don’t foresee needing other workstations on my network to have public IP addresses.

The config is different? Or are you actually restoring the config onto both machines? I would bet it's different. Steve

You probably need some include files there for the functions involved.

Because it was only introduced in 2.4.4p3. It will be fixed in the next release. Steve

It logs those by default so if you're not seeing blocked traffic it's probably not being blocked. Run a pcap on the LAN side then to make sure those packets are leaving going back toward the phone. Steve

I would just use loopback/localhost for binding unbounds outgoing interface... This way it uses whatever is the default gateway out of pfsense.. This way you don't have to worry about unbound not being able to bind to an interface that might be down

@Jpub, Windows update uses a list of well known domain names, easily found by searching for it, however, what you want and how pfSense works are not quite an exact fit. pfSense provides layer 3 firewalling capabilities, which means by IP and port only. A URL is a wholly different beast as the IP isn't immediately known, only the name, and based on your initial question, you know that some of the URLs contain wildcards, eg: *.update.microsoft.com, meaning Microsoft is free to put anything in place of the *. To further complicate matters, many of these URLs resolve to CNAMES which in turn resolve to Akamai's IP addresses, so trying to block / allow by IP will also affect other traffic that coincidentally is also hosted on the same Akamai infrastructure. There are a couple of ways you could address this issue: Use a proxy server; in this case the proxy server actually sees the URL so access control can be applied on the URL's name as opposed to its IP address. The firewall can be configured to allow the proxy server out, but not the workstations, thus forcing the traffic through the proxy server. Caveat: Not all software plays nice with a proxy server. Use a WSUS server; in this case a system is dedicated to downloading the windows updates and making them available to the local machines. In this case, the firewall can be configured to allow the WSUS server access out while maintaining a more strict access policy toward the Internet.

Sure, create 2 gateway groups. 1st one WAN1 TIER 1 and WAN2 TIER2 2nd one WAN2 TIER 1 AND WAN1 TIER2 Assign as default gateway in the advanced options of the firewall rule. vlan 1 gatewaygroup 1st vlan2 gatewaygroup 2nd

Could you please share the solution that solved your issue? I'm having the same problem right now with a server that was running ESXi before. EDIT: sorry, I missed the first line :) No ntopng on my pfsense so it must be something else...

I'm getting the data into Splunk but am having a rather difficult time getting fields set, Emerging Threats have been easy to create a regex for using the wizard but the Snort alerts have been throwing a monkeywrench into that by there being an additional, duplicate field in the "Snort Alerts" https://imgur.com/a/yV0kjbL

You may need to use that Ubiquiti system...pfSense is a firewall, not a payment system is my thinking; however, please wait for others, especially seasoned gurus, to respond.

ClamAV is part of the main Squid package not Squidguard. It wan be enabled/disabled on the Antivirus tab in the Squid Proxy Sever page. Anyway glad you were able to resolve it. Steve

I filed a feature request since I think there should be an easy option for everyone in the GUI to change the console's keyboard layout permanently. https://redmine.pfsense.org/issues/9942

Not easily. You might be better off generating the certs externally and autenticating users separately as well if you went that route. Steve

@stephenw10 Thanks, that's exactly what I want. Kind regards, Mathias

Yeah, that's still site-to-site from the farm to the cloud. Then Remote Access to the client fro your client and you can get access to the farm LAN subnet. Steve

Yes, the only thing left for me to do is get my wireless router connected up to it. Thanks everyone for all the help. I really learned something along the way.

Try running a packet capture when it's down to see if pfSense is sending dhcp requests. I expect it to keep trying until it sees a reply, if it isn't then you're probably hitting that issue. Try resaving the WAN interface without making any changes, that should restart the dhclient process. If it then pulls an IP without restarting the modem you will know for sure. Steve

Yes, you get browsing history and total data values from Lightsquid reports. It's covered in the Squid hangout: https://youtu.be/xm_wEezrWf4?t=3704 Steve

What does line 21 in /tmp/debug actually look like? That's not the more common memory error if you have the max table size set too low. That looks like a syntax error somehow. Steve