Here is a rule I setup (but it's currently disabled as you can see from the screenshot) to keep 1 single device from accessing anything off it's own subnet, thru the firewall. In my example, the host at 10.0.1.116 is blocked to any destination. [image: 1572463430021-screen-shot-2019-10-30-at-2.17.13-pm.png] Like @johnpoz says, you have to have this rule above the default allow any to any rule. Jeff

Maybe if it's sending enough queries to be limited.

@johnpoz said in Please drag your screenshots into the message if you want help: emailing a bunch of bots or spammers When signing up - spammer or real person, a mail validation is used. I wasn't proposing a new mail .... just an extra line in the already existing mail with "see here for some help about how to ask questions ...."

@johnpoz Noted sir, Thank you. I will post another topic regarding failover, again that one is with VLAN problem :) Thank you for early christmas gift. new Knowledge ehehe

I can't say I can ever remember seeing a 'bug' that resulted in a loss of interface configuration like you describe. Maybe the filesystem was so trashed that the configuration was lost, but in that case you'd have to do a lot more than just reassign interfaces. So I suspect that maybe it's not quite exactly as you describe. But since you don't have a monitor hooked up when it fails, you can't really tell what happened for sure. When it does fail, you need to look back in the boot log and see what it's really complaining about. (Press scroll lock on the hardware console keyboard and then use the page up key to go back in the buffer, then scroll lock again to get out) It wouldn't surprise me if it's related to that hardware, given its track record/reputation, but it's entirely possible it's a red herring and you're chasing the wrong end of the problem.

You can get it done in a short maintenance window without bothering with the insecure old version. Get the new hardware up on 2.4.4-p3 without any extra configuration Restore your current config to this box -- it will be your new primary Swap in the new box in place of the old If it all works, then you take the old hardware, install 2.4.4-p3 on it and now that's your new secondary. If it didn't work, then you still have your current 2.4.4-p2 box and can swap it back in place and then investigate why it failed. If you want an extra dose of safety, then swap out the disk in the current system so you have the running copy of 2.4.2-p1 preserved. If you can't get enough of a maintenance window to do it properly, it's a management issue, not a technical one. Trying to force you to work with zero downtime is insane and shouldn't be encouraged.

https://github.com/opoplawski/ansible-pfsense now has a basic pfsense_user module. Feedback welcome.

Yes.

Found it, thx. I have a similar problem still. When I go to a website, the site itself might fetch scripts etc from other domains which would need to be whitelisted, too. Doing that manually is a hassle in particular when the external resources are fetched through muh.cloudfront.net while the other day it is meh.cloudfront.net. Can squid whitelist a whole website?

Even if your hardware is 32bit, just means its time you refresh the hardware.. Clearly any 32bit hardware in this day and age is well past its use by date ;)

Try enabling powerd in System > Advanced > Misc to get CPU speed scaling etc. Steve

Docker running on pfSense rather than pfSense in Docker? Yeah, definitely not going to work. Also a bad idea to run anything like that on your firewall. Steve

But the admin user should be given the same password as that new user. That is done as Azure won't allow using the admin user directly. Steve

@JKnott yes, i misread Rico's instruction and put in an invalid ip. i'm a newby to network stuff. tnx for the ed.

@Derelict I ordered one. Guess we'll see what that does.

@JKnott i finally got it working. now i just need to figure out the port forwarding

@johnpoz said in Having trouble understanding the best way to connect pfSense to my environment: are you not knowing how to create a lagg interface? But your switching environment needs to support the ability to do that.. Creating a lagg over non stacked switches can be problematic at best, etc. I have Dell N2024 switches that are stacked. are you proposing to create LAG interface of type LACP and connect one port to switch 1 and the the other to switch 2? and do it from both master and backup? @johnpoz said in Having trouble understanding the best way to connect pfSense to my environment: They RDP over the public internet? - Again Ouch! each company has fiber connection to the internet and vpn ipsec to the cloud.

@JKnott It seems to be reporting status correctly. And I do only let it run for a minute or two before I plug it back in (afraid to let the pfSense appliance turn off without being shut down).

@bmeeks Checked that reddit post and everything looks to be as it should IPv4 is my default gateway and the address is correct. No LAN gateway configured.