Sure, create 2 gateway groups. 1st one WAN1 TIER 1 and WAN2 TIER2 2nd one WAN2 TIER 1 AND WAN1 TIER2 Assign as default gateway in the advanced options of the firewall rule. vlan 1 gatewaygroup 1st vlan2 gatewaygroup 2nd

Could you please share the solution that solved your issue? I'm having the same problem right now with a server that was running ESXi before. EDIT: sorry, I missed the first line :) No ntopng on my pfsense so it must be something else...

I'm getting the data into Splunk but am having a rather difficult time getting fields set, Emerging Threats have been easy to create a regex for using the wizard but the Snort alerts have been throwing a monkeywrench into that by there being an additional, duplicate field in the "Snort Alerts" https://imgur.com/a/yV0kjbL

You may need to use that Ubiquiti system...pfSense is a firewall, not a payment system is my thinking; however, please wait for others, especially seasoned gurus, to respond.

ClamAV is part of the main Squid package not Squidguard. It wan be enabled/disabled on the Antivirus tab in the Squid Proxy Sever page. Anyway glad you were able to resolve it. Steve

I filed a feature request since I think there should be an easy option for everyone in the GUI to change the console's keyboard layout permanently. https://redmine.pfsense.org/issues/9942

Not easily. You might be better off generating the certs externally and autenticating users separately as well if you went that route. Steve

@stephenw10 Thanks, that's exactly what I want. Kind regards, Mathias

Yeah, that's still site-to-site from the farm to the cloud. Then Remote Access to the client fro your client and you can get access to the farm LAN subnet. Steve

Yes, the only thing left for me to do is get my wireless router connected up to it. Thanks everyone for all the help. I really learned something along the way.

Try running a packet capture when it's down to see if pfSense is sending dhcp requests. I expect it to keep trying until it sees a reply, if it isn't then you're probably hitting that issue. Try resaving the WAN interface without making any changes, that should restart the dhclient process. If it then pulls an IP without restarting the modem you will know for sure. Steve

Yes, you get browsing history and total data values from Lightsquid reports. It's covered in the Squid hangout: https://youtu.be/xm_wEezrWf4?t=3704 Steve

What does line 21 in /tmp/debug actually look like? That's not the more common memory error if you have the max table size set too low. That looks like a syntax error somehow. Steve

Nice! Thanks for documenting that. I'm sure it will help someone else at some point. Steve

Ok so that should be no problem. Setup the OpenVPN server in the VPS, route your traffic to it, add a firewall rule to allow that traffic. All the other default settings should work there. What are you seeing not work? Steve

A proxy for what? You can use the Squid http/s proxy package. That can authenticate against LDAP or Radius. Steve

After playing around for a little while I made an interesting discovery that I have not been able to find an explanation to... FreeRadius EAP Settings has a check box "Check Client Certificate CN" ("When enabled, the Common Name of the client certificate must match the username set in 'FreeRADIUS > Users'"). When using a certificate to authenticate, it seems to me that the certificate CN would NOT be checked against the Users database. Regardless of the users I have added, I always get error messages like below when I have that check box checked: Nov 30 17:33:15 radiusd 1388 tls: Certificate CN (K14) does not match specified value (host/K14)! Nov 30 17:33:15 radiusd 1388 tls: TLS_accept: Error in error Nov 30 17:33:15 radiusd 1388 (4) Login incorrect (Failed retrieving values required to evaluate condition): [host/K14/<via Auth-Type = eap>] (from client SW21 port 2 cli xx-xx-xx-xx-xx-xx) host/K14 - So far I have not been able to figure how to effectively enable the client cert. CN check. I wonder if this is also some stupid beginner's mistake, or is this something else? And where does this "host/" prefix come from? At least it seems to be independent of the 802.1X authentication mode in the client (User vs. computer authentication)... When the check box is not checked, authentication with the certificate succeeds without any problems. FWIW, Radius debug log reveals: (2) files: users: Matched entry host/K14 at line 2 (2) [files] = ok ...so it seems that it indeed performs the check against user database where I have an entry "host/K14".

On 2.4.4-p3 you can apply 71185882dc168e49347f0924f33a207aaf6e2db0 with the system patches package and then run pfSsh.php playback generateguicert and it will make you a new GUI cert with the new 825-day default.

I will say that since 2009 when I was first introduced to PFsense, the few issues I've had have all been due to failing hardware... either a bad NIC or a failing MB in a PC. This may or may not be your case, but just sharing what I've experienced. A factory reset obviously worked for you in this case, however, you're also running discontinued nettop/desktop hardware. You may want to consider moving to new hardware going forward.

@xodiacx said in RTO Ouf of no where: what if we have multiple gateways? You can only have one default gateway, though you can have other routes out, but they have to be specified.