Try looking at the ruleset in /tmp/rules.debug when it's failed. Then do a filter reload so it's working and check again. Compare the files, what changes? (if anything) Steve

@bingo600 okay, THAT is a useful tidbit, thank you, and thank you guys for the replies, I look forward to testing this out again then later today after I fix my mess of a problem I somehow introduced myself last night! once again, thank you guys for making this possible, all of you developers and everyone with the pfsense team, THANK YOU. love this software.

@bmeeks I had to undo it. Just got a call that for about the last hour or so calls have been going straight to voicemail intermittently. Looks like it broke the VOIP at the location.

@jknott said in NTP and automatic switch to DST ?: @ninthwave It changed for me, on both pfsense and computer behind it. Don't forget, NTP provides UTC and it's up to the client to provide the offset from it. On Linux, data is downloaded to provide the DST dates and I expect the same happens on FreeBSD. Strange because all my devices get their NTP time from my pfSense. And, while my Windows for instance, adjusted to DST, pfSense itself did not.

Your switches IP would all be in your infrastructure vlan.. be that your lan or some other vlan doesn't matter. But no I wouldn't put the management IP of your switches in different vlans. Doesn't really matter where your switches are - but it you have 2,3 or 103.. If you have a 24 port switch next to pfsense makes it easy.. Just use as many uplinks that you want from the switch to provide the bandwidth you need want, and how many interfaces your pfsense box has. This allows you to put any device anywhere, be it a downstream switch your core switch or an AP on any vlan you want. And lets you leverage your physical interfaces in pfsense for bandwidth - and not doing some stupid bridge in pfsense.. When you have a switch right there that can do that for you..

https://docs.netgate.com/pfsense/en/latest/highavailability/index.html has info on setting up automatic failover. However, states only transfer if the network cards are the same in both (igb0, etc.). In a CARP configuration router1 has a LAN IP (.2), router2 has a different LAN IP (.3), and they share a CARP LAN IP (.1). So the web GUI on the backup router would be accessed on its LAN IP. The not-automated way would be to keep the backup PC off, and upon failure or the primary, disconnect it, turn on the backup and restore the configuration. If you are plugged in to a newly installed backup router and can't get to the web GUI (using HTTPS?) then something's off...either try restarting the web processes from the console menu or just restart it. LAN can access the router on the LAN IP by default.

@jpozzoli said in SG-1100 random crash/reboots: @bmeeks They want me to collect the logs during a power failure/reboot. The problem is this is a random occurrence. I don't have a problem plugging the "serial" cable into something and letting it collect, but I don't know what should do the collection. If I did putty, I don't think the connection would survive the power loss on the SG-1100. Any suggestions? (I've also asked support the same thing, but would like to get non-Netgate options as well). The log on putty will capture everything. The terminal session does not close out if/when the device restarts.

@rod-it I've tried with finding a way to get the phone connection to work with pfSense but have had limited results. EasyTether has a FreeBSD driver that dc's constantly and does not reconnect and I have no idea on how to enable the laptop's built in wifi adapter. One of the comparisons of router/firewall software was that FreeBSD derived distros have horrible wifi support. At the moment I'm thinking of just setting the laptop up with a linux distro that I know how to configure and just do everything manually without a nice web interface (main reason I wanted to use pfSense). I don't have any experience with working with OSs that use FreeBSD and that seems to be where I am hitting the most road blocks.

@provels Thank you for the tip. All except the last two lines were added by the installer, so I guess I'll leave those as is, the last two I moved to loader.conf.local. I rebooted and everything seems to boot fine :)

@csfshore SOLVED! SOLVED!SOLVED! It was the NIC on the NUC! (I don't have disposition of the original downstream SG-1100) but it worked as easily as suggested with replacement NUC. THANK YOU to all

@longliveipv4 , This because pfsense allows IPv6 6in4 packets connections. You could try to add two floating firewall rules to Block IPv6 Any to Any. A rule for incoming -interface Wan and a rule for outgoing - interfaces all others lan,opt1. .. Then go to Services to disable DHCPv6 Server & RA (Router Advertisements) and DHCPv6 Relay. After that disable Allow IPv6 in System>Advanced>Networking. Also Change all IPv6 in interfaces IPv6 configuration select to None.

huh? Why/How would unbound be using the webgui cert? Just because its listed there in a "possible" cert you could use if you enabled dot in unbound to use for people that query it - doesn't mean its actually used.. [image: 1615632571032-dot.png] You sure wouldn't want it using your default selfsigned webgui cert..

You should made a tutorial how to hardening pfsense here or on Youtube. One thing, just remember your pfsense can be compromised without you knowing it (no logs). Especially attack on cloud with ssh. For example, service syslogd stop adduser -D Username. johndoe. login group: wheel pkg install sudo vi /usr/local/etc/sudoers root ALL=(ALL) ALL johndoe ALL=(ALL) ALL Voila!

@akegec said in **WAN (PPPoE) reset after change of "Periodic reset schedule"???**: @lf1985 , usually periodic wan reset doesn't trigger a whole reset, it seems that your ISP puts you on different internet profile after fluctuating happens on your line. ISP already assigned you with a fix IP address. Btw have you tried factory reset your modem? What the Threadstarter want to know is why, when changing in the pppoe GUI ONLY the hour and minute for the "Periodic Reset", the whole WAN pppoe interface has to be resetted. my 2 cents, fireodo

@yeleek , strange things are happen when you are not active. Next time, make sure your DHCP and DNS resolver services run before going to sleep ;)

Huh?

@mkernalcon said in How to powerfail-proof an appliance?: I'm really surprised this isn't a more requested feature, especially for the sub-$200 appliances. These are great little kits to send home with unskilled people, except for this. Track back the past of pfSense. People wanted more, the market was there. See what m0n0wall - is was close to romable : like a "linksys" router with RAM and a "disk" (file system) as a ramdrive. But it ran on a PC like device, had a real trusted OS without the 32 Mbytes space limit. These days, huge packages (extensions) exist. But it comes with a price : its not that device anymore that you can treat as a light bulb (pull the plug). pfSense doesn't look like a full fledged PC, but is like one. Its even more : you double it. (HA) and you fed it with UPS's. It should be handled like a 'server' (with the 3M scotched on it : do not shut me down'). I understand that a SG1100 doesn't match this description, but that's Netgate's fault : they managed to scram a "big" thing in the size of a packet of cigarettes. Nice, but wrong. pfSense should be taken care of as a device that looks like this. Even the guy with the metal head would understand that.