@gertjan Yep restarts solved the issue.

@gwaitsi as I had to do this again, and completely forgot how I did this last time, here are the instructions for 2021. Save the device cert & key generated in pfsense locally rename the device.crt to root.pem convert the private key to rsa private key openssl rsa -in device.key -out device_rsa.key create a file called ssl_key.pem a) copy the contents of device.crt into this file from -----BEGIN CERTIFICATE----- MIIE2jCCA8KgAwIBAgIBHjAN....... i1M5xmyTK0cyhwQ== -----END CERTIFICATE----- b) copy the contents of device_rsa.key into this file below the certificate from -----BEGIN RSA PRIVATE KEY----- MIIE..... ZBjv7j74PS4P7I= -----END RSA PRIVATE KEY----- From the netgear switch "Maintenance", "Update", "HTTP Firmware/File Update" select "X.509 Public Certificate PEM" and load the root.pem "X.509 Certificate Private Key PEM" and load the ssl_key.pem From the netgear switch "Security", "Access", "HTTPS", "Admin Mode" - Enable.

@teamits I'm pretty familiar with the network principles and static routes :) I was just puzzled about the way pfSense web interface present (or hide) them. Probably it's because I'm not used to user interface to manage my networks ;) I was expecting a UI which directly represent the host configuration whereas it looks like the spirit is more to manage the config behind the scene and only present the high level functionalities ^^. Anyway, thanks for your insights !

For information: the LDAP authentication for administrators, is configured in The pfSense firewall and is working

Seems like pfSense or the service watchdog was confused by the install. I kept getting mails , that service watchdog was starting the Zabbix agent , and it was not running if showing status --> services. System log seemed to indicate that it was installed ok. I went to the Services --> Zabbix Agent , and disabled the service Waited 10 sec , and enabled the service Problem gone , service is running Maybe disable the service , before packet uninstall And enable the service after installing the new version of the package /Bingo

Fatal data abort, captured on the log. I'll post the pertinent sections when I can. I'm going to put in a support ticket and request that they send me a replacement device. I'll send this one back to them.

Excellent, thanks for the confirmation. Yes I'm looking at decent hardware, I've had so many problems with high end consumer type devices in the past that always seem to fail on what I would consider fairly basic stuff. So looking at one of the Ubiquity UniFi 16 Port PoE (or higher ports) versions. I've not used the UniFi platform before but I've been doing a lot of research on it, it looks awesome. Particularly when I compare that to a bunch of older (+8 yrs) managed switches of varying brands that I've had donated - both in terms of features/functionality and user interface. The UniFi platform seems awesome with the automatic propagation of configuration changes, plus the CloudKey too. Seems more powerful than many enterprise platforms (albeit, I've only really seen/been in discussion about these at arms length) - and without the costs of things like Cisco.

@bossaops Ou yeah, thats for sure. My ONT is very closed. But it gives better speed than my pfsence Box. (Sadly) Does not like to share any thing. Thats a NAT address. Btw when i used to use openwrt there was not any problem.

@wizardofwhere I think you have the pfsense plugged into the wrong place. I would have modem, to pfsense wan, pfsense lan to switch, vpn is going to take some work because that also needs wan access. You probably need the linksys plugged into same switch and rules on the pfsense to forward traffic for the vpn.

It's unusual because it's not intended for that role (yet, at least) -- adding functions which are useful outside of the firewall is out of scope, even if the cert manager is convenient to use.

@nerlins said in Another subnet sanity check.: What IP address do I set for Pfsense itself It will need an IP on each subnet if the subnet is to communicate with/through the pfSense. (the printer's gateway is the pfSense IP in that subnet)

@summer said in SG-3100 notification after update 21.02: edits something like "compilation" It's PHP. It's an interpreted language. Not compiled. It's the "Basic" of the last decade. It looks easy, because it is.

@jimp Thank you, all good now. Solved.