Have not had time to script tests yet. One of the 2 brand new boxes with same hardware and "WOL" disabled froze a couple of days ago as well. The previous box's console was still interactive when issue happened. This one was a full freeze. Not reacting to any inputs.

Thank you!

@jimp Any update now ? I would like to us this feature as Official

Followed the full reset instructions on the linked page, reinstalled squid - back in business. Thanks for the help @stephenw10!

@johnpoz said in Planning to use PFsense with Cisco L3 core router and Unifi for L2... does this look ok? suggestions?: @Jpub said in Planning to use PFsense with Cisco L3 core router and Unifi for L2... does this look ok? suggestions?: Keep it simple." Which is why you have to make the choice - if you want to easy firewall, then use pfsense to route between your vlans - be it you fire up another another one in the core, or just route at the edge.. Or are you going to take the time to actually do it correctly at your L3... If your not - then you might as well just do a big fat flat network and not have to worry about the routing at all. In pfsense land, one thing I've read as a reason for segmenting, at the least in terms of provisioning IP's along CIDR/subnet lines, is if you're using IDS then you can filter and target logs better. Another is "network ACL's" ... but yeah.... it sounds great, but maintaining this doesn't seem like something a small shop would be doing very well beyond that first day or two they set it up. The IDS logs I think I would actually use a lot, or at least want to narrow things down quickly on alert.

Hey steve, So there is a plugin in OSSIM which I enabled thinking that might help me read pfSense logs directly but I realized that is not going to work. Besides that I found about https://github.com/decay/alienvault-pfsense. This seems promising but it says AlienVault USM not OSSIM. Not sure if I should try this or not so I wonder if I could get some help.

@KOM okay then thanks i will try my best

@teddygramps And on those dell cards, be careful many are small form factor. These cards won't fit in a regular size atx motherboard setup. There are people who do sell the proper bracket out of china.

I would not even begin to know how to look at the firmware version let alone updated it on this board. The NIC is on the motherboard. Yeah. It could be that the NIC chipset may have been zapped. or maybe my initial install from the USB was corrupted. The one thing that was different was that I flashed a new USB installer. I might one day try the old board but I have spent like 20 hours and just happy to be done with it for now. I will put the "other router" i bought on the shelf and play with it later as well. As long as this box stays stable it will me my new router. Thanks for everyone who spent their time with me. Sorry that the problem was a wild goose chase.

The easiest way around this is to create an alias called ProxyExempt for example, and then add all clients that you want to that alias. Then add a firewall rule just above your tcp80,443 block that allows ProxyExempt out on those same ports. That's how I do it: [image: 1571324859001-untitled.png]

Hello Steve Systems Activity page.......[image: 1571293261896-screenshot-from-2019-10-17-11-34-07.png] Packages are......[image: 1571293306219-screenshot-from-2019-10-17-11-33-41.png] System information....[image: 1571293375875-screenshot-from-2019-10-17-11-34-26.png] And bandwidth is 20MBPS unlimited.

In 3.5 years here at Netgate plus a long time before that I have never seen a situation that required Static ARP to fix.

What pSense version? What browser? What OS? What error are you seeing? More info needed. Steve

Do you just have a port open on your WAN to allow access the webgui? A port forward? Are you accessing it by IP directly or by FQDN? Is the Cyberoam device known to you? How is it connected if so? Steve

Ah, then that's almost certainly the cause! In environments where it's not possible to guaranty the power you can set /var and /tmp as ram drives. That minimises drive writes and hence the chances of filesystem issues. That's a setting in Sys > Adv > Misc. It does require rebooting to set that. Steve

Unless you have fiddled with gateways groups and failover, it will not fail over if WAN2 goes down.

@Derelict said in What is best practice for my scenario: @JeGr Thanks for the laugh! And yes, as @Derelict and @stephenw10 already stated, try getting them to route your subnet via a transit network. Sometimes one has to be very stubborn and persistent about it, but it pays off with any kind of box behind it to be far easier configuration-wise.