Yes you can set the monitoring preferences for each gateway by editing it in System > Routing > Gateways. If you are using packet loss or latency rather than only member down on the group it will trigger the failover. The default settings for throwing an alarm of 20% packet loss and 500ms latency are usually good though unless you have an unusual WAN like a satellite link. Steve

This isn't anything specific to FreeBSD, but rather how VMWare maps the NICs into the guest OS. The same issue occurs with Linux. While it isn't always possible to add all the interfaces you think you might need in advance, if you get stuck with this issue, you will need to go match up the MAC addresses VMWare has assigned to the NICs to the MAC addresses seen by pfSense, and reconfigure the interfaces appropriately if they have changed.

Thanks, done. https://redmine.pfsense.org/issues/9703

Ok, I'm glad we found the problem.. I didn't got the Sonicwall message, and because the router is pretty new, I thought it was my own fault.. The vendor is now aware of the problem. They will fix it. Thanks for the help, sorry it wasn't really a pfsense issue.

It's possible to do that using the captive portal with radius accounting enabled. See: https://youtu.be/nJ3NzU_7xd0?t=2279 Steve

The only actual issue I see there are two re-tranmissions but that may be normal packet loss. Not really something that should kill the connection. You are seeing traffic in both directions there. Was that pcap on the WAN? How was it filtered? Do you see anything different on the internal interface? Steve

That was quick! Thanks so much for the reply. I was wondering if it was something like that. I just don't have the time to do a lot of tinkering these days. Much appreciated! Thanks, Supe

Not fixed as of 2.4.4-RELEASE-p3 (amd64) built on Wed May 15 18:53:44 EDT 2019 FreeBSD 11.2-RELEASE-p10. Only after appending the text dump of my ca cert to /usr/local/share/certs/ca-root-nss.crt was I able to send test messages. "Validate the SSL/TLS certificate presented by the server" had no effect. Package captures verified that pfsense was rejecting the certificate being returned by my email server.

@gwaitsi While I agree with everything you said, you really should be maintaining your own manual backups and not trust the cloud to never rain on you. Having a cloud save is nice, but nothing is better than having a local backup.

@Derelict said in Unable To Reach Second pfSense Firewall On LAN: That is completely normal since the secondary has no route back to the connecting client since the VPN is running on the primary. Workaround: https://docs.netgate.com/pfsense/en/latest/highavailability/troubleshooting-vpn-connectivity-to-a-high-availability-secondary-node.html Ah okay that's good to know, I was afraid I had misconfigured something. I can successfully connect to services on our network from exposed ports on the WAN IP of the second firewall. I guess the only thing left to do now is properly configure HA. Thanks all!

Hello everyone Thank you very much for all of your comments. I finally managed to get it back up running again: Whenever you change the mac that is going to be connected to cable modem, you normally need to reboot the cable modem between so it gives up its old pairing. That did half of the trick. Even though I rebooted the cable modem a few times, apparently I never rebooted it between interface changes. It looks like it is necessary to reboot the modem really after every single time the MAC address changes. After getting a DHCP IP eventually, I still could not reach the internet for some reason. What was missing was that I needed to select System -> Routing -> Gateways and select WAN_DHCP from the dropdown list for "Default gateway IPv4" (It was set to "Automatic"). For some reason, automatic did not select the only gateway in this list...

I appreciate everyone's help in troubleshooting the experience I was having. ATT provided a new modem and has resolved the connectivity issue.

Yeah, I would recommend always setting the gateway to something specific there. Steve

@mike3y said in Crash Log - How do I get it?: All internet stopped working. Check your logs if there are any indications.

OK, I think I see what happened. When curl tried IP4 silently, it failed to connect, so then it switches to IP6 and shows it. This same effect happens when you're blocked and you try to update Ubuntu. You get a screen full of blocked IP6 attempts.

I'm not aware of any such document. The xml file should be self-explanatory for the vast majority of things. Perhaps if you list what you're specifically not understanding, someone can help.

@str8edgedave said in Logging question: I don't care that there is IPv6 traffic on my LAN, it's just really noisy in my log systems. Then just block it with a custom rule without logging set. Steve