Changed the vm.kmem_size_max="535544320" to 536870912 and the error went away during boot. Now the logs shows this…. Aug 2 22:32:47 kernel: ZFS storage pool version 28 Aug 2 22:32:47 kernel: ZFS filesystem version 5 Aug 2 22:32:47 kernel: to enable, add "vfs.zfs.prefetch_disable=0" to /boot/loader.conf. Aug 2 22:32:47 kernel: ZFS NOTICE: Prefetch is disabled by default if less than 4GB of RAM is present; Aug 2 22:32:47 kernel: Trying to mount root from ufs:/dev/da0s1a Before it was looking like this: Aug 2 21:38:51 kernel: ZFS storage pool version 28 Aug 2 21:38:51 kernel: ZFS filesystem version 5 Aug 2 21:38:51 kernel: in /boot/loader.conf. Aug 2 21:38:51 kernel: Consider tuning vm.kmem_size and vm.kmem_size_max Aug 2 21:38:51 kernel: ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior. Aug 2 21:38:51 kernel: to enable, add "vfs.zfs.prefetch_disable=0" to /boot/loader.conf. Aug 2 21:38:51 kernel: ZFS NOTICE: Prefetch is disabled by default if less than 4GB of RAM is present; Aug 2 21:38:51 kernel: Trying to mount root from ufs:/dev/da0s1a

No luck: received this message today [ There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [0]: ]

Still confused but on a higher level … It seems that it is difficult to choose newer hardware ... There should be a compatibility list that guide newer users which hw to choose from

After further study I think my inquiry is Moving more to NAT I'll move my inquiry over there.

If you have a VLAN capable managed switch you could just use the single onboard NIC with multiple VLAN interfaces, router-on-a-stick style.

Here's a pretty useful converter for bytes to bits. I know this seems silly, but we just need to have all of the information laid out and converted properly. Hope you understand! http://www.matisse.net/bitcalc/

I have decided to not use MAC filter, rather WiFi password access. I tried setting up WiFi password access by navigating to: pfSense > Interfaces > WiFi > Network-specific wireless configuration > WEP > untick Enable WEP > WPA > tick Enable WPA > PSK: password > WAP Mode: WPA2 > Save > Apply. My mobile device now won't find the pfSense WiFi? Any suggestion on how to set up pfSense password access to WiFi please?

Not a big fan of using pfsense as AP..  Just makes no sense to me – I would use a real AP, just so many more features and functionality that way. But I do believe a ifconfig should show your hostap settings.  When you do ifconfig do you see a hostap section?  What does it show?

You might try with BandwidthD  ;) https://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage

@MindfulCoyote: I'm confused ??? (per usual). Like this? Internet <–> [ 1Gbps NIC - Desktop Computer - AC1900 NIC ] <-Wi-Fi-> [DD-WRT on R7000] <–> Client Devices With pfSense then virtual on the Desktop Computer? Sorry, somehow I missed this! I have it set up like so: Internet (cable modem) <-WAN-> 1 Gbps NIC (onboard MOBO) - 1 Gbps Intel NIC <-LAN-> R7000 setup as AP (no DD-WRT for now) pfSense is running as the full blown OS on the computer I built, it's not virtual, all physical!

Do a forum search.  Others have the same Firefox issue.  It has to do with HTTPS.  There is a Firefox option that you can disable to perhaps fix it.

Hello vindenesen Yes you got right.  An MTU Size of 1500 on the WAN Iface solved the problem. As I configured the WAN Iface of my PFSense I read on several forums that the MTU size over the Bluewin VDSL line must be less than 1492 bit. So I put this value in. Now I checked the max. Transmission unit size with my old router (MTU Size is not visible in settings) with ping and I figured out that a package until 1472 data bits go thru without fragmentation. I read on Wikipedia that the Headers are together 28bit. So 1500 shut be possible. On my Linux clients the MTU Value is 1500 and this wasn't a problem befor. Dear vindenesen, thanks a lot to push me to the solution.

hardware issues with your storage device seems to be what is indicated. plug in a standard sata drive and reinstall, see if it resolves the problem. if it does, get a 2.5 inch drive and squize it in there ;)

Thanks Supermule. Been looking at Squid's Reverse Proxy, but I have no luck figuring out how to make Squid take care of the SSL part for my internal HTTP sites. I tried both Squid3 and Squid3-dev but still can't get it to work. Am I missing something or is there a guide somewhere to set this up?

For me it happen so infrequently that I can't be bothered spending the time to fix it.  Plus, I only use VirtualBox as a play lab.  For my real production work, I use vSphere 5.5 and I have never had this issue with VMware.

@imperialdrive: @imperialdrive: Just upgraded from 2.1.1 to 2.1.4… our office moved into a new building and the PFS install there was 2.1.4... after years of great performance, we quickly noticed RDP disconnect before a minute, every time, when going over a VPN connection handled by an internal MS RRAS server.  I went through everything I could think of before finally hooking our previous office PFS device and BOOM everything worked just fine.  So, now I'm thinking, ok let's upgrade to the latest version while I'm at it... now the constant RDP disconnects return. Downgrading now, but hey I feel your pain.  If there's anything I can do to help troubleshoot this for others, let me know. OK, I spoke too soon.  Still had issues.  Downgraded to 2.1.0… STILL ISSUES... went through the following settings with success - disable gateway monitors, clear invalid DF bits, disables firewall scrub, bypass firewall rules for traffic on same interface, unchecked the private networks options under wan, disabled all offloading under network interfaces under advanced After all that, and a full reboot... everything is working.  I'll keep an eye on it and slowly undo some of the changes to narrow it down. Upgraded to 2.1.1 and still running, also crossed the following off the list (offloading under network interfaces can be default, checksum offloading enabled, gateway monitoring can be enabled, disable PF scrubbing does not have to be checked, clear invalid DF bits does not have to be check) which just leaves the bypass firewall rules for traffic on same interface and the unchecked block private networks optoin under wan. I'll upgrade to 2.1.2 later this week and report back more findings.