Good question, I do have pfmonitor but only 100 licenses out of 700ish pfsense firewalls. I would have to see if those are on pfmonitor. EDIT: Before I run off to pick up my kids, I did check and one of them is on pfmonitor and that one is a protectli. I ran an upgrade earlier on that one and it hadn't crashed since, but I ran what it said on the post you provided anyway.

@Bob-Dig I was checking if it was the right way before doing so. I did it now. Worked. Thank you!!

@Sasil-M said in Cisco switch is capable and compatible with tp link managed switch or vise versa.: @johnpoz ok thanks for the heads up. Also, stay away from TP-Link access points. I have one that has the same issue. As a result, I am not able to have a guest WiFi on it. When I called support about it, they claimed it was normal for multicast to leak between VLANs. It was only when I spoke to 2nd level support that they acknowledged the problem. Still, no fix.

@TopperTom said in Internal Test Setup Help: Logs show nothing but blocked WAN traffic. What does that mean exactly? can ping domains and IPs But you can not load a website? like pfsense.org? What exactly is pfsense running on? Your original setup seems fine.. As to logging lots of noise - can you post up some of this noise? You mention broadcast.. What you did after your original drawing is just nonsense... You know if there is lots of noise you can just turn off logging the noise..

If you're seeing connection refused externally rather than timing out it's hitting something. Check the state table when you're trying to connect, filter by the source IP you're connecting from. You should see states on WAN and LAN with the translation on WAN. Steve

This script did it for us via the shell: pkg update -f pkg upgrade -f pfSense-repo pkg info | grep pfSense-repo -Verify version 2.4.4_7 exit option #16 to restart php-fpm

Those micro-seconds all add up.

What you are trying to do is not how vswitches work. You might be able to map each nic to a separate switch and have a virtual nic on the firewall for each one, but that's kind of crazy.

NAT does not affect where the rules go. Rules for traffic originating from your LAN go on the LAN tab. Rules for traffic originating from the remote site over IPsec go on the IPsec tab.

@stephenw10 said in Heavy traffic on OpenVPN client kills primary connection: I could imagine maybe the main WAN gateway could get marked down due to latency and the VPN gateway gets set as default. If that is happening make sure the main WAN is set specifically as the default v4 gateway rather than 'automatic' in System > Routing > Gateways Thanks Steve. I think that was exactly the issue. After making that change a few weeks ago, WAN hasn't gone down!

Thanks works , i did reset "Reset log files under log settings and started to work Thanks again

Yes, you should be able to. I would read through it though. Better to be sure. Steve

It's probably this: https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-for-legitimate-connection-packets.html It could be this: https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-due-to-asymmetric-routing.html Steve

@marvosa Thanks for the follow-up. Not sure what changed, or if I'm just impatient... Before I posted that last comment I had enabled dhcp for VLAN 300 and everything worked. Then I disabled dhcp and reconnected the external dhcp server and it didn't work. So I posted the comment and went upstairs and ate lunch. Came back downstairs to continue troubleshooting and everything is working using the external dhcp server. Thanks again for your help.

@stephenw10 yep. Spot on I just hadn't replied yet. Reassigned the IP on the bge0 interface and it automatically enabled the interface again. Many thanks for the help from all on this thread. I did work it out myself but knowing others would have got it as well makes a difference. Thanks.