How about posting the actual log entry you are seeing?

Ahh, yes. I forgot about PowerD and powerstates for some CPUs/motherboards. Nice catch and thanks for reminding.

Sure, you can configure the box from a pc connected to the LAN interface by logging into the WebGUI. If you installed your LAN interface at 192.168.10.1 then you just enter that address in a web browser on an attached PC and you should get the Web login page. Check out:https://doc.pfsense.org/index.php/Installing_pfSense#Post-Install_Tasks The docs pages are a good source of getting started info.

@Intelli: For some reason the "WAN IP RELEASE" option doesn't work with the FIOS network. Or maybe it does work but just appears not to because the ISP provided router re-establishes a new lease if the WAN cable is not immediately unplugged before it can do so.  I know the Actiontec MI-424WR behaves this way.  Probably some of the other ISP provided models do too.

Tambem estou com o mesmo ´problema…. Squid não é amplamente utilizado?!?!?! ÁÁ Váááá... kkkkkk

Check this out [image: Voucher.png] [image: Voucher.png_thumb]

I see now and then if login too quick with firefox.. but if you wait a few seconds it works fine.

I have the exact same issue…

I am going out on a strong limb and say that these are False Positives… I have checked over 50 different Blocklists and the IP reputation is fine... Except for what TrendMicro is reporting. However, their site seems to be URL based and not IP based... Will never know as the details about the service is slim to none... Food for thought: https://www.asus.com/ca-en/Networking/RT-AC5300/ https://www.reddit.com/r/privacy/comments/3vxg07/does_trend_micro_steal_web_browsing_history/ https://twitter.com/flexhub/status/587315109992800257 You might want to tweet to the Dev of Asuswrt-Merlin: https://twitter.com/RMerlinDev The github branch for Asuswrt-Merlin if you are interested: https://github.com/RMerl/asuswrt-merlin/search?p=1&q=AiProtection&utf8=%E2%9C%93 Trend Micro has yet to reply about the FP... I am not a customer of theirs, so best left in your court. https://twitter.com/BBcan177/status/770737622121611268 Didn't get the reason behind the RT-AC5300 link, read all the others. Well, to be honest that's what any web reputation system does, so one can choose either to use it or not. I saw your tweet and bump, seems to go unnoticed  :- As per pfSense I guess I'll be playing with it a little more before deciding, might as well use it between my physical LAN and my VMs to try it out. Thanks for the help

For making the healthcheck succeed you could try setting the "Http check version" and putting the hostname in there like below? HTTP/1.1\r\nHost:\ www.example.org Other than that you could try adding a advanced "port 80" option on the server definitions if you want the check to beformed on a different port than what is used for the usual traffic: http://cbonte.github.io/haproxy-dconv/1.7/snapshot/configuration.html#5.2-port

@johnpoz: "In the case of smtp how should I fill in those fields (Interface, Protocol, Source etc.)" Well the protocol is tcp.. email sure is not sent via udp ;)  Source would be the IP address of your smtp server.  Interface would be your wan but you pick the vip you want to use.. Dest could be just 25 which is the port email is sent on.. So is there any reason this server can not just use your vip for everything?  If so then it makes real easy just put in his IP and the vip.. So see my attached example.. Lets pretend that 192.168.100.2 is a public IP that you created on your wan as a vip, etc. That is what I am doing. I have about a dozen public VIPs all using the WAN interface. One VIP is for email with ports 25,465,993,995 open. Another server using yet another VIP is listening on UDP port range 25000:25000  for GPS coordinates to track municipality service vehicles like plow and salter. Some of our servers are actually in the could, that's how I started using PFSense, the cloud company uses it to manage access to the virtual servers. Anyway I am getting side tracked here. I will try the outbound NAT rule on our other smtp server, that one is not used that much. I don't want to fudge up the other one that is already working. Thanks for you input again.

@dtheimer: Setup Email Notifications using the Google Gmail SMTP service.  I am posting this information in an effort to help or save someone else time. E-Mail Server: smtp.gmail.com SMTP Port of E-Mail server: 465 Secure SMTP Connection: Checked From e-mail address: <email address="">@gmail.com account and have left the field blank - both options work Notification E-Mail address: <email address="">@gmail.com Notification E-Mail auth password: Need to use a Google Gmail App Password NOT your login password Notification E-Mail auth mechanism: PLAIN Log Entries: Aug 19 19:23:29 php-fpm 86995 /system_advanced_notifications.php: Could not send the message to <email address="">@gmail.com – Error: 534-5.7.9 Application-specific password required. Learn more at The above error was caused by using the standard login password.  Rather the password needs to be a Google "App Password" created specifically for pfSense Some additional Information: Google SMTP: https://support.google.com/a/answer/176600?hl=en Google App Password: https://support.google.com/accounts/answer/185833?hl=en</email></email></email> That did the trick!

@jimp Just an idea to make it far more obvious what has happened and why. A error in the GUI linking to a wiki page would least have saved me asking why this happened. @virgiliomi I am thinking of either the TP-Link TL-MR3020 or firing up my old OpenWRT RouterStation Pro.

Was having this same problem, multiple devices, and doing a force from the CLI resolved it. pkg install -F pfSense-pkg-freeradius2

There isn't a specific line in that case, it's a general error from pf. Usually happens if some other process is already attempting to access/load rules when the reload happens. There was a race condition in rc.newwanip not long ago that could do that frequently but that has been addressed. I don't doubt there are some others out there, but it's generally harmless since it reloads again after generating the notice.