@stephenw10 i have not been brave enough to test it. I just assumed that having both squid and HA proxy was a bad idea. Will give it a try today and see how it goes.

@riahc3 First off, what your phone can do is irrelevant. It's what the actual equipment you use is capable of that matters. However, you're not going to get anywhere near 1 Gb with LTE, no matter what you use.

Spam thread. Lifted from here: https://www.reddit.com/r/PFSENSE/comments/dfbts6/unbound_dns_secondary_dns_zone_for_ad/

Yes, it would be very similar but possibly easier since in the default configuration the SG-3100 does not require vlans, laggs and switch config. Of you just have the default 3 interfaces you should just be able to import the config and re-assign the interfaces. Steve

You can do it within pfSense: https://docs.netgate.com/pfsense/en/latest/monitoring/performing-a-packet-capture.html Steve

You mean using the Freeradius package in pfSense? If you want this purely as a radius server you should use something intended for that, not pfSense. Steve

Unless you have changed the rules since taking that screen shot you should still be able to see what rule 197 is. It must be a custom rule of some sort as that would not otherwise be logged. Steve

A lot has changed since 2014. If you're seeing the bogonsv6 table limit make sure the Firewall Maximum Table Entries is set to 400000 in System > Advanced > Firewall & NAT. That is the default value in current pfSense. Steve

https://www.netgate.com/docs/pfsense/routing/bypassing-policy-routing.html

I'm going to be rewiring my home network this weekend (many of the cables are hand-crimped cat5). Although they still seem to be getting the job done and everything is negotiating at 1000, I figure as long as I'm pouring money into network upgrades, I should upgrade the cables too to pave the way for gigabit-plus speeds. Since bulk cat5 is expensive, I often bought the cheapest box, and sometimes cannibalized other cables and other weirdnesses... I figure it's high time to purge that. When I take things down to do the rewire, I should have a chance to shut down the router and take screenshots of the BIOS. I'll be sure to get version number as well as the various settings. I suppose one nice thing about having a serial console is I can literally just copy/paste the text from the BIOS screen

@Wepee said in pfSense auto reboot continuously itself after power was restored: @bmeeks Thanks for sharing. I have a couple of UPS lying around since the batteries have failed to hold power. I am thinking of replacing it with my own batteries if I can get those DEEP CYCLE type rechargeable battaries, which should last longer. Does the APC package(plugin) downloadable from the package manager, works with other 3rd UPS? Has anyone try it? Yes, the apcupsd package will work with 3rd party UPS equipment. It will work best with newer devices which have a USB signalling interface. There is also another package for pfSense called nut that works the same as apcupsd. If your particular UPS model does not work correctly with one package, you can try installing the other one. Batteries in a UPS will naturally age out every few years. I seem to get about two or three years of life out of one. Depending on the size of the UPS (output power capability), it is sometimes about the same cost to just replace the entire UPS instead of changing just the battery. This is more true with the small 350 KVA or so units. I just look at the battery replacement as an expected expense and plan for it for all of my machines. I have a UPS on every PC, my two servers and the firewall in my home.

@akuma1x I didn't wrote that I have them in switch mode I wrote that there is possibility to do that. The way you showed I know I can do it like that but it's not as simple as you think, like I wrote those are just main connections so simplifying it to just remove MikroTik and connect to pfSense is delicate saying "lame". You not resolving network problem with workaround, changing network structure that was growing past 10years is not as easy as you think. Going back to topic and for future people with similar question answer is very simple, creating static route on pfSense resolve problem - 15sec of work and not whole week setting up entire new network.

So again.. as I stated before and Derelict is saying - pfsense can not handle scopes for other vlans that are handed to it via a relay. It has to have an interface in the L2 where it will see the dhcp discovers. And you sure can not hand out the wrong mask for what the interface is set to that dhcpd is listening on. Changing the mask on the clients so they can talk to other clients in some larger L2 is NOT the CORRECT solution anyway!!!! It would just be some borked up nonsense. Devices that reside on the same L2 all need to be in the same L3 network via proper sized mask for the L3 you want to run on that L2. If you want to have a dhcpd that can handle multiple scopes for different vlans - then your MS can do that now. Or as suggested fire up stand alone isc dhcpd.. But you would need relays to send the data to the dhcpd. Pfsense can be a relay from the different vlans that its connected to. But mixing masks on a large L2 is not a valid configuration.

Yeah, you are probably going to have to navigate any captive portals manually. That will probably involve disabling any policy routing over the VPN, using a web browser behind the firewall on HTTP, negotiating through whatever captive portal dance they have choreographed, then re-enabling policy routing over the VPN.

@NogBadTheBad said in Optical Fiber, Splitter & Pfsense: Wide Operating Wavelength: From 1260nm to 1650nm That range includes several wavelengths, including the entire CWDM range.

SOLVED. I have accessed through PuTTY and have reset the web configurator password. Thank you so much.

I will give it a shot. Thank you again for your time and insight.

Sounds like a good plan, and as suggested I have adjusted it to convervatitive as this firewall has lots of resources with dual E5-2640 v3's, and 64G RAM, using up a little more of it should be just fine.. Thanks...

I use VLANs to segregate my WiFi traffic and VPN; I have a VLAN for my private WiFi, a VLAN for my guest WiFi, a VLAN for my VPN, and my wired LAN is untagged. All of it plugs into a cheapo unmanaged D-Link gigabit switch, which passes it just fine. All of this goes out over my LAN port (assigned as such). The APs are VLAN-aware (and tag and filter the appropriate packets) and of course pfSense is VLAN-aware on the other end. Sure I might be able to do some magic configuration on one of my wired ethernet systems to be able to touch VLAN-tagged traffic, but given that there are only ethernet ports in the office and bedrooms, if a bad actor has access to my wired LAN, I have bigger problems than them picking up stuff off the VLANs. In the meantime, any communication between those three segments (Guest WiFi, Private WiFi, LAN) is at the pleasure of my firewall rules -- which is to say guest WiFi can't see while the others are, by and large, unfettered (though there are some restrictions on VPN).