Outlook Web Access. About the rules i have only one rule (from any to any). If i use HAProxy what settings do i have to make?

@jimp said in ext. LDAPS auth flapping after CA import -> only working after restart: Because of the, let's say "suboptimal", way that PHP requires setting up the LDAP environment for certs I really laughed hard at "suboptimal" That's why we love PHP ;) If you really want to be sure it works, then you could always use a CA for LDAP that can be validated against the global root CA list, like one from Let's Encrypt. Ah nice idea! Even if not possible ATM as that would mean re-organizing the internal AD and dependencies but a good thought for an update later along the road. I'd love to fix it, but the new method still isn't working in PHP: https://redmine.pfsense.org/issues/9417 Will have an eye on that one :) Thanks for the hint about restarting, after restarting PHP-FPM, WebGUI and the OpenVPN servers that used the LDAPS connection all is working again!

UPD: the same issue as described at the beginning of my post is happening when connecting switch to pfSense and RouterA and RouterB to that switch thus hanging two routers on one pfSense port. Seems to be not an issue with virtual switch on pfSense as in this scenario using only one port. Once separated Port5 and Port6 on pfSense to different private subnets and attaching RouterA and RouterB independently to pfSense box (+NAT with public VIPs) issue is gone. It appeared when both routers are connected to the same bridge or external switch they can't work reliably together. But I would still appreciate if someone can point me to the right direction how to investigate that further and perhaps with some Layer-2 debugging.

Hi johnpoz, I will verify my connection and try to connect my two subnets to my primary pfsense. Thank you and regards for your answers.

@provels I havent managed to get it connected to the internet just yet, but a new network switch I picked up yesterday should be coming in tommorow. I'll hook it up and try it. Otherwise I did try manually downloading and installing the 2012 drivers; but as I made note of above it only displays the cards model, no luck getting it to work. Will try using online windows update though. I'll report back tomorrow. @Mats I got win server 2019 running normally now; headless. I control it with RDP over LAN.

XG-7100-1U ... envy that grows and don't forget Firewall / NAT / Outbound to set the correct ip to go out for every VLAN

Thanx a lot :)

I still don't have the HP yet but on the current Supermicro board and the two onboard intel NIC, it would drop ping every 20-30 seconds. I'm using the latest build and only the two onboard NIC. However, when it did work, my speed test yield much better performance than the Asus router that I'm using now. on my 200mbps connection I've only yield 160 ish down but when using PFSense I'm getting closer to the advertised speeds so it's definiteyl a good start.

i replaced my sg2220 with a mbt 4200. every pfsense update i boot up the sg2200 and update and then put it back just in case...

Mmm, that implies something was opening things using upnp that somehow broke opening new states perhaps. Hard to see how it could do that though. Was it open to requests from WAN maybe? Something local to the device triggering it would explain why the same setup appears fine on other hardware in other location. Steve

I advise you to make the captive portal work without this "firewall2". Add "firewall2" only when everything works perfectly.

I have found solution The issue was in /usr/local/etc/pkg/repos/FreeBSD.conf where I previously added FreeBSD: { enabled: yes } After disabling it starts working fine

It's not a package we make available. I don't know that anyone is working on it, either. With VPNs being easy and ubiquitous, there is little need for anything as crude as port knocking these days.

@JKnott changing the pfsense box to 192.168.2.1 fixed this. Thank you everyone!

This : [image: 1563168479953-29b49aa8-8aa8-4369-9401-8e7febf29ed2-image.png] means : a 5 Mbits limit is maintained for the entire /24 network, like these devices 192.168.1.1 to 192.168.1.254. If you select a /32 (as equivalent to /128 for IPv6 - but you are probably not using IPv6) then the limit is set per device.

It's better now than it was earlier today, but could be better still.

@SparkyRih said in Unable to find *.so libraries after power loss?: I would expect software like this to handle a power failre, not? This sofware is actually an OS, using a writable disk storage. Try ripping out the power of any OS (one from Microsoft, Apple, any Linux based one) and you have big chances it will complain when you reboot. If pfSense was ROMable with some RAM as a scratch pad, like your ISP router/modem device, than it would handle better power outages.