@stephenw10 As shared on another thread: Here is a series of screenshots that might help you help me. https://www.dropbox.com/sh/zbcxeaujmmfo4xf/AADDmYE3XDL2uZdbG62Ihayfa?dl=0 This might help resolve also this situation when I LOOSE my connection over wifi after a while. :/

See: https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html Steve

For future reference - could of spotted this problem right away by looking on the sniff when reply traffic went out the wan. Validating the mac address on the outgoing traffic.

Unlikely, it's just forwarding in and out between two directly connected subnets. Some MTU mismatch could cause that sort of problem. Steve

Yeah, I would start out with some basic shaping here using PRIQ. Put RDP and VoIP as high priority and everything else low. Start out as simple as you can, it's easy to end up with something far too complex for traffic shaping. Steve

Yes I would still reinstall from there but if you are trouble-shooting that I'd run: pkg-static -d update That will show you whatever issue is preventing it see updates. Steve

@stephenw10 I had them bridged, but missed removing DHCP from the first interface. I redid the config with DHCP on the bridge and it works fine now. Thanks!

@stephenw10 said in Comm Error Packages Section: Do you have that installed only on the Primary perhaps? Why are you running 2.5.2-RC and not Release? Are you actually running different versions on each node? That will break sync for good reason. Steve

Yes, the ix ports are generally not compatible with SFP-RJ45 modules. We have seen some reports of modules working but if do it's by luck only! The SoC NICs cannot read the module data. Steve

Not easily. Not via the normal interfaces assign dialogue certainly. I would probably generate a basic config file and import it for this. Or just assign one of the 1G NICs as WAN initially so you can access it and create the LAGG in the GUI vefore deploying it. Steve

Yes, that's correct. LAN side clients should be using the pfSense LAN IP as their gateway. pfSense should only have one gateway itself though in a simple setup like that. If it has more that one (probably wrong) it might be choosing the wrong one. Setting the default gateway to WAN_DHCP does not hurt in any case. Steve

Yes, exactly. You could allow access only to an alias containing a list of known MS IPs. Then block access to everything else on port 80 and 443. Or just on all ports if you need to. You can probably use either a URL alias or via pfBlocker to create that alias and update it automatically. Something like this: https://forum.netgate.com/topic/137691/office365-ip-list Steve

Right, so in the 3rd table you are using pfSense as one side of the iperf test directly. That will always give a bad result.

Snort was blocking something and the block expired? Check the alerts. Something else caused it to reboot? Check the uptime. Review the system logs. Steve

@tboston I believe that distinction is relevant only where powers of 2 are used, such as memory size. I don't believe that applies to data rates, which have always been in powers of 10. It's been that way for as long as I've been in the telecom business, almost 50 years. I certainly have never heard of bandwidth expressed in numbers based on binary.

What is the modem? What speed does it normally link at? What type of interfaces are those? I assume you've tried swapping the cable? Can you test putting a switch between the WAN and the modem? Steve

Yeah it's this: https://www.freebsd.org/cgi/man.cgi?query=pf.conf#TRAFFIC%09NORMALIZATION Though there no more info there. I've never seen it cause a problem. Steve

If you're restoring it in ACB it just uses whatever the configured password is and will fail with that error if it doesn't match. Steve

John many thanks for that will check that out when free! Enjoy your day!

Technically you could do it by running pfSense as a virtual machine in Windows using hyper-V or VBox etc. But pfSense is a complete operating system, it cannot run as an application on your desktop. It expects to be running on it's own dedicated hardware but running virtualised can also work. Steve