I would like some more specific information before commenting (or not commenting). @psilikon: Our setup requires us to have 6 Asterisk boxes that we have exposed to the internet in public IP space and simply rely on the SuSE firewall to handle firewalling which works out well. How are these servers exposed to the Internet in public IP space? (e.g. each has its own public IP address, they are all in the same subnet? …) You are proposing to replace the SuSE firewall by pfSense? What else will be governed by the pfSense  box (e.g. internal web server and SMTP accessible from public internet?) What kind of firewalling are you proposing to perform (e.g. keep everything except the SIP traffic? block access between the Asterix servers? ...) @psilikon: I would also like to see if I can have the best of both worlds by also passing the traffic through the pfSense box so I can take advantage of the the huge feature set that is pfSense. What features of pfSense do think you would like to take advantage of and for what purpose? @psilikon: We use multiple carriers for the SIP traffic and I am concerned about how introducing a NAT nightmare. What sort of "NAT nightmare"? I have never met a "NAT nightmare" and am finding it difficult to imagine what that might be like  :) How do the multiple SIP carriers relate to the 6 Asterix servers? (e.g. 1 carrier to each server? all carriers to each server?) @psilikon: Can I use Virtual IP addressing and accomplish what I need? I don't know enough about what you need!

Create a rule on lan with source any, destinaniton any or nod32 update server port 2221

captive portal and it is build in feature

@waiyan.pickme: Is anyone know the 'FreeBSD Radius Server' or 'OpenBSD Radius Server' for use with pfSense … I love to know if that RADIUS server is easy to install and use like pfSense and M0n0wall .... PLEASE .. !! there are two packages available for pfsense: freeradius and freeradius2. You can install them from pfsense Package Manager. These packages are in general not too hard to configure but it depends on what you want to realize. Take a look at this thread: http://forum.pfsense.org/index.php/topic,43675.0.html Try this package and report back what is working and what is NOT working. This will help to develope this package.

Thank you. This helps a great deal. Sincerely, Brendhan

you might try changing the upstream NTP server(s) to one(s) specifically closer to you in the ntp.org pool. They have lists for people all over the world, finding one closer to you may improve its accuracy and ability to stay in sync.

Depends on what you're using. May be critical, may be irrelevant. Read the changes. http://blog.pfsense.org/?p=633

no there are no limits. But if you chose the ICMP monitor type and the servers don't respond to ping, it would show down. That's why I said it depends on the type of monitor you selected when adding servers to the pool. You might also make sure you're on 2.0.1, there were many fixes made to relayd (the Load Balancer daemon we use) after 2.0

no no, you got me wrong(, i admit i explained poorly) If you login with admin account menu should appear, but if you login with myaccount which has admiin rights you should not see the menu.

Thanks for letting me know. I was coming to this conclusion and saw the bug opened to version 2.1 for extracting user information. Keep up the great work!

Hmm, assigned the wrong NIC to opt1? Steve

I have no answers I'm afraid.  :( So you have VLANs but you're not using pfSense with them directly? I'm still not sure why you need a gateway on LAN. Steve

@jimp: Permanently? Not so easy. Temporarily, easy. echo "nameserver x.x.x.x" > /etc/resolv.conf route add default y.y.y.y Where x.x.x.x is your DNS and y.y.y.y is your gateway. Once you're in the GUI, fix up the settings properly and you're good. Perfect this is exactly what I needed.. nothing like trying to configure using GUI via super delayed remote console link ugh

@jimp: You're a GENIUS!!!!  I remember ticking that when I was setting it up.  Everything is back to normal and things are running much better with the simple unticking of that option.  You rock jimp!  Thanks for sticking it out and helping a n00b like me. ;)

On the OPT inferface (192.168.33.0/24) put a block rule to 192.168.88.0/24 network. This must go above the allow any rule. If you want to have fun. Create an alias for each network. Then create a rule in each one that allow not (192.168.88.0/24) to the internet. Then everything but that address will be allowed to pass.

That is exactly the card I have.  Too bad that didn't come up in my searches. :(  Perfect answer to my question.  Thanks!

the problem there is when you unplug the USB wireless you'd have to remove the interface assignment as well or it would drop to an interface reassignment prompt at bootup. If you move a wireless interface config to a non-wireless interface, it wouldn't retain the wireless settings.