First, you should be on 1.2.3, not 1.2.2. (Or even 2.0 at this point) Package installs do not require a reboot. For bandwidthd, all you need to do is go to Services > BandwidthD and set whatever settings you want, save, and then wait a bit for it to make the graphs. You can make a backup before you install if you want, no need to backup the whole HD. Just go to Diagnostics > Backup/Restore and download a backup. If something goes wrong, you can reinstall (From CD, embedded image, etc) and then just restore your config file and it will go back to the way it was.

On 2.0 you can edit the gateways and weight them appropriately based on how fast they are. For instance, my cable is about three times faster than my DSL, so I have my Cable set to a weight of 3, and DSL to 1. If you are on 1.2.3 there is a trick you can do the same way, just add your faster connection to the LB pool multiple times and that will use it that much more often. So in my example above, I'd add my Cable to the LB pool three times. In both cases, out of every four connections I make, three go over Cable, one over DSL.

I fixed it all with a simple change… Made the AP vlan the native vlan(example, vlan200) instead of vlan1.. everything works like a charm now. Thank you very much for your help :)

So I just rebooted the pfsense machine and now it's fast!

You probably need to set a firewall rule, above your load balancing rule, that sends traffic with destination 'your mail server' through one wan only. You could try using sticky connections if your running 2.0. See this thread for a similar problem. Steve

Is there a way to undo this without restarting pfsense?

Yes to those questions but… From the questions you are asking it seems as though you are trying to reconfigure a pfSense box you didn't setup yourself? Please explain your situation a little more so we can provide a more helpful level of answer!  :) Steve

Ok, thanks for that. I'll play around with it.

should be possible with a radius server i guess

I think you'd be better off using PFSense as your primary firewall if you want it to handle network traffic. Use the ASA like it's a server and just have the inside interface listening on port 443 for anyconnect clients and forward that port from PFSense Wan to the ASA. Then you can either use firewall rules to allow / block IP ranges. Better yet if you have vlan support get a license for more vlans and the ASA should be able to put the clients directly on the correct subnet.

You have to use manual. It will fill in automatically with an equivalent set of rules to the automatic ones.

The root user needs ssh access in order for scp to work. Direct access to root or admin or any account is equally dangerous on the firewall. You should protect access to ssh entirely, not just a specific user. If you switch to key-only auth, and limit access by IP, and for good measure change the port ssh runs on, it's safe even to login as root.

Yep.  Backup settings, fresh install, reinstall packages, upload settings, Ta-Daa!

I can now access it via HTTP on the LAN. @dreamslacker Disable NAT Reflection for 1:1 NAT - DISABLED Disable NAT Reflection for port forwards - DISABLED Firewall Maximum Table Entries - DEFAULT (Left it Blank) Firewall Maximum States - DEFAULT (Left it Blank) EDIT: Now that I am onsite here I found that the old router (connected to the same ISP) still had the static IP settings of the new router. Switched it to DHCP and I think our issue may have been resolved.

I was able to figure out the issue.  The problem was that I PFSense supplying DHCP addresses to the domain controllers.  This seemed to cause the issue. The solution was: Changed gateway IP to 192.168.3.1 PFSense WAN - 192.168.3.2 PFSense LAN - 192.168.1.1 Our LAN computers that previously connected to the gateway address of 192.168.1.1 now connect to PFSense using that address.  This allowed us to connect to the internet and throughout our network. Thank you Wallabybob