What are you looking for exactly? If all you want to know is the source IP, log is fine - if you actually want to look at the payload of what is sent and received you would want a packet capture... Long term storage of packet captures is not all that simple..

@daddygo said in help with centralized control: Hello, Well, there is only "HA conf." that can stay in sync, but it's a good question anyway(!), because there is no such thing like "pfS cluster with central MGMT" I would say ,at every point, every FW (firewall) is unique, but there really can be a situation where you need to clone a system - pfs to pfs to pfs, etc. BTW: this could be a smart question, don't know :) Hello, thank you, I agree with the point that each point must be unique, however, there are common policies when the company has distributed branches that all must comply with. Let's have the idea or the example that suddenly we are going to give permission so that they can use a ZOOM for a webinar and only for one day 50 branches should be given permission ... that's what I want to get to.

HAProxy can pass FTP using TCP mode but not with host-header matching like that. You can only do that with http, ftp doesn't send that information. Steve

Update: issue resolved. Found that it was my anti-virus causing the issue. Once I put an exception for the IP of the SG-1100 I was able to get to the page and log in. Probably due to the cert that is automatically generated by pfsense that my anti-virus didn't like.

@pfnow I have a Phillips AndroidTV and dug into the network traffic a bit. With the above setup the multicast and unicast traffic passes fine through the networks. But when the Youtube app on my pixel phone tries to open the Youtube app on the TV a 403 Error is returned which is I think the cause why the TV is not being shown in the list. I think like @wrightsonm said, the Chromecast possibly only allows casting from the local subnet. I'm thinking if it may be possible to bypass that with NAT, but I haven't tried that yet and I'm a bit reluctant since I want to avoid NAT as much as possible and find a better solution. Unfortunately I haven't yet found if my TV has this src ip restriction and since @JacobS successfully casted with this setup that restriction may not be a standard chromecast thing.

@stephenw10 said in Settings clean up ?: You only have to upload a config file manually without checking the xml was valid one time. The pain will teach you not to do that again. Oh I know about the pain to make errors in XML That's why I asked initial question :) What's interesting that I don't see interface dead entry in this XML, so maybe unrelated Thx

@jimp Well what do you know... I restarted it and ran the built in memtest and it's memory error city. Thanks for the tip! I'll chunk it.

You can: pfSsh.php playback changepassword <username> Though I'm not sure it would be easy to automate that since it expects user input for the password. We don't allow entering the password in the command line parameters in that script since it's not secure. You could look at /etc/phpshellsessions/changepassword and make your own copy that does what you want in a more script-friendly way.

@stephenw10 Thanks. I changed it to ip4 only as you suggested. I may be limiting only one main LAN ip to access it. I can't do anything else on my 2nd AP because it has limited setting options. Thanks again.

You can disable the http referer check from the console using the php shell. It's one the available playback scripts there. You can't set the gateway or default route as you were because pfSense does not use the FreeBSD RC system. Anything you set there is ignored. Steve

@steve_b PHP Response .:/etc/inc:/etc/inc/web:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form:/usr/local/share/pear:/usr/local/share/openssl_x509_crl/ The path was indeed missing. A reboot fixed the problem. Thank you all for your time!

This: https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/widgets/widgets/system_information.widget.php#L63 But that calls get_system_pkg_version which runs pfsense-upgrade. You could probably do something similar off the firewall if you have something that knows about FreeBSD pkg-ng. Steve

@stephenw10 Yeah makes sense, what caught my attention was the % used in the dashboard, I used to run at 18% then saw 33 made me wonder. I can really do with a new dashboard, I saw some discussions on other boards about them but they seem time consuming to build but they looked sweet and you can really get creative with what is displayed.

pfSense doesn't use the FreeBSD rc system so you can't do something like that. What you can do is add your own script in /usr/local/etc/rc.d See: https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html#shell-script-option Steve

Yes, need to better define the issue. DHCP not working? DNS not working? Check the system logs first, it will probably show you want is failing. Assuming anything is failing. It could also be something else on the network causing issues. Steve

@bhollingsworth said in WAN not getting IP address on reboot: I'm not sure what to think now. Any thoughts? Does it still fail when the data tap isn't connected? If so, that would tend to indicate a hardware problem, which it masked by it. And I do not use IPv6 so I can't comment on that. Well, why not give it a try? You'll have to move to it some time.