Some further observations on this. I have several static route, under Advanced --> Routing. If I click the "delete" icon next to the route, then "OK" the prompt, the rule is deleted immediately, without any "apply" button, and without dropping active connections.? If, on the other hand, I click the "disable" button, then "Apply", connections drop as described above. Anyone got any ideas why this might happen?

The factory installer uses the tested default values, which is a UFS install. You could install to an XG-1541 with the CE image though and that will give you the option. Steve

@scratchydog - Do you still have this issue? do you see high memory consumption after this happens as well ? Does it impact your internet speed ? I am a noob to all this, and using a mini PC with multiple ethernet ports to run PfSense (nothing else is running at the moment), I have noticed the same issue with PPPoE WAN, which even showed that the connection was up for 15 hours when in fact I just rebooted PfSense. From the beginning I had issues with the PPPoE connection. Therefore not sure if these are related at all. While I have used PfSense on another Old PC with current ISP without any issue, I could not get PPPoE to work until I assign a generated MAC to it. Once connected normally I get around 78-93Mbps down.. but after restart it drops back to 0.5Mbps - 3Mbps. However, when I changed the MAC for WAN again and reboot, everything seems to work great. I have seen memory usage below 30% before this happened.. but eventually now it is using more than 70% of 6GB without much difference in network activity. [Btw, PfSense is running as a VM on Proxmox and NICs have been passed through] Happy to see if there are any similarities in the issue and get a better outcome for all. Many thanks!

I was doing some testing today and this is the output from a pfTop pfTop: Up Rule 1-181/181 (0), View: rules RULE ACTION DIR LOG Q IF PR K PKTS BYTES STATES MAX INFO 0 Pass Any 0 0 * all 1 Pass Any 0 0 * all 2 Pass Any 0 0 * all 3 Block In Log Q 25 2454 * drop inet from 169.254.0.0/16 to any 4 Block In Log Q 27 2187 * drop inet from any to 169.254.0.0/16 5 Block In Log 39086 6476285 * drop inet all 6 Block Out Log 73 59514 * drop inet all Rule 5 increments with ping requests to the target wordpress server we are having problems getting to. Any idea where rule 5 is coming from? Thanks

Sorry for the delayed answer. @Gertjan That diagram is just to represent how it was before I change Time Capsule from that Site A to Site B, now both devices are in 10.0.10.0/24. The idea that I tried to pass it was to show you that it was indeed two differente physical NICs per device. Both Firewalls, have DHCP servers in place, but 10.0.0.0/24 uses WS DHCP server, and all of those are working properly for months/years. In 10.0.10.0/24, there is at least one device with a local setup IP (10.0.10.6). But not signed for those two IPs, and I have already changed from static to dynamic IPs in DHCP server but got the same result. Its like both devices have been assigned with the same IP, but it was not, so I really dont know why its happeaning. After 3 days being massively spammed by arpwatch, it stops, Time Capsule using the right IP. Since I am not physically present in that site, I can only assume that someone have turned off that Apple TV. @stephenw10 I have made that several times. I didnt made any sniff attempt, but next time I will have to do it, because it wasnt normal. If I got this issue again, I will let you know, even if I find the reason for this to happean. Thank you all for the help, always appreciated!

Thank you for your detail information. I will try it.

@Gertjan I have 8.8.8.8 1.1.1.1 I am not new to networking, just new to pfsense and firewalls

CARP is for a high availability setup, where at least two routers are sharing a virtual MAC. @cl1nt said in Arp Issue - No wan: The MAC not change. So it's strange that it resumes working though.

@pedro1x You will have to create a VLAN in pfSense for the guest network and create appropriate rules, etc.. You need a matching VLAN on the AP for the 2nd SSID. A managed switch will keep the VLAN off other parts of the network, but that's not essential. You do that by configuring the switch so that the VLAN only goes to the port that the AP is connected to.

@heper said in NAT couters in pfSense: from shell: root@pfSense.lan]/root: pfctl -vvsn @8(0) nat on vmx1 inet from 10.123.0.0/24 to any -> 192.168.0.203 port 1024:65535 [ Evaluations: 194138 Packets: 47019367 Bytes: 51593880791 States: 79 ] [ Inserted: pid 20145 State Creations: 31883 ] Thanks a lot @heper

hello guys thank i will debug with the above as i am curnntly away from the setup and. the clinet is using Ethernet if i connect the same port same cable to another PC i dont have any issues

Hi Folks, FYI bug is back and reported as https://redmine.pfsense.org/issues/10812 Cheers

Hi, check out the great pfSense docs about Multi WAN: https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html https://www.netgate.com/resources/videos/multi-wan-on-pfsense-23.html https://docs.netgate.com/pfsense/en/latest/routing/troubleshooting-multi-wan.html -Rico

Thank you for your support. I will check the wan quality graph and report to my ISP. Do you know why the router provided by them, don't lose the connection? Is their equipment prepared to accept the "bad" connection quality? Best regards

@stephenw10 this was the best application for the mobo, CPU, and some memory I had lying around. Plus, I got sick and tired of all the limitations of the stock gateway from Centurylink. pfSense is so much better now that it is running as expected. [image: 1596410330384-7cd2741f-aeec-4d0a-a026-36e1e56c3ab0-image.png] Being able to set things up the way I want them to be and control cross VLAN traffic is precisely what I wanted. And I did not feel like spending money on some hardware FW appliance with all the issues they usually run into.

Unfortunately there isn't (yet) ab MBIM or QMI driver for FreeBSD and hence pfSense. I would expect the current Sierra devices to work if they present a known USB PID and u3g recogises it. But limited to AT connection interface. Steve

@stephenw10 said in Sourcing default firewall blocks: TCP ack packets Makes sense. Thank you very much.

In addition to that, there have been amplification attacks based on ntp. So using an external service increases your attack surface in any future possible breach attempts. Best security practices dictates to use as less external services as possible. Same goes for dns and forwarders. (and the beauty of running a stratum 0 ntp server, over pps, remains with the few who have attempted the task. Now, I wish datacenters had glass roofs so gps could work on top of racks.. :)