@networknotwork you can create a feature request over on https://redmine.pfsense.org/ And if you found a bug/issue or improvement in the .tcshrc you could put that in there as well. edit: This has been a enlightening thread to be sure.. I learned a bit about making sure your actually awake when testing something ;) and also about the stupid bell thing hehe, and got me to update my local ssh client too.

@stephenw10 They generate 3Mb of traffic each. GreyiPad is only used to watch the cameras. The other one does that 99% of the time. Maybe not a great reason, but that is the reason.

@mantis0711 See thread https://forum.netgate.com/topic/167206/gateway-drops-and-never-comes-back for another report and diagnosis.

@tjsas1 problem is isp most likely will do nothing about it, unless this was a business line and you have ddos protection with them (normally not free).. Your best bet is prob get your IP changed, if you can not do it locally by altering your pfsense mac address on its public interface. Then get with your ISP and asking them change your IP, because your seeing inbound dos traffic - send them the sniffs you did showing the traffic, etc. And any info you can gather about amount. I wouldn't hide your public IP in those sniffs ;) Problem is with such traffic is nothing you can do at your end, other then changing your IP.. internet -- isp --- 10mbps connection --- you If the internet is sending you 10mbps of traffic, and filling up your pipe.. There is really nothing you can do at your end.. The traffic be it you drop it on your end or not, is still using up your connection. Its a common misconception to what a firewall can do.. Now if there was say 1mbps of traffic and it was being sent to your server behind your router/firewall and this 1mbps of traffic was hurting your servers performance - then you could filter that from being sent on to your server. But as long as the traffic is sent, your connection would still see the 1mbps of traffic.. You need to stop the traffic from being sent to you down your limited connection. This is either done at the isp end, or you need to change your IP so that traffic to 1.2.3.4 doesn't go down your connection. Other option ;) Get a fatter connection heheh.. If you had 1gig, and they were only sending 10mbps - then it wouldn't be a problem.. But if sending 1gig, you have the same problem.

It looks like a certificate mismatch because pfSense uses a self signed cert to serve that page.

@bahman via the marketplace I linked too.

@stephenw10 I will try next. i'm new to pfsense, so will slowly setup as I go. thank you for all the inputs.

@opensourceprotection said in SMTP notifications not working with gmail: Solved! Every time you test the connection you have a to reinput the password. Even though you'll see the shortened black dots, the password is not saved from the test before. (I'm assuming it's reverting to what it has saved but can't say for certain.)  I was seeing the shortened black dots and thought PFSense was rolling over the password from the previous try this was not the case. Once I copied the setting of johnpoz (with the appropriately changed email addresses) it worked like a charm the first time, and when tested again it failed like before. That's what clued me in. If I entered everything fresh, hit save, THEN hit test I could get it working multiple times in a row. Thank you everyone for your help with this! This was the solution to the issue I was having! Thanks for your help.

The 1100 is preconfigured to boot to a functioning state. You should be able to connect a dhcp client to LAN and it will receive an IP address in the default LAN subnet, 192.168.1.0/24. That allows you to connect to the webgui and complete the setup. The most common cause of that failing is that the WAN is connected to an upstream router and that device is also using the 192.168.1.0/24 subnet creating a conflict. If that's not the case then, yes, connect to the serial console to investigate what state it is in. https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/connect-to-console.html Steve

Not all of the interfaces were selected so it was re-broadcasting only on a few interfaces. Thanks for the push in the right direction.

I think you should restate your requirements. The number of clients is not the correct end number you are looking for, it is the number of states (RAM usage). I have about 20 devices on my network doing things. I have 800 states, or about 40 states per device. 10k clients times 40 states is 400,000 states. My 8Gb FW defaulted to over 800k states, my memory usage is low so there is room to grow. (40 states per device is not a solid number you should use, just an example.) 10Gb is where you look at interfaces and CPU, a 6100 should handle that speed. Any packages you add on top should be added to the CPU and RAM numbers. When you are done you should have an idea as to the the CPU and RAM needed, then you can make an educated guess on which device is best suited for your needs. If you have performance data from previous events you can improve your estimation on CPU and RAM needed.

@josephchrzempiec do you have multiple dumb switches? If so you could plug 1 switch into the interface on network 192.168.1/24 and another switch into interface 192.168.2/24. Stuff you plug into sw1 will be on that network, stuff you plug into sw2 would be on the other network. Then you could firewall all you want between these network. Your other option would be just plug say this server into the port directly on pfsense, and put it on a different network that way. But you can get a 8 port "smart" switch that does vlans for like $40 or so. Other option if you did have a managed switch that supported private vlans, you could limit who could talk to each other in the same network/vlan Other option is to do your filtering on the hosts firewall directly.

@stephenw10 Nothing like that in any of my logs. Might be though. When I didn’t double boot I still over wrote everything with the restore.

NUT reports everything correctly. Doesn’t seem as easy to configure for when to shut down, etc. Looks like defaults are good to go as is though.

It means the bogons v6 table has not been populated yet. It's common to see that at reboot because of the order things are loaded in so if you only see it there it's probably not an issue. Make sure if you clear it and then do Status > Filter Reload it does not return. The other reason you might see that is there is insufficient table size to contain the v6 data, which can be quite large. If that's the case try increasing 'Firewall Maximum Table Entries' in System < Advanced > Firewall & NAT Steve

It doesn't look like there's a port forward associated with that rule on WAN so it shouldn't be there. Check the Outbound NAT rules in Firewall > NAT > Outbound Something is allowing that inbound state on WAN to be created without NAT and that may be conflicting with the outbound state preventing it. You don't appear to have a rule on WAN that would allow it so check the floating rules too. Steve

@stephenw10 Yes Firewall Rules. I don’t think my AppleTV’s, iPAD or iPHONES use Apple Talk. Might. Now on to other questions. Thanks again. Cleaned up some of the network routing and was able to eliminate both Netgear switches in two person office. Added UPS’s to each work station and to the “Internet” station, the router, modem, wireless AP. Power rarely goes out here but it does once and awhile. Employer gets a tad annoyed when everyone disappears. Thanks again. NOW my Firewall is doing what its supposed to do for WAN side. Lots of blocking going on. I've installed and configured the UPS package. Need to figure it out though.

So when exactly would curl on pfsense be doing this for example "When sending data to an MQTT server" "redis -- Integer overflow issues with BITFIELD command on 32-bit systems" How is that applicable? If you were going to update every single package every time any sort of issue is found, all you would be doing is running updates.. Unless the issue is applicable to how pfsense is used, it really shouldn't be a concern.. I am all for keeping up with what is out there, and what could be issues - but it can get out of hand really quickly if every little alert is some sort of fire drill for how the sky is falling.. Pfsense and the Netgate team should be keeping abreast of issues that could effect pfsense install base. And taking the appropriate actions - if you do not trust them to do their jobs, why are you running their software? Are you following up with the 2400 some plus CVEs currently out for windows 10? And following up with MS to what they are doing about them? ;) What is funny to me is how on one hand you have users worried about some odd cve report for a package and use case that I just do not see how its an issue.. And then you have others running 2.3 still of pfsense ;)

@kosvision pfSense is a router firewall. If you need a firewall / router, pfSense might fit your needs. Most often, your ISP router will do just fine. Hook it up, and it works, you'll be fine. Anyway, you can test it for yourself.

@jsmiddleton4 what exactly did you set? you should be able to view what that is directly with sysctl whatever that is..