It's possible to run all those packages in 2GB or RAM but I would not recommend doing so. You have to tune them carefully to avoid exhausting the RAM. You cannot just enable all the signatures and lists in each and expect that to work. I run Snort and pfBlocker-ng in a 3100 as my edge here. But I use only basic ad blocking in pfBlocker and only the ET Open sigs in Snort (not in blocking mode). With that setup I could probably also run Squid (very carefully). But I would not! last pid: 2837; load averages: 0.67, 0.60, 0.62 up 5+18:13:34 16:40:10 81 processes: 1 running, 80 sleeping CPU: 0.0% user, 0.4% nice, 0.6% system, 0.0% interrupt, 99.0% idle Mem: 140M Active, 1285M Inact, 223M Wired, 84M Buf, 344M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 52379 root 2 40 20 271M 248M bpf 1 182:38 0.73% snort 73496 root 1 52 0 129M 49M accept 0 1:22 0.00% php-fpm 3052 root 1 35 0 129M 49M accept 1 1:56 0.00% php-fpm 67066 root 1 52 0 129M 47M accept 0 1:11 0.00% php-fpm 42460 root 1 52 0 129M 47M accept 0 0:49 0.00% php-fpm 81284 root 1 52 0 129M 46M accept 1 0:47 0.00% php-fpm 38356 root 1 52 0 127M 46M accept 1 1:29 0.00% php-fpm 45364 root 1 52 0 126M 44M accept 1 0:02 0.00% php-fpm 12066 unbound 2 20 0 61M 40M kqread 0 23:14 0.00% unbound 70717 root 1 20 0 46M 36M nanslp 0 3:57 0.04% php 1390 root 1 20 0 89M 29M kqread 1 0:16 0.00% php-fpm 4115 root 17 52 0 42M 21M sigwai 1 4:47 0.01% charon 34517 root 157 20 0 64M 16M uwait 0 1:06 0.00% filterdns 19905 dhcpd 1 20 0 13M 10M select 0 0:41 0.01% dhcpd That's with next to no traffic passing. However this may be a moot question since the 3100 is now EoS and unlikely to return. You would have to find one second hand at this point. Steve

Ouch! We ship to Canada all the time and I've not heard of anything like that kind of delay. We also have partners in Canada you can order from: https://www.netgate.com/partner-locator#canada Steve

Thank you all

@rwq891 Post a screenshot of a VLAN's settings from the article, and firewall rules for it. Firewall rules evaluate as traffic enters an interface. So on VLAN3 add a rule allowing traffic to go from that subnet to VLAN4. The default for new interfaces is no rules, hence no traffic...except LAN where the default is LAN to any.

Ah, that sort of adapter. Nice catch. Yeah weird set of faults, glad you found it though.

@dridhas Block from North America to that IP address as the destination.

@dridhas said in Wireless with VLAN not allowing traffic: TPLink The name for "quality" network gear! Yeah, right!

So where are you actually stuck here? I don't see a question. It sounds like you are going to setups pfSense as 'router on a stick', a single NIC with VLAN interfaces. So you are going to havbe to configured the DDWRT device to handle those VLANs to separate switch ports. Or use some other managed switch for that purpose. Steve

@tac57 said in pfSense -> Ubiquiti EdgeRouter X VLAN Help?: Any Ubiquiti EdgeRouter ER-X experts out there? I am very much not that! But it looks like you're trying to use the same subnet on two ports of a router which would normally not work. They would have to be configured as a bridge or as switch ports. Steve

Mmm, I wouldn't expect to see an issue with any of that. Do you see anything using a lot of CPU in System Activity when this happens?

How are you testing? 941Mbps is the limit of what I expect to see there so if you are seeing 950 there is probably some averaging errors happening. It could be some hardware off-loading issues. I would disable all hardware off-loading at least as a test. If you compiled your own driver to get i219V support I assume the i350s are using that too? Have you tried the in kernel driver in setup 2, without the i219V? Steve

Are you running 2.5.2? Do clients connect but just can't pass traffic? Are you routing traffic just to local resources or all traffic? Do you see ant thing blocked in the firewall logs? Steve

Not easily. That is usually accomplished by having staff and student VLANs where you can apply different firewall rules to the traffic. So if it's wifi for example you can have a separate ssid with 802.1x authentication that only staff can connect to. Steve

@jegr said in Solved: Can't update bogons on a 2.4.5-p1 (cert expired): @bingo600 said in Solved: Can't update bogons on a 2.4.5-p1 (cert expired): And a ... I'm not giving up kinda moment. I haven't even bothered implementing that "trick" on the Job ones .... I appreciate it! I have some 2.4.5 systems in the wild myself that customers aren't able to update right now and those had rising numbers of dead/zombie processes (dying bogon procs) that we were able to fix that way - so thumbs up from me for the fact finding mission Glad to be able to give a little back And ... Now i know that to tomorrow on the job for 7 firewalls Done .... And home fwall Fresh install w. ZFS , and config restoren only one minor "quirk" iftop didn't install , but the pkgmgr. was informing about that [image: 1635060752074-0cae61d6-e22b-46aa-b42e-6eaa8ab59577-image.png] /Bingo

@dialsoft Did you get this figured out?

@johnpoz https://redmine.pfsense.org/issues/12480 thank you ;)

@macwarrior said in Dual Port WAN (6100 is not available) HELP!: Hello all, I built an ASUS ProArt B550-Creator with 2x2.5G ethernet ports to use for pfSense (I know, probably overkill but Netgate 6100 is not available right now) and I added a SolorFlare 4-port SFP card. Can I turn 1-port of the SolorFlare SFP card into 1 WAN and a 2.5G ethernet port into a WAN (to = 2 WAN's) and the other 3 SolorFlare SFP ports into LAN's? Thank you in advance, MacWarrior Yes, you can turn all but one ports into WAN if you wish. PfSense allows you to use/define ports as you see fit. Only requirement is that the NIC’s are supported and has a driver in the pfSense distribution (Which may be an issue with that SFP card).

@stephenw10 Re-saving the ACB settings fixed the inconsistent schedule on both boxes.

@jc1976 said in Driver Update: I've gone through all the documentation and whatnot, and it's all just very odd to me. My nic is a genuine intel.. it's not an intel by HP or Dell.. straight intel.. and i would've thought by now the drivers would've been updated. the I340 is a fairly old card, and considering that intel has cards that are running at 10Gb+, what happens to those who are running pfsense on connections such as that at the enterprise level? what about the latest 800 series cards? Will the iflib work with them? Agree that it can be very confusing, especially with Intel, because for a while (and it may still be true) the version numbering scheme used by Intel on their web site for various NIC drivers differed from the scheme used for the same Intel drivers in FreeBSD. That makes it hard to determine which is actually the most "current" version. But for the most part, FreeBSD depends on Intel contributors to provide updates for Intel NIC drivers in FreeBSD.

The 21.09 release has been postponed. There are a few reasons for this such as some issues found in late-stage testing. We want to make sure the next release will be a quality release. There is a high focus on 22.01. We are confident it will be worth the wait.