@johnpoz: You don't use dns internally? Wow??  That is just plain nuts…  Shoot even MS got on board with dns server back in the NT 3.51 Days.. mid 90's  So your over 20 years for sure... Good luck with IPv6 without using names ;) hehehe Ha! True story. Just in my own playpen, never even thought of it. Go ahead shame me into it, lol

It's a client-side problem, so there wouldn't be any difference on 2.4. Use IKEv2.

Check your group privileges. You probably accidentally selected everything without checking the list. If you selected "User - Config: Deny Config Write" then it will do what you described. The user cannot make changes to the configuration, so it appears what they do has no effect.

One of our Cisco switche's ports were both giveing Tx errors out (bad packets), Annoyingly simply reconnecting seemed to fix this…

Do you have any reasons to believe that your iptv is broadcasting to your box via http? Because squid only filters http protocol based material. IPTV usually uses unicast or multicast with RTP and/or RTSP. I suspect that squid and iptv coexist nicely without you have to do anything whatsoever, but maybe I am missing something here…

I appreciate the help.  I will try to get another pfsense installation in GNS3 without using the appliance and see if that makes a difference.

I would agree good idea to isolate such devices from the rest of your network. Either via physical different network or sure vlan switch can isolate them.. Your prob going to to want to adjust the firewall rules on your dmz interface so that the dmz can not talk to your other networks (lan) unless the lan has started the conversation.. Or you could pinhole some things into your other networks.  For example if you want to be able to print stuff from these server you might allow that..

Fantastic that worked. Thankyou very much

I rebooted my entire network setup, waited 30 seconds, and now everything is working fine. Must have been something in the Network hanging or something.

pfBlockerNG - Sure is coming up a lot in the "please help" category.

When you go to Status > OpenVPN, does the VPN connection show as "UP"? Also, what version of pfSense are you using? Kind regards

try splice all. The new Android and apple apps  have hard coded certs

Thank you for your reply, I appreciate it a lot. To start, i was able to get it to work. I knew that you could have multiple routers on the same WAN network. thanks for confirming that. My network connection is in the datacenter. we connect directly to the switch with a subnet mask of /28.  Both routers had the correct ip addressing and were in the same subnet.  Both have unique Mac addresses. The only conflict i came across was they had the same hostname. But i only discover that after resetting the new router to the factory defaults and going through the configuration wizard. thank you again.

There are some other methods to get a fast and cheap as can ac WIFi if it is urgent needed by you, and it is matching to every budget too. So it could be used by many peoples. 1 UBNT UniFi ac lite WiFi AP for around ~$74 One RaspBerry PI 3.0 with internal ac WiFi card or together with an external USB ac WiFi stick for ~$60 An old and used WiFi ac Router that is broken or mismatching from the dump, with installed DD-WRT or OpenWRT (lede) for nothing ($$$) with some luck! It's a pity that pfsense does not support any Wifi AC card. It would be nice to have everything in one box. At first pfSense is based on  FreeBSD as the underlying OS and so it is a must be that FreeBSD is supporting it well and first, then this could also be working on pfSense, but also with some adjustments or code writing to realize it well and fine working out of the box. Well working internal miniPCIe cards for pfSense, supporting the following standards a/b/g/n are; Compex WLE200NX ~20 € UBNT SR71-E ~50 € FreeBSD 11.1 special files (firmware and driver for Intel wireless-ac cards) over 12 month ago! Outlook to version 2.4 and Intel Wireless-AC cards 12 month old Bug report on reddit about wireless ac (solved) 12 month old FreeBSD 11 and Intel Dual Band Wireless-AC 8260 8 month old So if you own or have a miniCPIe card such as the following named cards from Intel; Intel Dual Band Wireless AC 3160 Intel Dual Band Wireless AC 3165 Intel Dual Band Wireless AC 7260 Intel Dual Band Wireless AC 7265 Intel Dual Band Wireless AC 8260 You could have luck that it is working under FreeBSD, but with no guarantee and for sure for working well in pfSense. pfSense is not or only something sitting on FreeBSD, after growing up more and more there was a bigger code change under the roof as we all perhaps could imagine as I see it right.

Instead of trying to whitelist squid by domain name (which you obviously didn't do correctly) you might, instead, put the netflix device IP addresses in the Bypass Proxy for These Source IPs settings. There is no guarantee that everything that needs to be outside the proxy will have a netflix.com domain name.