@stephenw10 Hi, Thanks for the answer. I will do what you recommended me. Have a nice day Regards,

The AMI for the 2.4.4p2 release should be available in that region. It's being tested now. Steve

@stephenw10 Got it thanks ...

I've been using airVPN for years and would recommend it, fast and stable.

Thanks all, this has been very helpful!

Ah OK.

Upgrading to 2.4.4p2 has resolved my problem.

Do what the logs files says. edit : IE : goto console mode, option 8 and enter unbound-checkconf

Not many steps here. If it were me I would: Remove the any allow all rule on the interface for the subnet in question. Add a rule to allow DNS to the interface IP. Create an alias containing the IP addresses of the sites you want to allow. Add a rule to pass traffic from the subnet to that alias for TCP. If you really wanted to restrict further use a ports alias to allow only ports 80 and 443 as the destination too. BUT... that will only work well for sites that resolve to a single IP address or only if you have all the resolvable IPs in the alias. So it will not work for Facebook, Youtube etc. Or at least not well. Steve

He doesn't want to hear the facts nor listen to the guidance we are trying to put forward. He does not want an answer to a complex question. He wants an answer to a simple question. The answer to the latter is: https and 443.

I just read that it actually needs MSS Clamping to be 1350 or MTU at 1400 and misread the line in the pfSense as being MTU and not MSS. I just realized my mistake it's been a long three days in troubleshooting this. I just stopped and started the IPSec service on the Azure appliance after making that change and it worked the first few tries (this has happened a few times). I'll go ahead and continue testing to see if the results stick.

@mattzap said in Help with troubleshooting low interface throughput: Ah-ha! Yes, I do have AT&T. Here's the relevant threads I just found: https://forum.netgate.com/topic/138604/sudden-drop-in-throughput-900-900-on-modem-vs-30-100-on-pfsense/14 https://forum.netgate.com/topic/112691/wan-throughput-capping-at-500mbps-att-gigapower/3 https://forums.att.com/t5/AT-T-Fiber-Equipment/DMZPlus-mode-in-my-Pace-5268AC-causing-browsing-to-not-work-but/td-p/5712305 I haven't read through all of this yet, but it all starts out matching my situation exactly. I'll report back when I get a chance to get up to speed on this and see if it turns out to be my issue. Thanks! Yep, those are some of the relevant threads. I think the user found a solution on the AT&T forums.

Yes, if anywhere it would be using Snort or Suricata with custom rules files. Better to ask in the IDS/IPS section for help with that. Steve

Great. Thanks for the update. Steve

Gotcha! Thank you guys!

even after configuring the mini-box with the basic's the minnowboard to me is still the better buy . since you have a switch already the extra ports on the minobox will be a waste.. my minnowboard has proven stable no way i personally would buy a knock off

UPDATE: I have made a factory reset on the XG7100, created a VPN tunnel and now Rsync works without any issues.. So that points to something in my configuration.. I will try restore a backup I made before the reset and see how that goes.. I might otherwise have to do a step by step reconfiguration and see if I can find the issue

I also curious as to why you need 3 virtualized instances of PFsense.

I have moved this post to my correct original account https://forum.netgate.com/topic/139236/which-hardware-for-pfsense-should-i-choose-continued. Please do not post here.

@derelict I say that's a constant regardless of what you do :)