You can't.  Use a remote syslog server to log to if you intend to keep your log data.

@jahonix: XZed, I can imagine what your driving force was. Been there, done that. I still have some old ISDN and DSL cards laying around. Look at it this way: technology is changing that fast analog/ISDN/ADSL/ADSL2/ADSL2+/VDSL/3G that it is weasier to use a separate, dedicated box as bridge between your outside connection layer and an ethernet port on the internal side. When upgrading to a higher speed connection all you have to do is change out the bridge. well, at least, i'm relieved that someone understand me  ;D old school style ;D but, finally, i "accepted" your vision way and, in fact, you're right… ok, topic closed  ;D thank you, sincerely,

The Cisco 7940G should do the trick….:) @rsw686: Are the phones going to use separate network jacks or are you planning on using the phones that have the switch inside to pass the data through to the computer? If your using the phones with the built-in switch the majority of them are only 10/100 unless you are purchasing the higher end phones which have gigabit switches inside. Just something to think about because if the phones only support 10/100 then a gigabit switch is not gaining you anything.

You have to have a gateway for each Vlan….. Use Virtuel IP for this. Otherwise PFsense dont know the Vlans are there, if it do not have a gateway to contact...

Sorry for my late reply, we had some problems with the hardware so the pc had to go in for repair. When the pc returned a couple of days ago, it seems that the nic wasn't working as suppost to. So we replaced the nics with working ones and everything is working fine now. Thanks for the help.

I have this problem as well, happens randomly… hasn't happened for a while though.

Before, it was just DNS. I was able to access web sites by IP address. It was also just outgoing traffic and the servers were accepting incoming requests fine. After removing the port forward rules and making it just 1:1, no traffic gets through in either direction.

Do you want to host this games? (Be a server for it) Unless you're a server there's no point in forwarding all ports since you create outbound connections to the server which dont require an NAT forwarding. And even if you are a server. I would try to find out which ports are used. Somehow i dont think there's any software dumb enough to use a large random range for inbound traffic.

Why are you underneath the webGUI making changes when there is a facility for doing this inside the webGUI?  Diagnostics -> System Logs -> Settings.

AoN has nothing to do with the link you posted. And i dont think what you want is possible with IPSEC. At least not according to the other 5+ thread to this problem :) Why dont you give OpenVPN a try? IMO the argument that "IPSEC is a more accepted standard" is invalid. It's just a more up to date VPN solution than the in its age IPSEC.

Could it technically run them?  Yes.  Should you run squid, which is a notorious resource hog and something which by design reads and writes data to the disk a lot?  Well, you should probably just answer this one for yourself.

Thanks for your response. I totally agree with you but unfortunately this is a security requirement from my company and I need to find something to make them happy. Can ARPwatch log the MAC addresses for a certain amount of time?

Maybe if you followed the instructions here the additional configuration options may get you there. http://www.i-hacked.com/content/view/27/71/

You are absolutely right. The more applications you add to an appliance the chances for failure increases. As long as you understand the security risk involved go ahead and run it. If you are really worried about performance and security then separate your services to different appliances. You can search the forums and find that people don't like it when someone asks how to turn pfsense into an ftp server or NAS device but using pfsense as a cache server and traffic management is idealy the same thing, a risk. You are adding additional services that will lower security. Now please also understand that running squid and snort and traffic management of the pfsense box is most of time necessary to get the functionality of the above mentioned examples. If you want traffic going in and out of the box to be monitored then you have no choice but to run snort on the box if you want that functionality on the network. Same thing with squid. How will you transparently cache data if squid is not running on the pfsense box? It’s a two sided argument. Just know the security risk when you install a service. If you run SSH on pfsense then also run Denyhost (Mcrane and I should have a denyhost package soon)

pfSense is a firewall.  You're trying to pound a round peg into a square hole and you're unlikely to find anyone here willing to help you do it.