Then, yeah, follow that doc. Split-DNS is generally preferred if all you local devices can use it. Steve

When you try to connect from the server behind pfSense what is the error shown exactly?

@stephenw10 Turns out this is a known and long-festering issue for admins across the board. How to have multiple shells open, all generating history? Some shells support fancy stuff like eliminating duplicates... but here's the best I have found for pfSense: Edit ~/.tcshrc and replace set history = 1000 set savehist = (1000 merge) with set history = 1000 set histdup = erase set savehist = (${history} merge lock) alias precmd 'history -S' alias postcmd 'history -M' So far it works very nicely: Saves history after every command Merges multiple shell histories together

@nogbadthebad thank you for that visual clarification. I had to go into the Acme(1) section [which was "using" it] and remove it there first. Then I was able remove it from the Certificate Manager.

I mean... I'm not going to tell you to buy something fro some copyright/license infringing company in China. I declare bias here. What hardware are you using now? I assume it is working sufficiently apart from the very old install? Steve

@fullauto said in XML backup/restore between Protectli and Netgate?: I noticed that the 1100 uses about 14 percent CPU just idling. That's not unusual if you have the dashboard up and widgets on it. To get a real reading of idle usage use top at the command line and be sure not to have the dashboard up in a browser anywhere. Steve

@darkcorner When restoring to a new device make sure the new pfSense is the latest version...you want to be installing packages for the version of pfSense you have, and its default is to install for the latest version.

Well not sure exactly what the issue was, but after doing a restore of the PFsense backup, the device is working as expected. WAN port is up, client is happy and earth is back on axis. :) FYI - no need to put the Comcast router in passive mode. Just turn off DHCP/Firewall and Wifi. Thanks for the assistance!!

I'm very sorry for resurrecting this thread - but this thread is mostly the first hit you find if you google for something like "pfsense slow login" or "slow dashboard" and for me it initially did not help, checking my DNS-settings. after hours looking for a solution I stumbled over this reddit post - https://www.reddit.com/r/PFSENSE/comments/lmubku/comment/gtj41yl/?utm_source=share&utm_medium=web2x&context=3 disabled "firewall logs" widget - and dashboard now loads fast and login is also fast. The strange thing is, that I have another machine with a virtual pfsense installed (pretty much same hardware - cpu, ram, disk) and had the dashboard equally configured (and mostly all other settings are equal too) where this long loading issue did not happen.

It may be possible at the OS level. It could be simply the GUI input validation preventing it as unexpected. You could try creating a custom conf file for it.

What's it actually sending? Do you see anything in the logs in pfSense?

@gertjan sorry for misunderstanding i was trying to say that currently its installed on dell r710 server machine device which have on board 4 nic

Problem resolved. It was a problem with the mini OS X. I checked the firewall log and nothing. I also temporarily disabled the pfblocker and no help. I did find a thread on the Apple Community board that said to go into "system preferences/internet accounts/iCloud and uncheck the mail service. Then wait a minute and re-check it. That fixed the problem so none of this was pfSense. It was all the MAC. Thanks for your suggestion and it helped point me in the correct direction.

Dev snapshots build nightly whether or not changes have gone in. There have not been any new 22.01-RC builds for a while. Steve

Our own guide is a little old at this point but still valid: https://www.youtube.com/watch?v=FJSHMyrd29E&t=78s https://docs.netgate.com/pfsense/en/latest/packages/haproxy.html Steve

No trailing slash? Standard port? Without seeing the actual file you're using we can only guess.

@murat-1 I found the solution. It is related with Internet Explorer Enhanced Security as below: Go to Start menu and click on the box that says Server Manager On the Server Manager’s dashboard, click on Local Server and then click on IE Enhanced Security Configuration option Turn it off for Administrator and User then enter the pfsense :)

I would not expect it to. Does it show it in /var/etc/mpd_wan.conf ? Assuming that's the WAN interface. Steve

@sand7000 In my case, I always test and try to exploit every 1 of the published vulnerabilities to confirm for myself that they are not applicable Until now, it has been shown to be very, very reliable.

OK...I'm stopping. Apparently the pfBlocker VIP and Web Server Interface ports were "sticking" and after several changes and Force Updates I got the DNSBL Webserver ports to change to 80 and 443 on localhost and set the VIP from 10.10.10.1 to 192.168.254.254. Everything seems to be working... NTP with localhost and not WAN selected syncs, Avahi is happy (that was a red herring), and pfBlocker is working. It all seems to come down to, for some reason that I don't know, on this firewall NTP binds to the VIP because it is lower, where as on the SG-5100 NTP ignores the VIP even though it is also lower. Thank you for your patience and all of the assistance. Edit: I figured out why the SG-5100 works... It has a VPN server at 10.3.x.x, BELOW the DNSBL VIP of 10.10.10.1. Whereas the VP2410 VPN is at 10.42.x.x, ABOVE the DNSBL IP. This was the difference all along and it is the VPN IP that NTP is now syncing to on both systems.