@johnpoz Yes that makes sense. I will give it a go. Thank you for your time on this.

@marvosa said in Gigabit WAN slow download, fast upload: Personally, I think we need more info: Give us the specs on your PFsense box (assuming its bare metal). Also, what kind of NIC's are in it? What packages are installed? When testing with VM's, what hypervisor are you using and what are the specs of the host? Also, how is the VM connected to the network? Does the PFsense VM have dedicated NIC's or is LAN adapter being shared with other VM's? pfSense box is bare metal, it has the following specs: AMD Athlon 200GE 4 GB RAM Intel Pro/1000 PT dual NIC Only a couple packages - acme, apcupsd, open-vpn-client-export, service_watchdog My VM hypervisor is Proxmox 6.1-5. The host is a Cisco C220 M3 with dual Xeon E5-2620 v2 CPUs and 64 GB RAM. The NIC is an onboard Cisco GbE port. I'm testing from a Ubuntu 19.04 VM with 4 cores and 8 GB RAM. The NIC is a VirtIO (Paravirtualized). The VM is on a shared port, but I evacuated other workloads to a sister server before running tests - so effectively the Linux VM was isolated on the Proxmox node. I tried other VM NICs (e.g. Intel E1000, vmxnet3) and the VirtIO had the best performance. I've also tried from other hardwired 1 Gbit clients (a Windows 10 laptop and a Mac Mini) and they yielded worse results than the VM.

Wow, that seems to have made it work, thanks a lot. I'm still not able to disable ipv6 though, which is strange as I've also disabled it in the gateways section, but even greyed out it is listed as default. Glad it's working at least partially how I'd hoped though - much appreciated!

@robtoronto I was looking for just the same solution. One ISP is fast but has a data cap and charges a lot after it has been reached. The other ISP is good enough for most things and has no data cap. When I reached my data cap, or perhaps got to within 90% of it, to have pfsense close down that ISP until the next billing month. Thank you for asking about this issue. It saved me trouble.

Before doing that, see if you can boot normally and set /var to 1GB. You have plenty of RAM. If that works, try reducing to 768, then 512. Maybe works. I had no trouble running PFB on a RAM disk, but every time I rebooted, the /var PFB data got wiped and I either had to wait until the next update or force it. Finally went back to /var on SSD. After all, the whole VM is on SSD anyway...

@johnpoz Working like a charm. Thaaaaank you! I basically just had to click Hybrid outbound and save. Then Just add 1 more mapping for my new .11 subnet (just duplicated the original mapping that was already there)

I have a similar setup only with unifi switch and not edge switch and unifi APs I have a VLAN 20 on my setup which is up and running which I configured last night. Your Network configuration however is different. I selected VLAN only since pfsense was handling all my DHCP functionality. I see in your Network setup VLAN only is greyed out and says USW required (which I don't know what that means). In terms of DHCP mode, have you tried just setting it to None. Did you setup a DHCP server on pfsense for the LAN within Pfsense. I terms of your Edge switch, it seems like you've setup your trunk port appropriately (I would guess - I've never used an edge switch).

A different site's connection suffers from LCP timeouts on a regular basis, possibly caused by VDSL resyncs due to changing SNR, though that's just a guess from occasionally seeing the negotiated connection speed changing. This particular site appears to be the worst behaved, though it runs the same hardware and almost identical configuration as my home connection (i3-7100 Gigabyte Brix, Cisco 3560CX & Draytek Vigor 130). A third site has a very stable PPPoE connection which runs for weeks at a time apart from occasionally where it all goes haywire; many LCP timeouts / reconnections within minutes and this very quickly causes the issue.

Hello, I have the same issue here. I'm using pfsense 2.4.4. Being in the pfsense network I have access to the standby node without any problem. Trying to access the standby node from a different network, https access become unresponsive. cmouse have you found a way to overcome this issue?

@jimp Not a brower plugin. However, I did clear browser data which resolved the problem. Menu>More Tools>Clear Browsing Data>Advanced>clear all except saved passwords, for all time. Chrome works now.

If you have access to the GUI it's just Diagnostics > Backup & Restore [image: 1578059627140-restore1.png] [image: 1578059633296-restore2.png] -Rico

@kkprasanth said in pfsense not blocking file extension: @JKnott Can it be used on the setup ? In order to do that, it would have to do deep packet inspection and be able identify file types. That's well beyond what pfSense is designed to do. Also, as mentioned above, TLS is often used these days, which means the data stream is encrypted and beyond deep packet inspection.

Ok, thanks for your response. Happy new year! Regards, Damián

Hi, You saw this : @mohamed8080 said in The firewall has enountered an error: (tried to allocate 268435464 bytes) that is not just a number of random numbers, it was actually trying to get hold on 268 435 464 = a bit more as 268 Mega Bytes of memory in PHP working space. That failed. First check to know more about who/why/when : de activate pfblockerng. No more problems, right ? Next best test : remove some of the feeds. Start with the biggest ones. Put pfblockerng on a diet.

I imagine you've done the basics, like changing cables, using another card port as uplink, cleaning and reseating the card? If so, well, used cards and servers can fail in obscure ways. If having received no benefit from the previous changes to the config, I'd probably spend $20 on another NIC, maybe an i340.

@stephenw10 thanks

Those offloading options should be disabled by default (checked). It rarely improves performance and can cause massive problems so I would not recommend enabling them. You might also disable Hardware Checksum Offloading as that can cause problems on some NICs. I would not normally expect bridging to cause a throughput issue on a system like that but if you were seeing output errors it was clearly hitting some issue. Unless you had a wifi interface in the mix there for example. Steve

Mmm, the DHCP server should supply the interface address as the gateway if you don't specify anything. It's hard to think what could prevent that. If the interface was invalid in some way you would be able to set it in the first place. Do you actually mean 172.16.1.1? 174.16.1.1 is not a private IP. It may be conflicting with something by some unlikely coincidence. Steve

Well depends on what you make of "application blocking" It can be done native if your just talking the ports the application talk on.. But as its listed as optional, and it can be done with optional packages. snort and openappID and proxy for url filtering.