I see. Thank you very much.

it can IF the multiple wans have different subnet's. this usually means different isp's

As traffic is routed out an interface those rules determine how the source IP address and port are mapped. There are many uses for them a few: Sourcing traffic from a VIP instead of the interface address Not performing NAT at all if the inside addresses are routable/public Using a pool of source addresses in high-volume environments Setting static source ports for services that require it

Well I found a slightly used tp link 24 port L2 managed switch for $240, VLAN heaven here I come!

This is another great site for Mail Server Blocklist validation:     http://multirbl.valli.org/ If you have your mail server on a separate WAN IP then your main WAN IP, then it looks like a device on your LAN was caught sending SPAM… Create some firewall block rules to block all outbound MAIL ports from your main WAN IP network... Enable logging, and see if you get any hits on that... Then cleanup the infected LAN device(s)...

If I remember correctly it has something to do with the MAC address VSpehere is assigning the new interface (at random). As most unix/linux sort their interfaces with some kind of "lowest mac address first", there could be the problem in your case. If the random assigned MAC is lower than one of the other 3, it gets mangled. (I stand corrected if that's not the case here, but we had a somewhat similar incident with normal BSD and Linux hosts and vSpheres random MAC assignments) Greets

Michael, you might get better results if you would post your question in one of the numerous support forums you have to scroll past instead of this general discussion forum.  They're arranged logically by topic.  The General Questions forum is a good catch-all if you aren't sure of which forum to post in.

"Perhaps this process could be refined further with the ability to place that config.xml file on the same installer USB stick." That would be nice, but would also require to mount the FreeBSD filesystem in your currently running OS where you create said stick. If I'm not mistaken, even the installer stick is partitioned with the freebsd filesystem & slices and e.g. Windows (and some linuxes) have a bit of a problem with reading and writing to that :)

There are, however, ways to mount filesystems over SCP/SSH depending on your client OS.

If all want to do is monitor something via ping.. Smokeping would be what I would look into.

Huh??  What is the masks on your 10.x.x.x networks? what is pfsense firewall IP of 10.11.12.1 and lan IP of 10.11.10.1 ??? Can you draw up your network labeling your networks and masks and what they are connected too.

Thanks I will start a new thread as this is going off topic.

BUMP Is this a taboo subject in Pfsense? Sorry if it is… was not my intention.. just a thought of how to allow users  to remotely setup rules in a albeit limmited yet simple way. VPNS are not always possible and leaving my ports open for travelling users abroad is caused some issues of late. Cheers -wookiefw

@johnpoz: So they are just moving large chunks of data back and forth? Sometimes, yeah. Most of the GbE clients wouldn't be heavily transferring files all the time, but I'd rather not have, say my laptop over Wireless AC either getting slow speeds or causing slowdowns for everything else on the switch. Even being a half-duplex medium, it would be able to eat a sizable chunk of that 1Gb uplink from the switch by itself, not factoring in other clients' regular internet+intranet traffic. @johnpoz: What exact board did you get with that many integrated nics? It's this one: https://www.supermicro.com/products/motherboard/Xeon/D/X10SDV-TP8F.cfm though I was initially considering Rangely Atom boards (like most of the mid-level appliances in the pfSense store) I decided to go with the newer Xeon-D architecture instead. So it really came down to that board and this one, which for the ~$20 price difference through the distributor I bought it through, it wasn't really worth passing up the extra GbE ports. @johnpoz: You don't need a managed switch, you don't even need a "smart" switch unless your wanting to vlan. That's my main dilemma, I need to VLAN for the access points and management network, so a smart or managed switch would be required if I can't use the ports already on my box. I'll be able to handle some of that on the router that I'd be repurposing as an AP+Switch, but it still wouldn't be able to handle the second AP upstairs or my desktop over 10Gb fiber.