Windows boxes out of the box are going to be Noisy little bastards.. And even if your not using IPv6 are going to put a lot of NOISE on the network via ipv6 You have a few options Just ignore it and live with the log spam Set firewall not to log the noise Configure your client boxes to not send out so much ipv6 noise when your not using ipv6 - with windows easy way is to just disable it.. Take a look here for what option best suites your needs. https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users

Yes, we do that here. There is some manual work to be done, but see https://github.com/opoplawski/ansible-pfsense/tree/master/roles/pfsense_setup for basically how we do it. I think I still need to figure out how to start nslcd automatically after reboot. /etc/rc.conf.local I thought used to do it, but perhaps not anymore with 2.4.4.

No Not ideally, maybe if you have an ACME/LE trusted cert but even then I would not recommend treating your firewall as a general purpose web server.

Ok it is fixed on the DC instance now. I simply enabled scrub again and it works. How strange is that? Considering scrub messes with fragmented packets. So with scrub disabled the frag test fails, are you able to test that? Same fix works on LAN as well. Ok glad the cause is found, it is odd, but good nevertherless. thanks :)

@grimson Thanks, I do read manual but in this case I don't know where to start so I asked question here and yes I only have 1 physical line (at-least for now), I will add quad gigabit ethernet nic to my PC next month.

The only way is to download the source code, edit the references to pfSense and recompile. You may then use and support the product using the name of your choice.

No. The pfSense shell : pfSense - Netgate Device ID: 20cc46dfabc85c78e087 *** Welcome to pfSense 2.4.4-RELEASE-p1 (amd64) on pfsense *** 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell Option 8 - is a classic shell. Cisco uses IOS commands, pfSense has a GUI. With the Cisco GUI (if it has one) you couldn't do all the things you can do with the IOS commands. pfSense : the other way around. "Option 8" exists to see the OS file system and to interact with, start some basic or complex "FreeBSD" commands and yes, there are even some less known (and rarely used) made-by-pfSense scripts files. You cant' manage pfSense purely from the command line. See also threads like https://forum.netgate.com/topic/125603/cisco-vs-pfsense/9 (and Google can tell you more, as usual)

@mr-newbie thanks for your reply i'm trying to setup user management/privilege in which our users can login with their LDAP credentiel(username and pasword),i want to know why on "system usermanager>settings>test " all are ok but via Diag>authentication,autnetication failed,please can you test "ldap.forumsys.com" or do you know any online ldap server for test on it?(you can see my ldap server config attached) thanks[image: 1544691328093-myldapconfig-resized.png] [image: 1544691389087-testldap-resized.png]

fsck requires read-only mode because it operates on the filesystem metadata directly. A read-write filesystem could change in the middle of a fsck operation and break it worse.

@bmeeks said in How do I find this device?: @gregeeh if you do not want this traffic filling up your logs, create a rule near the top on your LAN interface that has any as the source, UDP as the protocol, ff02::1 as the destination address and 10001 as the destination port. Set the rule to drop but not log. Right now that traffic is hitting the firewall's default deny rule and that rule is logging the dropped packet. By inserting your own rule up higher in the chain, the packet is "handled" by your rules and thus never gets to the default deny rule (which is at the bottom of the rule chain). Most helpful. Thank you.

@johnpoz said in Share WAN connection: You do understand the pfsense can be a sip proxy right.. Good point. I have installed siproxd, set outbound to WAN and inbound to LAN2. Everything else was left default. After reloading states FB6490 can register to the SIP registrar on FB6490(UM) BUT at the same time now FB7390 cannot register anymore to FB6490(UM). What does this mean? @chpalmer said in Share WAN connection: His cable company is his phone company from what Im getting.. You got it right. And because the device is the property of the provider and also configured by the provider I am very limited.

ATT offers 2 other shi, i mean amazing boxes, im on the phone with them now getting one sent out.

As far as I can see, it seems to be self contained : https://docs.netdata.cloud/installer/#pfsense extract : Note first three packages are downloaded from the pfSense repository for maintaining compatibility with pfSense, Netdata is downloaded from the FreeBSD repository. pkg install pkgconf pkg install bash pkg install e2fsprogs-libuuid pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/netdata-1.11.0.txz the netdata package does not seem to add extra dependencies unless I'm looking wrong but something like netdata (also like ntopng) is designed to run 24/7 I'm running it on a test pfsense in an isolated network, for now the test setup seems to run

Thanks for the help. I just added the LAN nic to the same local network to get things configured.

@stevelambert Try to change the binding in usr/local/etc/netdata/netdata.conf change bind to = 127.0.0.1 to bind to = * restart netdata : service netdata stop service netdata onestart