Mmm, I'm not aware of any issues with multiple keys registered by the same user (email address). You can choose multiple subscriptions in the store. I believe we did add a limit there since some people immediately tried to get 1000 keys! Steve

@johnpoz Yup, that was it. I at least have most things acting normally now. I'll find out as I keep going if anything else pops up, but I'm thinking that was probably it. Now I just need to migrate my whole network to new VLANs...

@robh-0 Hi Rob, requirement 2.2 in PCI DSS v3.2.1 is to create configuration standards for all in-scope system components. Here is the requirement text: 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards. Sources of industry-accepted system hardening standards may include, but are not limited to: • Center for Internet Security (CIS) • International Organization for Standardization (ISO) • SysAdmin Audit Network Security (SANS) Institute • National Institute of Standards Technology (NIST). As an update, I've now been advised that I can use the firewall STIG to create my configuration standard (Firewall SRG - Ver 2, Rel 2 https://public.cyber.mil/stigs/downloads). It's not pfSense specific so it will be a case of going through and applying the recommendations to pfSense where applicable. So for me this is sorted out - thanks for your responses.

Yup, can be a VLAN. pfSense treats a VLAN the same as any other interface. It can even be something obscure like PPPoE. Though I would not recommend that unless you have no other choice. Steve

@rwillett said in iperf3 on pfsense server (slower) different to client (faster) - Why?: Interestingly I didn't get much better throughput on the Macbook client with 5 threads. Well this is pretty maxed out for gig connection already. 7] 4.00-5.00 sec 111 MBytes 935 Mbits/sec [ 7] 5.00-6.00 sec 112 MBytes 935 Mbits/sec So no you prob wouldn't see much better than that ;)

Those firewall logs are all blocked ACK traffic to connections that have already closed. Not a problem: https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html#troubleshooting-blocked-log-entries-for-legitimate-connection-packets So did you have pfSense in place when you were using the USG-Pro? Either way I'm not really sure how you can pass multicast through the UXG-Pro with or without pfSense. Steve

@stephenw10 log compression off and higher log size seems to have stabilized it. Theres about 12 computers in that closet. There is cooling and venting into the closet and the alarm never went off but the case was pretty hot to the touch. Will keep an eye on it. thank you.

@johnpoz said in pfSense as initial network filter: https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html Thank you John for sharing.

Huh, that is good to know. And also truly bizarre! Thanks for the update. Steve

Thanks all for the help. Manually clearing the logs and then restarting suricata seems to have helped; I now see the logs rotating as they should.

@jimp My CPU is soldered on a mini ITX MB but the heat sink may be removable. However I have never seen CPU temp above 40 deg C so I don't think its an issue. I read somewhere in these forums that there was a BIOS setting that fixed a users errors. I found a "Turbo Mode" in BIOS that I disabled so maybe that will help. I haven't seen any more errors since my first post.

@natanaelmm29 said in Cannot access DMZ server from LAN: specific file and put 255.255.0.0 mask instead of /24 Yup that would do it ;) Glad you got it sorted.

Hello again and again, thanx for your reply! I am with you at the points of failure of new hardware... :) So far, I am glad (and thankful) for you looking at the reports. Glad, because there seems to be no "obvious" config problem. I guess I will sit it out, since I am playing with the thought of purchasing a new device to run pfs on. I am bugged by this ever since upgrading, but so far (luck?) nothing "happened" with the system (aka break down, not working, nuclear explosions). So I will save my money, not buying yet another mSSD but saving it for the new device (either 4100 or 6100). Maybe someone has another idea about it (but since a pro like you cannot come up with the ONE solution or explanation, I doubt it -no offense, guys and girls)...

Be aware that most of those functions won't work for non-root users even if they are in the admin group. You should install the sudo package, grant access to the admin group users to run things as root, and then run the menu with sudo /etc/rc.initial. They will be prompted to input their password again unless you configure sudo to allow access without a password.

@jimp Thankyou so much, its very helpfull

@stephenw10 AWESOME. Worked great SO: Bug: zfs + ram disk for tmp and var Result: wipes /var/db/pkg and replaces with links (and /root/var/db/pkg, and /var/db/cache) Easy workaround for now: Do a full backup including extra info. It will contain all of your packages AND settings delete the link folders recreate a base pkg database # mkdir -p /var/db/pkg /root/var/db/pkg /root/var/cache # pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade # pkg-static upgrade -f (from https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#forced-pkg-reinstall ) Edit the backup XML file as @stephenw10 described. One line to delete: <use_mfs_tmpvar></use_mfs_tmpvar> Restore the backup. All packages will be restored including their configuration.

@johnpoz @stephenw10 I see. pfBlocker is on my list to learn next. Will start looking into it and explore. Will come back to you guys and the forum if there're questions in the future thanks for the input

Open a ticket with us: https://www.netgate.com/tac-support-request There isn't yet an automated way to do that. Steve

@stephenw10 said in historical log for WAN latency and performance: Have you tried using Easy Editor? It's about as easy as it gets for editing a txt file. Nano are much better! In combination with zsh+ohmyzsh (+ Fish-like color code highlighting, code suggestions and multi-word search) - are perfect toolset. (7min step-by-step instruction how to quickly installing zsh, ohmyzsh + zsh-highlighting You may see here). Strongly recommend to try! If a You spend such amount of time in CLI, zsh make a You happy. Like ping comparing with Smokeping ;)

@stephenw10 said in [WORKAROUND] Unable to update and package install (ERROR: It was not possible to identify which pfSense kernel is installed): This? SSH KeyGen pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed. @ 2022-05-01 12:55:10 That's normal whenever new keys are created. Which until 22.01/2.6 was every install or config reset. Steve Thank You, Steve!