Wrong user? admin or root works I like putty as client.

Use the domain override. send a.com to some IP that won't resolve for that domain.

Heat? same bad Ram? Same Nic? Same power supply?…Everything is new? nothing was recycled from the old unit??..It does seem like a hardware issue though.

do you mean "widentd"?  I never got that to work successfully.  It isn't necessary anyway, since you can resolve the issue widentd exists for by adding a reject rule on the WAN for TCP/113.

You're probably exhausting the state table first, you'll need to bump it way up from the default 10,000.

Here is what works for me: port forward udp/5060 to pbx (tcp/5060 is not necessary).  Port foward the range your pbx expects for RTP.  And (important) go to NAT => Outbound and switch from automatic to manual.  When that is done, edit the rule that shows up and select "static port".

There are lots of patches against FreeBSD, sure, but I don't believe that the fundamental underlying order of things has been changed. I don't recall if there is a diagram on the wiki or not. I know it's been explained a few times is various places on the forum, but I don't recall seeing a graphic. The book is a far more complete and accurate set of documentation  8)

You can't do that without forcing all traffic to go through pfSense. As for file sharing in Windows - SMB/CIFS.  You can certainly set up shares between 2 boxes, secured by passwords - as long as you don't shared the passwords with the unauthorised users they won't trivially be able to access those shared.

Does this sign in timeout at all? You could setup a cron job (see the cron package) which would ping a site every couple minutes to keep the session active. Not perfect, but it might work. pfSense pings its gateway a lot to check the line quality, but I suspect that device is looking for traffic trying to go out past it to the internet, not just a ping directly to it.

Looks like a basic networking problem ;) You need to either use RFC1918 addresses, or the real ones, not both.

Done

Great news :) That serial cable will come in handy again soon, I'm sure.

Yes, you just set up the two LAN interfaces with different subnets. Then create an allow rule on each Interface that goes to anywhere but the other interface's subnet. This will allow both networks to get on the Internet while blocking communication with each other.

I have no idea why he said I should choose an IP at the higher range.  Just want to know if I have the DHCP-selected IP set static.

You could join the 3 WAN in 1 pfSense box with VLAN, Load balancing and failover. It will not do anything to a saturated link but will split the load over the 3 WAN. http://doc.pfsense.org/index.php?title=Special%3ASearch&search=multi&go= It do require some network and pfSense experience to pull it off, so a support subscription can make sense. https://portal.pfsense.org/index.php/support-subscription