Do it one step at a time. If you try to move from several subnets on one layer2 directly to radius assigned VLANs you are almost certainly going to hit multiple issues! I would first try to create VLANs and make sure they work with your switches/APs. That should definitely work and is not that hard to setup with Unifi gear. Then, once that's working with some test subnet, try moving your current subnets to that to separate then and see what breaks. Steve

@ibrahim1989 said in I can't get Internet access on the LAN side: WAN was ok, but I had to change the LAN gateway to none. Thanks a lot! Yes, if the pfSense is routing that specific network do not set a gateway.

In general you should be able to. If it has different interface types, the same number of interfaces, pfSense will ask you to re-assign them when you import it. If you have a lot of sub-inteface types like VLANs, PPP etc that can get complex. Steve

OK, so you get an IPv4 address but it's in a private subnet?

@stephenw10 Thank You -- I made the change and rebooted -- seems to see the changes, and everything appears to be working. Thank You

You cannot do load-balancing for clients just by using setting the system default gateway to load-balance gateway group. You need to use policy based routing on the LAN side firewall rule. Setting a gateway group for the system default gateway can be used for failover for the system itself there. See: https://docs.netgate.com/pfsense/en/latest/routing/gateway-groups.html#gateway-group-options Steve

@hudri said in VPN only for specific app?: I assume, that, once VPN is activated on the external mobile client, ALL traffic on this client will be encapsulated. That's not necessarily the case, and it sounds like that's not what you want. As others have said you don't need to have clients use the VPN for all traffic. Just define only the camera/NVR IPs addresses as the local side of the VPN and that's all that will be routed across it. Steve

@troutpocket said in Something taking up all the space on my system: @bmeeks Even after rebooting the firewall? Rebooting will kill any zombie process, so no need to perform the CLI command if you reboot. If you had space continuing to disappear AFTER rebooting, then I am inclined to think Suricata may not have been the issue. It starts with a clean slate after a reboot. Reading your entire thread again, perhaps the log file itself got hosed within the OS. Suricata will reopen the same log file when restarted or after rebooting. But blowing it away and reinstalling would wipe out the log file.

Thanks jarhead and stephen... i did have continuous ping LOL i guess i need to review my firewall fundementals "stateful"

Reinstaling and restoring your config will probably be quickest and safest.

Making it a wildcard domain fixed the problems xd

@csharp2a So you only passing through connection to your work. This is absolutely compatible with the pfSense Plus home license, of course. These things were already discussed here some time ago and there is a document from Netgate in the web, which explicitly confirm the compliance of such a use case.

@steveits Thank you for the clarification. I have a ticket in to get my new firmware. :)

Yes, in most cases you can just backup your config and restore it into a different device. pfSense will ask you to re-assign the interfaces to whatever is available in the new hardware and you're done. However there are some caveats! If the new hardware has fewer total interfaces for example you you need to lose some or convert to VLANs etc. If your config contains a lot of sub-interface types like VLANs, LAGG or PPP it can be easier to modify the config manually before restoring it. And if the new hardware has the same interface types as the old device pfSense will just use them without asking your to re-assign which might not be what your want. In this case moving from the 1100 to the 2100 hits several of those points so it's better to modify the config before installing it. But since you bought that from us we can do it for you if you open a ticket with us. https://www.netgate.com/tac-support-request And, yes, it will bring all the settings from the 1100 and packages will be reinstalled. Steve

my isp uses PON, they would not give me the type of sfp i needed to plug in straight to pfsense.

If you choose restart then select rescue shell you can check the install log file to see what actually failed there. It's probably an issue specific to VBox in OSX though (or maybe on ARM?). I've installed pfSense in VBox many times and it works fine. Steve

Mmm, first report I've seen of that. But good to know, I'll be watching for it. Steve

That's what dpinger does for the gateway monitor and you said you tried setting it to 1.1.1.1. That should have logged the outage. When this happens it just restores itself without intervention? Do you have any access to the modem to check the connection or logs? Steve

@stephenw10 Steve, many thanks your attention. My mistake, the backend config. (Http check method) was changed from OPTION to GET, and was resolved.