@stephenw10 Good tip, thanks!

Ah, nice result! Yes so normally the interfaces inherit the MTU from parent. Doubly here since you have VLAN on a LAGG made up of real NICs. So in order to allow you to set an MTU pfSense applies the MTU to the parent interfaces and their parents which results in all the subinterfaces also having that applied. Steve

@m0snr Well you should be able to just look at the status of your interface and get a total counter in packets which would give you a hint to if you moving any amount of data... Keep in mind there is a quality check that would be running, it defaults to zero data.. But still something moving back and forth that could use up your data.. In/out packets 356808060/343365930 (388.44 GiB/339.52 GiB) In/out packets (pass) 356808060/343365930 (388.44 GiB/339.52 GiB) The monitoring graphs will show you bit rates over time.. And the package "Status_Traffic_Totals" is prob of interest to you. [image: 1638213149706-data.jpg]

Currently pfSense Plus is only available for Netgate appliances. There will be an announcement when that changes. Steve

Yes, there is nothing included in pfSense to do that. You might be able to add something custom for SSH connections to add that but not for as direct console connection as far as I'm aware. Steve

For the KVM switch to not cause what you are seeing it must continue to emulate the KVM when switched to other clients. You likely have a KVM switch that does not emulate the KVM, when you switch the KVM to another host the KVM simply goes away causing FreeBSD to see the hot plug event. If you want to test this theory unplug and re-plug the KVM from pfSense with it selected and see if you see the same behavior.

@mynetworkrocks said in Suricata Unix Socket: @bmeeks A quick question - looking at the config I posted do you see anything i need to adjust to get this to work? Sorry, but I don't use telegraf. The configuration coding for that option was provided by a Suricata package user, and I just incorporated it into the next release of the GUI package. There are some older telegraf threads in the Packages sub-forum here. You might find some answers by searching in those.

@jt40 I have ran content filtering and security for multiple companies over the years - I know exactly what they do an don't do ;) And how they do it and what they can do.. And MITM is a can of worms that many will not open - that you take it upon yourself to do it - with a company that has had questions, and is banned in some countries on gov type computers.. Filtering where a user can go is simple enough to do with explicit proxies having to be set without having to break the end to end encryption of the ssl connection. I don't have to peek inside your ssl connection to block you from going to xyz.com or allowing you to go to abc.com via https. Well you do you..

@pukoid said in Memory consumption: No, it's not pcscd. Stopping it in services changes nothing. Maybe I'm wrong, but in my case it need 30-60 secondes after stop the service... Edit: See it after posting /usr/local/bin/vmtoolsd is your issue.

@stephenw10 Thanks Steve, I'll try the cronjob.

@stephenw10 Diag > Command Promt and rm /tmp/notices sure did help. Thanks - case closed! (Decided to put my UDM in first place and then use my pfsense to protect a subnet behind this. I like the pfsense more but it's not a wifi-router so...)

Mmm, well that's something else. I'm not aware of anything in particular that might cause that. Check the Squid logs. What are you using Squid for? Steve

@steveits said in pFsense HD Corupt?: @mynetworkrocks re: your second question I've seen that in a few cases. Try restarting (which it sounds like you have been doing...?). @SteveITS - yes that is what I was doing, I was rebooting it a few times to try figure out what was going on. It seems like something got corrupts on the M.2 drive that I have installed on the XG-7100 and the brought the whole thing down. I have now installed the latest version on the MMC drive and going to use that as a backup. I will be reinstalling on the M.2 drive. @stephenw10 Thank you I did and support was excellent they pinged me a image download within a few minutes. On the MMC I had to go to 2.4.5 first then to the latest version. I will keep that as a "live" backup, I will reinstall on the M.2 with the new image. Thank you for all the replies!

It's normal to see that a few times and the number of times depends on the drive. It may not actually be stopping there. That's the last thing you see if you have dual consoles enabled, and the other one is set as primary, until boot completes. I would guess it's set as serial console primary and it lost a NIC when you removed it so it's now waiting at the interfaces assign screen but you can't see that. Try forcing vidconsole: https://docs.netgate.com/pfsense/en/latest/troubleshooting/boot-issues.html#booting-with-an-alternate-console Steve

@bmeeks said in Anydesk does not work: but frequently users think they can just go through and enable everything haha - yeah no clue to what any of the rules mean - but clearly the more rules I have the more secure I will be.. And lets just start of in blocking mode ;)

Port 80 was disabled in rules and Nat. As soon as I enabled them, the certs renewed successfully. Thanks for pointing me in the right direction, much appreciated.

Hmm, weird! Take the win and move on.... Steve

@cool_corona sure!

Aha, nice!

@stephenw10 I found that odd too. I'm not by any means a networking professional - I'd consider myself an advanced beginner, but I do not understand why that port was locked into vlan 10 or how was vlan 10 chosen for devices on that port...