You're welcome glad you get it working

No worries. It's an interesting script but it's old and clearly needs some tweaks for a current pfSense version. All of your CPU time to create random PIDs seems extreme!  ;) Steve

Your rules are kind of a mess. Is this problem only happening for users on VLAN13, or is it everyone?

Hi. Did you enable enable Transparent proxy and SSL filtering? Just in case follow the instructions in the following link. https://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-tutorial

I don't see how this is a bug when it clearly says The last SAVED values will be used, not necessarily the values entered here. Directly below the TEST button.

https://forum.pfsense.org/index.php?board=62.0

"only licensed…"  is an outdated view.  Plenty of corporations these use Linux in its many flavors to run their stuff, AS LONG AS there is a competent in-house IT staff.    "only licensed..." tells me, "if something goes wrong, there is somebody we can blame."

A wan is going to be any interface that can be used to get to other networks.  You can nat or not nat to this wan connection.  As mentioned already you have an asymmetrical problem putting this "wan" network of pfsense where there are devices.. If you want networks behind pfsense, and you want a "wan" network that will be used to get to networks not behind and directly attached to pfsense then this network should be a transit network.. Thats fine if all of these networks all connected physically on the same switch, you just need to make sure you break that switch up correctly at layer 2 to provide isolation. Your going to run into asymmetrical problems as well if you just put all your networks behind pfsense on "lan" networks directly attached that use different gateway to get off their network other than pfsense.  You would have to do host routing on every single host, etc. Connect this pfsense to either your layer 3 or your edge with a transit network and correctly route..  Any network your going to put behind pfsense like this 192.168.100 should be isolated on their own layer 2 and use pfsense 192.168.100.x as their default gateway.

There is no mechanism to do that automatically. You'd have to create a script to do it from scratch, using the certificate functions from /etc/inc/certs.inc and probably copying some code from the certificate management page.

yeah sure no problem.. Do you have switch(es) that support vlans?

Fantastic, setting the vlan id 4095 on the WAN port group solved the problem. Thank you for the assistance, highly apprechiated. :)

Since I'm using pfSense as my DNS server (behind a PI-Hole blocker) I have the pfSense DHCP server pass out the preferred NTP servers so I don't have to go to multiple systems to tweak them. A couple boxes that have static addresses assigned do have the NTP servers defined in their config and do need individually tweaked which is much more aggravation than the DHCP option. I use the FQDN here too, that lets me easily move a server to a new IP if I decide to rearrange my IP assignments. Every step you automate is one you won't forget to do and get a 2:00 AM call about!

@MeeleIkon: From what I gleam from your post, you have a server that you want to access remotely however you have security concerns on having open ports. You wanted to use OpenVPN but it is blocked in your country. You tried to use IPsec as a replacement and it is not working. I run all of my LAN Traffic through VPN client on Pfsense, except for one server that I route through WAN so it won't eat up bandwidth on the VPN connection. VPN use isn't illegal they just make it very hard to access, until recently ISP would only throttle OpenVPN traffic, now all OpenVPN traffic is being blocked. So I switched to using IPsec which I know doesn't allow for policy-based routing on pfsense currently.  So I'm am looking for solutions to allow me to route LAN traffic over IPsec and keep the server on the WAN. I'm willing to buy new hardware if there is something out there at the enterprise level that will allow for this kind of thing. I didn't want to start blindly buying things, I hope I have made the picture a little clearer. Thanks

They are not in a database. They are in the config.xml file at /cf/conf/config.xml. You might be able to create one, get the XML format, and then script the creation of other entries then insert them but, all in all, you are probably looking to do something that is outside the scope of what the aliases are designed to handle at present.

That's an arp table maintained withing pfsense.  It's not the arp cache as used by freeBSD.  Go to a command prompt and enter the command "arp -a", which will show the contents of the arp cache.  If a host name is there, it's because something did a host lookup on the IP address.  An arp cache is used when trying to reach an IP address on the local net, by providing the MAC address for it.  A host name has nothing to do with that function.