Or create a dhcp reservation and have those registered in your resolver or forwarder depending on which one your using.. The resolver is default out of the box.

Can't I trap any adware/trojans at a network level using pfSense? Not with PFsense alone, no.  Remember, PFsense is a firewall distro, not a UTM.  Are there creative things you can do to stop the virus from communicating back to its home base?  Sure, like Stewart suggested…e.g. host file entries, DNS entries, domain overrides, firewall entries, etc, but that's not an effective or efficient way to fight an infected PC and none of those options actually resolve the infection. As for using the "Reset this PC" feature of Windows 10, does that mean having to reinstall all my apps? There's an option to keep your files, in which case I believe it will just re-install the system files and keep your apps, but from my perspective… why keep the remnants of a compromised system?  Re-building with a clean environment is your best option IMO.  Having to re-install your apps will still take less time than trying to thoroughly clean an infected system.

To be sure it works with another router, I tried the following: [image: 2upfo1w.png] The 'Debian 8 Fresh Install' is another fresh install of the 3CX server. VLAN ID 0 is untagged traffic going to the Toughswitch, I changed the phone to this VLAN also, and it works. [image: 6pb586.png] The phone shows up automatically. This network is connected to a Edgerouter Lite, with basic configuration. But as you say, the multicast is running on the switch. And about this I found the following: https://communities.vmware.com/thread/470492?start=0&tstart=0 I will try migrating to a distributed switch. The IGMP proxy I already tried (see my first post), but it didn't help.

@Mr: I tried late at night. Then I got 850/100 when connecting directly to the modem and 30/100 when connecting througth pfSense 850 is close enough for now. The 30/100 is very consistent, seems always 30 never slower….??? Hardware/Software pfhttt! what do I know. Your machine. So, back to the LAN or WAN. If you want to try running it in router mode for testing. System/Advanced/Firewall&NAT\ - Try test with packet filter off. Open it up until you figure out bottleneck, takes alot of guess work out of the way. If it speeds up(a lot) you win,search is smaller, if not you still win. If you have 3 nics you can try to isolate one while testing 2 with- Interfaces/Interface Assignments- test different NIC for wan. In router mode this would be easier. Less setup time. Try Wireshark and read the traffic chatter. Compare with best speed captures. It could still be between your pc and pfsense also so check your details for the pc nic connection. On PfSense- Status/Interfaces-any errors or collisions? Wan or Lan. System/Routing/Gateways-add Gateway to get dpinger monitor logs Are all your services running. Check System Logs and gateway log, Resolver, etc. Find the others here some good error logs. ;) Not sure if this is useful advice myself,guessing here. Good hunting.

Excellent- thanks so much! Off to a great start!

thank you.  I will double check and again, thanks! hope some day I will be able to contribute my knowledge with other noobs as myself. :)

It's always in the context of the interface itself.  In means receive, Out means send.  Traffic comes in from the WAN and then gets sent out to the LAN.

Your best shot is to use the packet capture feature on the LAN (at the IP of the phone) and grab a capture of the call.  Then open it up in wireshark and go to Telephony -> VOIP Calls (I think that's where it is).  Don't limit it to port 5060, just grab the whole thing.  In there you can look at the flow and see which side hangs up.  I'm assuming you are using a hosted system and not just SIP trunks.  If it's a hosted system this should give you a place to start.  Also, don't rule out firmware.  If this is the only one of this model you have then you can't really compare it to the others.  All you know is that your rules are likely OK in the firewall but capturing the packets is the next step that I would do.

@pfcode: @johnpoz: my guess would be its something pulling a crl for a digicert http://crl3.digicert.com/sha2-ha-server-g5.crl Is on that IP.. Should I suppress it?  What is pfSense doing to issue a connection to this IP? Like already noted it's pulling a certificate revocation list (CRL) to update it in case the certificate has been revoked for whatever reason. You should be able to make your own call if you want this to happen or not.

its a smart switch, I have plenty of ports left I'm just trying to get the most out of my network with the least amount of trouble. I want to keep the same subnet for all the ports on the pfsense box so all of my network can see everything but my guest. I have the guest access part figured out, my one airport will have the guest access turned on. that same access point I want to be able to throttle the bandwidth, my other airport access point will be wide open for bandwidth. my switch I have setup into four groups of 6, one group does one 4 port card in my ftp server group 2 does the other 4 port card in that same PC, I have 3 NAS's on the 3 group, and the last group has my pfsense box and wifi access points. my network is probably broke up in a bad way but it does work for now I would just like to simplify it and have better control and network information. im not all that great on networking but I can get around and figure things out. one thing I don't know is vlans, are you referring to port bridging?

@webtyro: Possible issue? https://forum.avast.com/index.php?topic=160822.0 The post date was 2014 and now its 2017 and avarst still have this problem  ??? Thanks for the link it help me out, if I want there avast cert installed I think I will have to go to the avast forums to get a little more information on how to set it up right. @doktornotor: Remove Avast. Alternatively, at least disable the horrible SSL scanning "feature". I disabled the ssl in avast but when I clicked on web config page to log in it asked if I should "continue anyway" I clicked on the cert this time not blocked by avast and I installed the CA for pfsense so far it is working fine Thanks webtyro and doktornotor for your help.  8)

You emailed us 27 Jan.  Obviously(?) we received it.  Today is 30 Jan, and there has been a weekend in-between.  Your "I've emailed core team but no response yet." from early this morning doesn't seem to be, to use a British idiom, "fair play". We don't block specific prefixes. Things seem to (nominally) work from here: [jim@nfs4 ~]$ traceroute 185.184.156.1 traceroute to 185.184.156.1 (185.184.156.1), 64 hops max, 40 byte packets 1  fw1-office (172.27.32.2)  0.227 ms  0.200 ms  0.124 ms 2  gw1 (208.123.73.2)  0.290 ms  0.409 ms  0.354 ms 3  rrcs-67-78-98-145.sw.biz.rr.com (67.78.98.145)  0.717 ms  2.274 ms  0.724 ms 4  ae15.AUSUTXLA02H.sw.twcbiz.com (24.73.240.204)  8.199 ms  3.823 ms  7.968 ms 5  agg50.ausxtxir02r.texas.rr.com (24.175.43.183)  7.420 ms  7.531 ms  7.598 ms 6  agg22.hstqtxl301r.texas.rr.com (24.175.41.48)  13.863 ms  14.521 ms  10.416 ms 7  ge-2-1-0.a0.sea90.tbone.rr.com (66.109.1.218)  10.919 ms  13.587 ms  7.981 ms 8  * * * 9  ae-129-3515.edge6.London1.Level3.net (4.69.166.73)  106.627 ms  105.456 ms  105.546 ms 10  rtr-152-3356.cdc.custdc.net (109.74.255.84)  107.226 ms  107.149 ms  107.148 ms 11  rtr-151.cdc.custdc.net (109.74.255.241)  108.249 ms  107.081 ms  106.825 ms 12  mai-core-rou1.vooservers.com (109.74.246.106)  106.870 ms  106.711 ms  107.065 ms [jim@nfs4 ~]$ ping 185.184.156.1 PING 185.184.156.1 (185.184.156.1): 56 data bytes 64 bytes from 185.184.156.1: icmp_seq=0 ttl=239 time=107.213 ms 64 bytes from 185.184.156.1: icmp_seq=1 ttl=239 time=107.341 ms 64 bytes from 185.184.156.1: icmp_seq=2 ttl=239 time=106.871 ms ^C –- 185.184.156.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 106.871/107.142/107.341/0.198 ms [jim@nfs4 ~]$ ping 185.184.157.1 PING 185.184.157.1 (185.184.157.1): 56 data bytes 64 bytes from 185.184.157.1: icmp_seq=0 ttl=241 time=37.913 ms 64 bytes from 185.184.157.1: icmp_seq=1 ttl=241 time=37.818 ms 64 bytes from 185.184.157.1: icmp_seq=2 ttl=241 time=37.710 ms ^C I'm having staff contact you for more details. Jim

@NOYB: Re: Install Wireshark on 2.3.1 https://forum.pfsense.org/index.php?topic=112719.msg627778#msg627778 Remote Packet Capture https://forum.pfsense.org/index.php?topic=89917 Re: Wireshark on WAN https://forum.pfsense.org/index.php?topic=123836.msg683895#msg683895 Thank you NOYB

Thanks Stephen I appreciate the clarification as well as the suggestions.  And thanks for your work as I am still able to use your script in most of its capacity.

SOLVED! The issue was my ISP, they had problems down stream and after a month of fighting with them they finally worked on the lines in my neighborhood and it fixed the issue, thanks to all who helped.

@kpa: Pretty sure he means the "pass" option in the filter rule association selection box. This is on 2.3.2-RELEASE-p1. I would just use the associated firewall rule and forget the pass option exists. yes, thats what i mean, sorry i thought it was obvious.

I still use the machine for other purposes (file server, Plex, etc), so when I bought it I thought I would be able to setup PFsense in a VM for a powerful router as well. When I bought the server, it came with the extra NIC card so I thought it would act just like more ports in the back like any other router. Guess I was wrong on that haha. There are some people who try to utilize extra interfaces by bridging them together, but it's not recommended and you'll pull your hair out trying to get it working.  Not to mention, it's not going to perform like a dedicated switch. So, what can you do with extra NIC's on your ESXi host?  For home use, I would say people typically utilize them for other VM's.  There are a bunch of options for extra NICs… including, but not limited to: Manually load balance your VM's between the extra NIC's NIC Team the extra NIC's and allow ESXi to load balance the VM traffic for you Dedicate a NIC for iSCSI traffic to a NAS or SAN If you have multiple ESXi hosts,  you can dedicate a NIC for vMotion traffic

Hi all I have been running into walls trying to install this, and I don't now if it because of my lack of FBSD knowledge or its pfsense not have some need packets installed that I need. I have read this tut on how to add a new user.  "Note the only thing I changed in this tut was the password". Link: https://www.digitalocean.com/community/tutorials/how-to-add-and-remove-users-on-freebsd I did that and named it netdisco like the netdisco installer says, but when I try the netdisco create user steps in Dependencies it says: Dependencies Link: https://metacpan.org/pod/App::Netdisco#Dependencies ========================================== #useradd: command not found %wheel:    Too many arguments pw:            unknown keyword 'groundmod' #:              command not found and so on… Is it me? or are there packets I have to download to be able to use these functions? Any help I would be ever so great-full.