ok i see

@KOM: become part of a botnet That is something I haven't thought about! But I still see no evidence of any remote attacks on my version of pfsense.

@dotdash: If it's not on the menu, you have to do it through the gui. Anything added from the shell will not survive a reboot/filter reload. Thanks!

I think what is next of that is optional, isn't? Yes and no.  If you don't want your users going around the proxy just by disabling it in their LAN connection settings then this step is mandatory. I haven't worked through aGH's guide.  I use squid in explicit mode with WPAD.  I only use it as a platform for URL filtering, not caching at all.  Everything works for me. Do you see any evidence that https is being processed by squid?

Why are you calling them layer 3 switches if your just using them in layer 2? if you are not routing on them, then they are just layer 2.  what is trying to talk, stuff in the same vlan or between vlans.  If pfsense is routing between the vlans then you need to allow for the firewall rules.

vswitch in esxi can not be layer 3 switches.. They can not route.  And no you shoudn't be using layer 3 switches (downstream routing) in your network unless you have specific need for routing at wirespeed vs control.  And when you do this then you need to connect your downstream routers with a transit network or your going to run into asymmetrical routing issues.

In general it was suggested to white list (snort stuff) https://forum.pfsense.org/index.php?topic=36228.msg186815#msg186815 suppress gen_id 122, sig_id 3 suppress gen_id 122, sig_id 23 I just turned off snort I found that I had to change one additional setting in addition to jdk.tls.disabledAlgorithms. #jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 jdk.certpath.disabledAlgorithms=MD2 #jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 jdk.tls.disabledAlgorithms=SSLv3, RC4 This is for jre1.8.0_73. Edit the Java.security file found \Program Files (x86)\Java\jre1.8.0_65\lib\security and restart

If so HOW do I set it up ? Add another interface in VB, on intnet2 or whatever.  Then in pfSense (you're driving me nuts with pf Sence btw ;D ) you just configure the OPT1 interface from the console.

Best solution I can find, which isn't too bad for regional CIDR ranges, is to just manually update the network alias (which has multiple table URLs) monthly. Not ideal for more frequent lists but works well for my application. Cheers for the help.

@YipYip: Was just wanting to understand that is itt normal that pfsense will or can corrupt itself if you hard reset the box. Is this normal or is there an underlying hardware compatability problem ? (I am running intel i350 and i5 8 gig) I'd say that it's very far from normal but of course always a risk if doing hard resets. Unfortunately I've had many (>10) unplanned power failures over the last 3 years because of initial lack of an UPS and then lately had one UPS malfunctioning several times until I managed to correctly diagnose the issue. I've never experienced any configuration corruption. In my opinion, if you expect frequent hard resets of your firewall that's probably a more important problem to focus on solving than the possibility of the configuration to become corrupted. If it is normal how do you backup/restore if this occurs without too much pain ? I've never had to use it but I'd expect the Diagnostics, Backup/Restore option to be usable.

maybe members of this board,  who are paid employees,  are helping anti block advocates  to assert their view of things…..?

I'm actually doing the same thing as you (almost). What I am trying to do now is have my L3 switch act as the router for the intervlan traffic for 2 of me 3 vlans. The third Vlan however will have to go upstream to the router to have the rules their decide what device it should be allowed to speak with. Does that sound viable?

I realize this thread is a bit old but I am having a real hard time trying to understand how to configure ELK for pfsense 2.3 -p3. I have tried to follow may guides and the ELK server running. When I log into Kibana at http://<ip address="">:5601 to configure an index pattern I do not have the "create button". See the screen shot below. I think this is doe to my logstash config file and possibly the pattern file. If someone could tell me what I am doing wrong or has an guide for configuring ELK with pfsense 2.3, I would really appreciate it. [image: kibana.JPG] [image: kibana.JPG_thumb]</ip>