@michmoor concur - if the IP is what his ISP gave him - time to ask the ISP why its showing as a VPN and has such a horrible reputation.. Might be time to change ISPs as well.. I checked a few other reputation sites, and not seeing the IP he connected to the forums listed - but that one site I linked to above - sure doesn't like it.. Gives it a really bad score, says its vpn/proxy and and high risk, says listed on spam lists - but if I check spam lists I don't see it there, etc.

@stephenw10 I did some more reading and it appears they provide an unmanaged switch that connects to the ONT, but customers are free to use their own switch. Of course 10 Gb switches are expensive. I'm going to ask about lower bandwidth connections.

OK, just setup the DNS Clustering on the Azure box to the Almalinux box and that worked. So it's either a failure of the API key or the internal IP range issue.

@steveits Thank you so much Steve for thinking outside the box and replying back, very nice of to go out of your way.

No, there is no port knocking implementation in pfSense. Yet. There is at least one open feature request: https://redmine.pfsense.org/issues/8547 Steve

You can't route via a gateway group and you can't set a metric on a route directly so using dynamic routing, like OSPF, is usually how this is done. You could just use policy routing if the PA can do some sort of reply-to to make sure replies come back over the same link. And if you only need to open connections toward the PA. Steve

@barth https://docs.netgate.com/pfsense/en/latest/development/feature-requests.html#requesting-new-pfsense-features

@jbeez fixed... definitely user error. I was restoring a filter.inc from a prior version. Restored the proper one and its good to go.

@tyler_rm your links vs just posting the image here is a bit off putting for someone wanting to help. Here is a post I did year a go or so on how to validate if avahi is working. https://forum.netgate.com/post/1003226 I personally am not a fan of breaking the L2 barrier like this - but in the link I go over how to actually validate if its working or not, etc. Hope that helps.

@stephenw10 This worked thanks guys!

Go to Firewall:System -> Advanced -> Firewall & NAT: Firewall Maximum Table Entries value of "800000"

@denverdesktopssupport Sounds like you'd be interested in Zabbix? https://www.zabbix.com/integrations/pfsense

@tyz Also if you want to know when something is down etc - setup a external test. status cake or uptime robot allow for free testing. I get alerted if my plex server goes down for example ;)

If the NIC/driver doesn't report it the OS has no way to know. Usually they do but SFP modules introduce a lot more variables and sometimes it will link fine but not report a speed or report as 'unknown'.

@johnpoz and that's the edited version! :D

@jarhead thank you! after several tries and errors i am less confused now :)

In System > Advanced > Misc you need to set Skip rules when gateway is down. Otherwise the pass rule is still created but without the VPN gateway set when it goes down. Hence the traffic leaves over the WAN directly. Steve Edit: What Bob said!

If it's a VM you should be able to see the memory use in the hypervisor. But you can also see it in Status > Monitoring in pfSense directly. Steve

Is it actually pulling a DHCP lease correctly? Showing a valid gateway? If the WAN shows as UP but you cannot connect out on it you may have a bad lease there. A cable modem handing out private IPs for example. Steve