The easiest way around this is to create an alias called ProxyExempt for example, and then add all clients that you want to that alias. Then add a firewall rule just above your tcp80,443 block that allows ProxyExempt out on those same ports. That's how I do it: [image: 1571324859001-untitled.png]

Hello Steve Systems Activity page.......[image: 1571293261896-screenshot-from-2019-10-17-11-34-07.png] Packages are......[image: 1571293306219-screenshot-from-2019-10-17-11-33-41.png] System information....[image: 1571293375875-screenshot-from-2019-10-17-11-34-26.png] And bandwidth is 20MBPS unlimited.

In 3.5 years here at Netgate plus a long time before that I have never seen a situation that required Static ARP to fix.

What pSense version? What browser? What OS? What error are you seeing? More info needed. Steve

Do you just have a port open on your WAN to allow access the webgui? A port forward? Are you accessing it by IP directly or by FQDN? Is the Cyberoam device known to you? How is it connected if so? Steve

Ah, then that's almost certainly the cause! In environments where it's not possible to guaranty the power you can set /var and /tmp as ram drives. That minimises drive writes and hence the chances of filesystem issues. That's a setting in Sys > Adv > Misc. It does require rebooting to set that. Steve

Unless you have fiddled with gateways groups and failover, it will not fail over if WAN2 goes down.

@Derelict said in What is best practice for my scenario: @JeGr Thanks for the laugh! And yes, as @Derelict and @stephenw10 already stated, try getting them to route your subnet via a transit network. Sometimes one has to be very stubborn and persistent about it, but it pays off with any kind of box behind it to be far easier configuration-wise.

so I have chosen one that would turn the bars green, will they change color as the situation nears criticality? I don't want to run up my router to find out.

@stephenw10 said in pfSense behind 4g router: Right so if you use pfSense instead of the local computer you use currently you could create a VPN to the VPS from it and forward ports across it. Exactly. Permit rapid tunnel creation, their activation / deactivation and the possibility to control their states and an automatic reconnection (autossh) in case of disconnection. It is a quick way for a webmaster to allow access to these self-hosted site under development to be tested by his client for example ... The MobaSSHTunnel software under Windows does that perfectly!

@revengineer @johnpoz Good to know, thanks.

They are pretty good. Ask them what is required.

@stephenw10 i have not been brave enough to test it. I just assumed that having both squid and HA proxy was a bad idea. Will give it a try today and see how it goes.

@riahc3 First off, what your phone can do is irrelevant. It's what the actual equipment you use is capable of that matters. However, you're not going to get anywhere near 1 Gb with LTE, no matter what you use.

Spam thread. Lifted from here: https://www.reddit.com/r/PFSENSE/comments/dfbts6/unbound_dns_secondary_dns_zone_for_ad/

Yes, it would be very similar but possibly easier since in the default configuration the SG-3100 does not require vlans, laggs and switch config. Of you just have the default 3 interfaces you should just be able to import the config and re-assign the interfaces. Steve

You can do it within pfSense: https://docs.netgate.com/pfsense/en/latest/monitoring/performing-a-packet-capture.html Steve

You mean using the Freeradius package in pfSense? If you want this purely as a radius server you should use something intended for that, not pfSense. Steve