@droidus said in Snort Inline IPS Speeds: @bmeeks It is the Protectli FW4B - 4 Port Intel J3160. I have 8 GB RAM total. That hardware should easily do much better than the 10/10 you said you are seeing. I can already guess your next question, but sorry, "no, I have no idea why you are not seeing better performance" ... . That slow throughput is certainly not the case with many other users here on similar types of hardware in terms of capability. You will likely never get line-rate Gigabit traffic inspection with Snort unless you have a screaming fast CPU, but you should get better than 200 Mbps with most hardware.

@marcosm They are not totally separate. It is physically impossible to turn off the the VPN service in the OpenVPN area unless you delete the VPN interface in the interface area. I was told this was done to prevent unwanted behavior but I was suggesting that it be changed to where disabling the interface is all that is needed to be able to turn off the OpenVPN.

@stephenw10 The problem seems to have disappeared, only change done was is pfBlockerNG set the DNSBL Mode to Python Mod. After the change no more errors with Autoconfig Backup. Thanks for you support.

@deanfourie Yes.

@stephenw10 If I can apply further information, I'd be happy to help

@treestomp said in Monitor Outbound DNS requests: does DoH/DoT still have an effect or it's encrypted to the VPN anyway? Nearly all traffic is already TLS these days, so VPN "to protect your data" is not needed. The exception is of course classic DNS traffic. DoH is more a DNS generated by the end user client's application : even your router, pfSense, can't "see" it. pfBlockerNG can only block it, if it's a known DoH endpoint server.

@viragomann yes I prefer certain VPNs for work or personal. I do it via having different interfaces so all the firewall rules switch at once. However, it's annoying to switch DNS settings as well I am/was struggling to get it to work via Gateway Groups. Do you know where I can find more on this because the official Netgate documentation only elaborated on setting up the proper gateway, not changing

@nevolex Thanks for the update, glad to hear it's fixed!

@tibere86 Create a file called "loader.conf.local" in the /boot folder. That will stay between reboots. I use WinSCP to attach to the FW and create/edit because it's easiest for me.

@deanfourie Start here : Upgrade Guide. This page will lead directly to other pages with solution.

@1eo How should you get the WAN IP? DHCP or PPPoE? What shows pfSense in Status > Interfaces for WAN? What shows pfSense in Status > Gateways? What tells the system log?

Mmm, but if you are putting the LAN and OPT ports in the same subnet (like a 2 port switch as you said) then the OPT interface is no longer required.

@jollycloudycheergoose as mentioned, keep everything simple to start with just to make sure things work as intended. Then you can start to tweak things until they are set up as you want them. Importantly, pay close attention to what you change so that you can revert if things don’t work right. We’re more than happy to help and I don’t think any of us means to beat you down. There IS however something to be said for posting a problem you are having and asking for help, rather than declaring that pfsense is broken. 95% of the issues I see posted on the forum end up being user config errors or misunderstandings in how things works, though many users like to blame pfsense right out of the gates. Best of luck on your technical journey. Hit us up as you go!

@jollycloudycheergoose said in pfSense ruined my non-pfSense router: why it isn't working when alternating If your cable modem - and you change the "rouer" or pc connected to it - you almost always have to power cycle the cable modem.. Because the mac address has changed.. Unless you clone the mac of the devices so they are the same.. Cable modems don't like it when the devices mac connected to them change.

@TheRAt , @johnpoz Enabled 2FA and configured the app password. Entered the app password into the Notification E-Mail auth password field. It now works. Thanks for the direction. I appreciate it.

You have to set the Level of Detail higher to see MACs displayed. Note that doesn't change what is actually captured, only what the pfSense GUI shows you. Steve

Could be stale states somehow. Try clearing the states if you haven't already. When you bypass pfSense and that allows it to connect what exactly are you doing? You have a wifi network that bypasses it? Do you have IPv6 on your network? Steve

What config are you importing? What version? From the same hardware? When you import the config via the gui the config upgrade scripts are run against it. If you need to import a config I'd recommend using the external config locator via USB (if you're local to it). https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-using-the-external-configuration-locator-ecl Steve

@stephenw10 I managed to fix the problem, but it seemed haphazardly. I tried installing pfSense 2.6 by DVD only to realize that the previous memstick method did install the firewall OS despite no OS found rebooting the computer. Then, booting from the DVD would start and hung on synchronizing user. So, I made sure that the bios were set to legacy mode and CAS was disabled then booted the computer. This time it hung on CSM; so, I powered off the computer and reboot again and select single user mode and created the file as you had instructed: echo 'kern.geom.part.mbr.enforce_chs=1' >> /boot/loader.conf.local It then completed the boot up, and I could restore backup configuration. We'll upgrade to version 22..5 when my friend return from vacation. Thank you Steve.