@gertjan I guess that is the "nuclear" option to the original issue, remove the underlying functionality that caused the log entries to begin with...

@swemattias nic pass though to pfsense is simpler imo. Hardware off loading can also then still be used

Ok, you probably need to use NetFlow data then.

@steve_b I am looking into moving the users and the certificates of the pfSense machines to a dedicated solution. Thanks for the help with this issue!

@slu said in Export CA | Do I have to pay attention to anything?: You mean the CN name or something like this? Yes. Or someones email address etc. Something you may not want public. Steve

So you just need to redirect traffic to them in pfSense? You can just use port forwards for that. That's what Squid does if you set it to transparent mode. Steve

Yikes that is ugly. If it's that badly configured, have you tried logging into that random device with default credentials and turning off DHCP? :-)

@stephenw10 Hi Steve I submitted a post earlier, here https://forum.netgate.com/topic/166622/i-need-to-restart-the-ovpn-tunnels-after-a-pfsense-reboot/2

Read thru most however I have a protectli PFSENSE ( 2.5..2 ) box behind my ISP fiber modem. In the setup i just put in my PPPOE username and password and it set it up and just works. My ISP here in Dubai requires my wan to be connected on a certain port on the modem ( ONT4) Otherr than that it just works and I am not a real technical guy.

Solved this issue. It appears that the most recent macOS update disabled the UART bridge used for serial comms. Re-installed the driver from Silicon Labs and everything is working.

@steveits lol you're amazing :D that's exactly it! Thanks a lot!! Cheers

@mgcsec said in pfsense packet process order: @stephenw10 thank you! and then where are local services/plugins involved? for example Nginx in that chain? NAT=>FW=>Nginx=>NAT=>FW=>Upstream? For some services, yes, this is the processing order. But for others such as the IDS/IPS packages, this is the processing order: IDS/IPS => NAT => FW (for inbound traffic on WAN) IDS/IPS => FW => NAT (for inbound traffic on LAN)

Do that have the same capabilities? Try: ifconfig -vvvma Are those vmxnet NICs the pfSense VM has assigned currently? If not try assigning one to something and see if that responds to large packets. This seems likely to be an issue with the bxe driver or the NIC itself but we need to confirm that by, for example, showing vmx is not affected. Steve

Hi Steve - Brilliant suggestion. Evidently my password manager was pre-empting my updates. Now email works! Thanks, Neil

Aside from pcscd, you should also disable log compression when rotating on there. Given the output from top, it was the log compression that was having trouble keeping up with the rate of logs being written at the time. Status > System Logs, Settings tab, set Log Compression to None.

@johnpoz root cause analysis was suggested in a different forum. Wire shark did capture vlan traffic on port going to ESX host. But pktcap-uw did not capture any on vmnic. Promiscuous mode was enabled too. Switch configuration is correct. Only data point which I still could not figure out is wireshark trace contains icmpv6 but not icmp dhcp discovery. Neither ipv6 is enable on pfsense or unifi.

@rbarden I use NTOP-NG. But nothing is "free" in terms of cpu cycles or promiscious mode on the netcards. /Bingo

thank you

That doesn't seem like a huge number for 5 mins. I would expect far more if you were actually being used as part of an attack. That seems like it could just be a bad DNS server configured. Steve