Odd. Perhaps now would be a good time for you to take a full backup, and reinstall from scratch, then restore from your backup. Cos something sounds a little messed up..!

Pulse Secure is a proprietary ssl based vpn, no pfsense would not connect to it…

@jimp: It looks in the PPP log and finds the connect time and then calculates. https://github.com/pfsense/pfsense/blob/master/src/etc/inc/pfsense-utils.inc#L1472 That's a clever way to do it! Thanks for the pointer.

Fixed the font for you, it was unreadable.

I don't believe I am. I originally built the pfsense rig for load balancing. Since then gigabit fiber came thru and I haven't needed to load balance anything. The tech came out and changed the ONT and since then I haven't had a drop off.

I had this same issue a few times and the only way we could remedy it , was by reinstalling pfsense back on the unit and we had the configurations saved on a server then loaded that config file and that fixed it. Just so long there are no hardware issues with your device.

What NAS hardware would you recommend? Or perhaps NAS+pfsense? Or even NAS+pfsense+ADSL router?

A better way of protecting your network against malware would be pfblockerNG with pihole lists, that  blocks domains that contain malware, including ssl domains. Here is a great tutorial https://www.youtube.com/watch?v=QwFpMwXEK5w&t=1100s

Thank you, I was just getting back to this. Your explanation mades perfect sense. Thanks for the clarification. Now if I can figure out the answer to my DNS questions over in the DHCP/DNS group I should be good.  ;D

@Phonebuff: Is the team working on some issue , or is just that ipSec is not getting an love these days ? The forum is community support. So there is no guaranty that you'll get help. If you want direkt help from the pfSense team you'll have to go here: https://www.pfsense.org/get-support/ and pay up.

@Derelict: Why wouldn't you just use a switch with a mirror port there and do whatever you want with the traffic? Wireshark, tcpdump, etc. Certainly easier than trying to be transparent with a proxy. You don't need to hammer a square firewall into that round hole. This or a LAN TAP such as a Throwing Star LAN TAP

I've narrowed the issue to Suricata on the LAN Interface, can a mod please move this thread to the relevant section? I've disabled Suricata on the LAN interface, and it appears to be working fine now, what gives?

Thanks for the responses everyone.  I went back and tried a different NIC and it works.  The Intel 1219-LM NIC is the issue.  I installed Intel's ANS driver software to enable multiple VLANS but it doesn't work correctly.  It even blue screened my Windows 10 Lenovo P51 at one point.  The Intel driver software at the URL below supposedly should allow multiple VLAN assignments on Win10 using the Intel 1219-LM NIC but I'm not having much success. Intel ANS for Windows 10: https://downloadcenter.intel.com/download/25016/Ethernet-Intel-Network-Adapter-Driver-for-Windows-10 I ended up testing with a Plugable USB3-E1000 NIC and specified the VLAN and it worked.  I'm currently working with Plugable to see if they have driver software similar to Intel's ANS so that I can assign multiple VLANs on the same NIC.  If anyone knows how please let me know.  I am using a Plugable USB3-E1000 running the latest drivers.  Plugable had me install the latest driver software located at https://plugable.com/drivers/asix/windows/latest/  but I still do not have the ability to create multiple VLAN's via the Plugable adapter's settings menu.

@captainjackla: I am running 2.4.2 version.  I would like to setup 2 subnets, such as 192.168.1.x and 50.x. Do I need 2 LAN interface cards?  And If I get 2 subnets working, can they still communicate to each other?  Such as connecting a PC or Mac to a printer? Thanks. You either need another dumb switch to hang off an additional interface on the router or you need a VLAN capable switch and create vlans on pfSense and your VLAN capable switch. I carry 6 networks on one interface using VLANs. https://forum.pfsense.org/index.php?topic=142930.msg779126#msg779126

You can achieve this by bridging WAN and LAN interface. But this way you can only use the public /29 subnet on LAN. pfSense is still able to filter traffic, but not to forward anything, of course. If you don't have special reasons for bridging it isn't recommended.

@johnpoz Yes we can take 2 connections from same ISP. My doubt : Since Its a broadband connection 150 Mbps dn & up both ways ,  the contention ratio  is expected to be  1:16  & having same gateway  unlike  a Leased Line Connection  with contention ratio  1:1  or  1:2 . Are  there any issues  that you perceive    &  foresee to crop up . . . ? regards, Ashima