@JKnott: It seems to me you should work on fixing your network, rather than trying to make things work in a way they weren't intended.  Get the PBX and phones on the same network and you'll solve your problem. Actually, I'm still satisfy with current network which work with captive portal for LAN and WiFi. Put all in same range may not what I looking for, at least for now.

thanks for the fast reply. got some research to do know about nic's now.

@Unpleasant: I see the pattern here, I haven't set up IP's for the other interfaces except LAN and they work correctly. Well it's much easier to help people if they don't mask the important data in the screenshots. Good luck with the switch, when it comes to performance it's always the better choice.

@Vaibhav1: Trying to block the IP using FauxAPI. Your best bet is to talk to the author of it, as this isn't an official package.

Im not sure I know what you want to do, at least you could provide more details. Using MySQL with Radius is a convenient and fairly easy method to handle users (I handle around 250 users that way). Neither MySQL nor Radius generally requires a very powerful CPU (compared to more CPU intensive tasks), since I/O performance is often more important.

Not sure if this is helping or not. I go on to my modem and forward all traffic using DMZ to my pfsense WAN IP.  This then allows pfsense as your firewall and your router / modem just passes information through. Mat

We noticed that some of the CARP interfaces on the secondary firewall were showing up blank on the status page.  On the dashboard page they showed the correct icon for "backup" but were simply blank. We ended up rebooting the secondary device and so far the warnings have not showed up again on the primary device. There have been a number of odd issues with the secondary device and we're starting to suspect a hardware issue (RAM, or disk potentially).  I'll post any updates here in case somebody runs into a similar issue.

Nice run time! Last machine I ran updates on had 102 days on it, but then had to reboot it for the update  :'(

The problem was the wireless connection of WAN interface. Today I bought a 10 m cat 5e ethernet cable and made a wired wan link. EXCELLENT results, no logs about wan link up/down, 5 hours with no crashes (x86 firewall) at all and almost no suricata alerts. It's amazing! Next task, upgrade hw to x64 and go for 2.4.2p1 version. Thank you all for the help Jami

Thank you for the link, even has 2.4 GROK patterns!  Much appreciated.

" -LAN 100.1.1.200/24" So your NetRange:      100.0.0.0 - 100.41.255.255 CIDR:          100.40.0.0/15, 100.0.0.0/11, 100.32.0.0/13 OriginAS:      AS19262 Organization:  MCI Communications Services, Inc. d/b/a Verizon Business (MCICS) Or this /24 has been routed to you by then?  Why would you be using public IP space like that if you don't own it.  Or is that suppose to be a 10 and you just typo'd it a bunch of times?

in vmware have you changed the vms network interface to point to the new dmz vswitch ? also have you run the ethernet cable direct to the esxi servers interface or via a switch because if this switch carries anyother traffic ie non dmz traffic youll want to vlan the two ports to segergate these or run it on a seperate switch or direct cable ?

hi there unfoutuantly i have the same issue as you and have been trying this lately but also am having no luck on the upside (if you can call it that) i can have the vlans working ssid assigned, so not radius assigned but one ssid per vlan and this all works here as i have it now basially the differences between our setup and yours is such i have a dedicated interface on the pfsense for vlan trunk seperate to my lan interface to main switch (also handles the vlans) so pfsense to switch two cables one lan one all vlans as a tunk port (i did this as the pfsense is routing to and from lan to vlan and wanted some more bandwidth the in the unifi i have the ssid set to vlan as you do and on the switch config the vlans are set on the ports bettween aps and pfsense as tagged vlans one las this reading around it looks like you do not set the vlan id for radius assigned vlans i noticed that in you config you have an ssid with a vlan hope somehow this helps or someone comes along to put us both right ill keep tinkering in the meantime one thing i did find on the subject though is this :- https://community.ubnt.com/t5/UniFi-Wireless/I-need-help-setting-up-dynamic-vlan-assignment/td-p/1661658

I've done something similar with all my IoT devices. But I've gone a bit further: All of them are in a VLAN having any outgoing traffic to any other network (WAN, LAN, etc.) rejected by default. Only my defined list of rules are allowed. I've even redirected all DNS queries to pfSense (NAT TCP/UDP port 53 to 127.0.0.1), so they can't even use any freely chosen DNS server like Google Public DNS. All DNS traffic is sent to pfSense so I can log DNS queries and find out which hosts they are trying to reach (and maybe open them in the firewall if required). In my case I'm using Ubiquiti UniFi Access Points which allow to create multiple WiFi networks with different VLANs, so even wireless devices can be restricted to a specific VLAN. 8) I'm not sure whether that is going to work with DD WRT.

"Windows domain, then the domain is added automatically" that is a simple search suffix, and all OSes can be setup to do that.. But its not going to do it in your browser.. It would be done on the dns query.. There is zero reason to put in just a hostname for a cert.. .Try an get a CA to sign off on that ;)