@keyser New installs of CE use ZFS. The boot environment GUI is in Plus.

@johnpoz I only need internet on the WAN(that I have) and Management subnet(don't have), nothing else. The rest of the VLANs will only connect to interfaces on the same subnet. They should not connect to other VLANs(that is the point of me using pfsense. and having more VLANs and DHCP per subnet on my network).

I got it working. The system was locking to a MAC. Once I spoofed the old UTM firewall everything just started working. Monitoring is still failing, but I can live with that. What I don't understand is why it refused to allow the new MAC from the pfSense, when I was able to plug in a laptop and a Linksys WRT without needing to spoof the MAC. Thanks to everyone here for the quick responses.

@tobornimda said in Outbound NAT not working: Internet provider gave me a list of IP's from a different pool that will route out of my original gateway. I created a Virtual IP / Other / WAN / Network. Put the IP pool in with /27. If these additional IPs are not routed to your primary WAN IP by the ISP, you have to add each single IP out of the /27 subnet as a virtual IP to use it on pfSense.

@jknott that's right, but is comes with some linux distos as a boot menu option which is rather handy

In addition to a fresh install, I would consider any secret that touched that firewall to be compromised, including the admin password. Make sure you change everything on there. Passwords, VPN keys, anything considered private/secret. See this recipe for ideas: https://docs.netgate.com/pfsense/en/latest/recipes/changing-credentials.html

@steveits Thanks! I did some more testing and the CoDel rule seems to work fine. Bufferbloat still gives nice scores. So I'll keep it like this and see next week for some real-world tests. Thanks for the fix!

@stephenw10 Thanks for the reply. I forgot to mention I did iPerf tests between 10GB > 1GB nodes and the router - all got full speed. That being said, I think I've found the issue. The MikroTik switch is the problem. I am running it in SwitchOS mode, but when I change to RouterOS everything works as expected. So I'll open a ticket with them. I appreciate the help!

If some client was hard coded to use DoH then and local filtering/redirecting would not apply to it. However if would still be routed the same as any other traffic from that host so it should work OK. Steve

Please leave feedback on that bug report if it works for you.

@dstacey147 said in Slow Speed between subnets in one direction only: I know that explaining an issue to someone else often makes you realize yourself what you haven't checked QFT!!! That is quite often the case for sure!! I see it all the time on troubleshooting calls.. Laying out the details, and having to go through what you have done - quite often pops something into your head, oh shit I didn't check that or this.. Glad you got it sorted..

Directly replacing that file should only be necessary if you're unable to see any repo branch. In most cases you should be able to switch to one of the other branches, an updated pfSense-repos pkg will be pulled, which you will see logged, and that would repopulate the files. Steve

As long as the main gateway has come back up any new states would created via that. So, yes, I would expect it to failback.

I'm not sure we have any specific documentation for that but it should be as simple as configuring the LDAP module, which is included. Steve

@stephenw10 thanks, seems ntopng was heavily spiking a minute ago. I have removed it and will monitor what happens in the next hours.

@cloudless-smart-home said in Status / Services page and Service Status widget not real time?: Feature requests / bug reports should be done on redmine? It's usually better to ask on the forum first and then open an issue on redmine once you have proven a bug or that a feature doesn't exist. Way too many people open bugs on redmine without any real troubleshooting first. Steve