@KOM: This has been asked & answered a few times now.  It's a serial for the Netgate hardware to identify the unit for support purposes.  If you have genuine hardware, your serial number will be shown.  If you have a generic box, the system UUID will be shown.  That's it. Not just Netgate hardware. We have many customers running pfSense on their own hardware. Anyone can buy support.

If they are getting the lease from isp, they are not behind the firewall. I'm suspecting your setup to be wrong. Think (and do): isp <-> modem <-> pfSense <-> switch <-> clients Read this a couple of times: http://www.cisco.com/networkers/nw04/presos/docs/SEC-1N20.pdf for the first 20 slides or so, it's a bit dated but hopefully explains a bit where a Firewall should be positioned etc. and practice on your google-foo  ;) , lookup all things you don't fully understand….

LACP to each HA node (4 ports) 4 ports total two from each HA node, one each to each switch. You will chew up switch ports quickly. Then you need to decide how to configure the LAN side. You need at least two switches, stacked, or using some other technology that allows them to make LACP groups with ports on each switch (Multi-Chassis trunking, or whatever your vendor calls it. At this scale, stacking is likely your best bet). You can also use Spanning Tree and something like this without going to LACP: https://portal.pfsense.org/docs/book/highavailability/layer-2-redundancy.html

I completely agree and understand.  Will be posting a new question on that board Thanks again for your assistance.

reason being is it is possible at that edge - Using a PFSense with multiple GBit Ports Trunk Not necessary just was wondering if possible.. would have preferred for it to handle DHCP but see that isn't possible if it is not handling the Routing for the VLANs correct? Just have it on the transit Network - agreed - just need to make sure add the routes for the other vlans so it knows where to send the traffic…  or yes use /16 if networks are within the B ranges - just prefer the routed method sometimes.

@floydque: Can you help me do a CSV reporting that it lists latency loss. Example: Oct 13 16:29:57 dpinger WAN_DHCP 222...*: Alarm latency 82880us stddev 46313us loss 21% That's what you are getting in the CSV. The header you will see is: ,packet loss,delay average,delay std. dev., The first field (with the missing header description) is is a timestamp. The timestamp is a standard Unix timestamp with 3 digits of milliseconds appended. You will have to convert this field to the date/time format you want. The packet field is in percent, and the delay fields are in milliseconds. The timestamp is pretty easy to convert in Python or Perl. However, if your target is a spreadsheet, you can convert the timestamp with a formula: =((A1/1000)/86400)+25569 Hope this helps.

Thanks; we're not running Unify; we're using java for a very secure internal program. pfSense can't finish booting

Thanks for the suggestion, Harvy66. I have not enabled any proxy… However, I just found the problem. For whatever reason, the LAN NIC associated with the ESXi vSwitch was not auto negotiating to gigabit ethernet, but showing the speed as 100MB Full Duplex. I forced it to 1000MB Full Duplex, reran the speed test and am now getting in excess of 233 Mbps on the download, as it should be. All is once again good with the world.  :-) Thanks again.

Any lease requested from pfSense's dhcpd, will show in the corresponding status page I suggest you spend some time here: https://doc.pfsense.org/index.php/Main_Page Enjoy the reading!

What Port is PFSense plugged into on the 3Com what is the port Set as? Trunked? or not trunked. if you set to full trunk and all tagged no - untagged what happens - lose all traffic? did you disable the port then re-enable on the switch? Cisco sometimes helps me on older switches to cycle the interface to get a trunk to line up. PFSense - did you setup you vlans on PFSense matching the VLAN Tags? Shouldn't need to setup IP address for the VLANS… thinking through it.... technically if the 3Com is doing the routing - then all you need is simple uplink to PFSense and add Routes manually to PFSense not even vlans or deal with trunking... think that is how I've done it on my old firewalls - works but is probably wrong to the PFSense guys... basically why trunk if you're not needing to tag out of other ports on your PFsense box? think that logic is right... then the routes can determine / manage traffic... basically VLAN1 in your case is 10.1.1.0/24 VLAN2 10.1.2.0/24 and PFSense is ignoring 10.1.2.0 because it has no idea what to do with it.... A: Dirty Method - setup your PFSense IP in a /16 CDR (255.255.0.0) and bam it should work. B: Add route for 10.1.2.0 via 10.1.1.X (3Com Switch VLAN1 IP) This should also work... - if I'm thinking of it logically. C: add the VLANS which should create the 802.1q trunks (not sure if you have to set an IP for each vlan - which in my book enables VLAN Routing in PFSense and you don't want/need that) Hopefully one of the Experts will clear me up!

Ahoy. CAPTAINS must be some sort of translation to EXPERTS, which is also common. Create an alias using the FQDN you want to block, create a a pass rule source the address you want to control destination that alias with a schedule for when you want to allow access followed by a reject rule with the same source/dest without a schedule. Based on the information given that's the best I can do.

@KOM: If anyone know about port 80 whats wrong please update. Are you running WebGUI in HTTP mode?… yes sir running pfsense web gui on http port 80 but trying to forward port 80 no success :( **Why is the destination address on your 8008 port forward not WAN address? @Derelict ok sir i changed it to Wan Addres**

In all likelihood there is no problem. It's the graph glitching when a counter wraps around.

For the benefit of others I wanted to mention my final solution. Turns out that getting a USB attached 4G Mifi/Dongle to work on pfsense is tricky, bordering on a fool's errand. Even if you get it to work there are issues, such a ppp not delivering LTE speeds, and mock-ethernet configurations potentially hanging on boot. Luckily, there is  an alternative, without all the headache: Just buy a 4G desktop router:  https://www.google.co.uk/search?q=4g+router&source=lnms&tbm=isch and connect it to pfsense with an ethernet cable. Yes, you need to be able to afford it (got a E5186 for £120 off ebay), and yes you need the appropriate number of ethernet ports on your pfsense. But this approach is so much easier than trying to dick around with obscure settings on a very specific MiFi model. It's also easier to trouble shoot as you can manage and reboot each device independently. ;D

It's a limitation of tcpdump on FreeBSD, nothing we can do about that. Even on FreeBSD 11 with the latest tcpdump it does not work. root@doctor:~ # /usr/local/sbin/tcpdump -i any tcpdump: any: No such device exists (BIOCSETIF failed: Device not configured) root@doctor:~ # /usr/local/sbin/tcpdump --version tcpdump version 4.8.0 libpcap version 1.8.0 OpenSSL 1.0.2j-freebsd  26 Sep 2016 root@doctor:~ # uname -a FreeBSD doctor.dw.example.com 11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu Sep 29 01:43:23 UTC 2016    root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

check_reload_status is a command dispatching daemon. If it's using CPU, it's because it's being given a lot of commands. In other words, it's not causing the problem, you're looking at a symptom. You need to locate the actual cause. Look in all of your logs for any repeating events or other processes that are stopping/starting, for example.

What do your logs tell you?