There is nothing to do in the built-in load balancer (relayd) for virtual hosts. The original client connection is forwarded in, it would still contain the host header that Apache needs to pick the right virtual host. We need a lot more info to say for sure what might help your situation, starting with what actually isn't working, how you're testing it, and so on.

What AP are you using.. I would think with such a number you would have a controller to manage them and show you details like that.  Not sure how you think pfsense is suppose to know what AP some client is connected too??

How about posting the actual log entry you are seeing?

Ahh, yes. I forgot about PowerD and powerstates for some CPUs/motherboards. Nice catch and thanks for reminding.

Sure, you can configure the box from a pc connected to the LAN interface by logging into the WebGUI. If you installed your LAN interface at 192.168.10.1 then you just enter that address in a web browser on an attached PC and you should get the Web login page. Check out:https://doc.pfsense.org/index.php/Installing_pfSense#Post-Install_Tasks The docs pages are a good source of getting started info.

@Intelli: For some reason the "WAN IP RELEASE" option doesn't work with the FIOS network. Or maybe it does work but just appears not to because the ISP provided router re-establishes a new lease if the WAN cable is not immediately unplugged before it can do so.  I know the Actiontec MI-424WR behaves this way.  Probably some of the other ISP provided models do too.

Tambem estou com o mesmo ´problema…. Squid não é amplamente utilizado?!?!?! ÁÁ Váááá... kkkkkk

Check this out [image: Voucher.png] [image: Voucher.png_thumb]

I see now and then if login too quick with firefox.. but if you wait a few seconds it works fine.

I have the exact same issue…

I am going out on a strong limb and say that these are False Positives… I have checked over 50 different Blocklists and the IP reputation is fine... Except for what TrendMicro is reporting. However, their site seems to be URL based and not IP based... Will never know as the details about the service is slim to none... Food for thought: https://www.asus.com/ca-en/Networking/RT-AC5300/ https://www.reddit.com/r/privacy/comments/3vxg07/does_trend_micro_steal_web_browsing_history/ https://twitter.com/flexhub/status/587315109992800257 You might want to tweet to the Dev of Asuswrt-Merlin: https://twitter.com/RMerlinDev The github branch for Asuswrt-Merlin if you are interested: https://github.com/RMerl/asuswrt-merlin/search?p=1&q=AiProtection&utf8=%E2%9C%93 Trend Micro has yet to reply about the FP... I am not a customer of theirs, so best left in your court. https://twitter.com/BBcan177/status/770737622121611268 Didn't get the reason behind the RT-AC5300 link, read all the others. Well, to be honest that's what any web reputation system does, so one can choose either to use it or not. I saw your tweet and bump, seems to go unnoticed  :- As per pfSense I guess I'll be playing with it a little more before deciding, might as well use it between my physical LAN and my VMs to try it out. Thanks for the help

For making the healthcheck succeed you could try setting the "Http check version" and putting the hostname in there like below? HTTP/1.1\r\nHost:\ www.example.org Other than that you could try adding a advanced "port 80" option on the server definitions if you want the check to beformed on a different port than what is used for the usual traffic: http://cbonte.github.io/haproxy-dconv/1.7/snapshot/configuration.html#5.2-port

@johnpoz: "In the case of smtp how should I fill in those fields (Interface, Protocol, Source etc.)" Well the protocol is tcp.. email sure is not sent via udp ;)  Source would be the IP address of your smtp server.  Interface would be your wan but you pick the vip you want to use.. Dest could be just 25 which is the port email is sent on.. So is there any reason this server can not just use your vip for everything?  If so then it makes real easy just put in his IP and the vip.. So see my attached example.. Lets pretend that 192.168.100.2 is a public IP that you created on your wan as a vip, etc. That is what I am doing. I have about a dozen public VIPs all using the WAN interface. One VIP is for email with ports 25,465,993,995 open. Another server using yet another VIP is listening on UDP port range 25000:25000  for GPS coordinates to track municipality service vehicles like plow and salter. Some of our servers are actually in the could, that's how I started using PFSense, the cloud company uses it to manage access to the virtual servers. Anyway I am getting side tracked here. I will try the outbound NAT rule on our other smtp server, that one is not used that much. I don't want to fudge up the other one that is already working. Thanks for you input again.