If your cable 'modem' has a firewall function it's probably a router and has a dhcp server. Enabling that is probably easiest. Steve

Hi, I have this same problem with Telstra SIP and pfsense. Outgoing calls work but incoming calls don’t work. Packets seem to get to the WAN interface of pfsense, but go no further. I will try another firewall in the next few days to confirm that it is indeed pfsense that is causing the issue. Then I will go back to pfsense. Tried just about everything I can think of. Cheers Chris

I was looking at the AC LR https://store.ui.com/collections/wireless/products/unifi-ac-lr . it says it only consumes 6.5w if i am reading the specs correctly so the unifi switch should be enough. I think one ap should be enough for the house as it will be in a central location.

@terpfan1980 said in Unable to access Internet from virtual network: Back to update... a day or so after the discussion above, I was able to resolve the issues that I was having. My best guess is that the issues that I was having related to my flipping the switch within pfSense to "Turn off the Firewall". Turning off the Firewall seemingly also turned off the NATting that I would have been relying upon. Seemingly: Disable Firewall Disable all packet filtering. Note: This converts pfSense into a routing only platform! Note: This will also turn off NAT! To only disable NAT, and not firewall rules, visit the Outbound NAT page. Related, I had created "Any to Any" firewall rules, but then screwed up and had them only for TCP, and not for Any protocol. With the rules changed to "Any" protocol, and not just TCP, things worked as documented (loosely documented, but with the pictures that were seen above, along with others) and the traffic flows as expected, from vlan to vlan, and from the vlans out to the internet as expected and desired in my case. Loosely documented: https://docs.netgate.com/pfsense/en/latest/book

The main system log can be found in /var/log/system.log but that are in a circular format. https://docs.netgate.com/pfsense/en/latest/monitoring/working-with-binary-circular-logs-clog.html Steve

Adding that outbound rule should not affect normal traffic from internal servers at all. Seeing blocked FIN entries like that is not necessarily a problem: https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-for-legitimate-connection-packets.html#troubleshooting-blocked-log-entries-for-legitimate-connection-packets If you were seeing asymmetric routing problems I would expect to see blocked traffic on LAN also. Steve

Yup or create the Limiters via the captive portal since I'm pretty sure you're using that. Not sure how Open your Wifi is at this point! Steve

Thanks! Tonight the issue is gone on both W7 computers. Last night, I installed a new cable modem which would seem unrelated to the gstatic issue, but it was an unusual event. Malwarebytes never found anything on either computer. This is not my favorite solution path, but I'll take it for this evening.

Did you try the mailreport package? Steve

Support subscriptions are sold on a yearly basis only. For those who need help but elect not to get a subscription, we have multiple resources available to the public/community (including this forum) where questions may be asked. Answers are provided by the community at no cost.

The internal names, wan and lan, are just that, internal. You can rename them. The only thing that is hardcoded is that the anti-lockout rule is on the second interface and cannot be moved. It would be hard for us to change that at this point as so many users are expecting it. Steve

you should insist with your help desk. tell them to call this adrianc and suggest them to install/check php mcrypt this can't be a pfsense box problem did you try with your phone with 3g/4g/lte connection or only wifi ? if it does not work with your cell phone service provider you have proof it's not the pfsense

Ah, that would do it! I would have suggested that but in your screenshot above you already had an allow all rule on the OpenVPN interface that would have passed that. The first version of pfSense that supported the SG-1100 was 2.4.4p1 and the differences to p3 there is minor. It definitely would not have helped here. Steve

@akuma1x the PoE switches are serving Aruba WAPS as well as VoIP phones and cameras. The switches will not be maxed out maybe 20% utilized for each one.

@stephenw10 said in Intermittent timeout to Google: @JKnott We have seen users with a subnets set to /2 or /1 where large parts of the internet are unreachable. That would affect just about everything, not just Google. The OP said other sites weren't affected. A little testing, perhaps with trace route might help. BTW, I have plenty of experience with users causing their own problems.

@Asit-Kumar-Manna 100-150 users over wifi on their phones, let's see... Here's what I would do with that. You're going to need the Ubiquity access points, like you already said. I would get the cloud controller for sure. That will make managing these really easy. You will need POE switches to power these, and some spares ready to go in case of a switch failure. What kind of network size are you doing - is this in a couple of buildings, or over a large campus? I see you say college campus, but is it really big? You're going to need to wire up (most likely fiber runs) all the access point locations/drops back to your firewall somehow, if it isn't already done. The pfsense box I would use would be at least the XG-71001U, and depending on how critical the network is, maybe even the HA (2x 71001U) dual option. https://www.netgate.com/solutions/pfsense/xg-7100-1u.html https://www.netgate.com/solutions/pfsense/xg-7100-1u-dual.html Jeff

No, that will not accept the multicast ARP replies if you need that. That requires the system tunable to be added. If you just need to clean the logs then you can try that check box. I'm not sure I've ever done so for multicast ARP, we hardly ever see that (because it's invalid ). Steve

@stephenw10 Nice! Thanks man, thats exactly solved my problem!