For anyone interested, I have completed this and it is good.  Following this guide https://www.jgranzow.com/?p=23 I created my CA and certificates I needed for my VCSA 6 and my 2 esxi 6 hosts.  I downloaded the CA root crt + key and the host crt + key and uploaded all of them to a shared storage space.  I followed this guide using option 1 https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2097936 and it asked for the VCSA crt, key and also the root crt.  I then followed this guide https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2113926 for my 2 esxi 6 hosts starting at the "Installing and configuring the certificate on the ESXi host"  I noticed I needed to remove the hosts 1 at a time from vcenter, update the cert, reboot the host to be on the safe side and re add back into vcenter.  All certs are now trusted and good for 10 years.

this also makes my ups/nut configuration useless.

I would to try out to install ASUSWRT-Merlin or something likes DD-WRT or OpenWRT and be happy with the AC WiFi.

The netgear 6100d is a lte modem/router with ip pass-through. Is this a hybrid router with capabilities for the load balancing and/or fail over? Then you could try out to get the best or most out of that unit together with pfSense, to build a router cascade or dual homed bastion host. Netgear Router Net: 192.168.1.0/24 (255.255.255.0) IP Address: 192.168.1.1/24 DHCP server: off pfSense behind the Netgear: WAN Net: 192.168.1.0/24 static IP 192.168.1.100/24 Gateway: 192.168.1.1/24 DNS: 192.168.1.1/24 LAN Net: 172.xx.xx/24 LAN IP: 172.xx.xx.1/24 DHCP: on Gateway: 192.168.1.1/24 DNS: 192.168.1.1/24 Client config: (PC, Laptop,…..) IP via DHCP or fix from 172.xx.xx/24 Gateway: 172.xx.xx.1/24 DNS: 172.xx.xx.1/24 Now you get something likes double NAT but it might be mostly only "eating" 3% - 5% of the total throughput.

Are there any ways to view the operation logs of specific user? You could try out installing Squid & SquidGuard together with user auth. and look then at the specific user account what he or has done.

$ ssh root@SG1000.fw.example.com 'pkg search -o ".*"' | awk '{print $1;}' | sort > armv6.list $ ssh root@SG8860.fw.example.com 'pkg search -o ".*"' | awk '{print $1;}' | sort > amd64.list $ diff amd64.list armv6.list | grep '^>' > not-on-amd64.txt $ diff amd64.list armv6.list | grep '^<' > not-on-armv6.txt $ cat not-on-amd64.txt > sysutil/pfSense-u-boot $ cat not-on-armv6.txt < archivers/cabextract < archivers/gtar < archivers/libarchive < archivers/liblz4 < audio/beep < databases/ldb < databases/mysql56-client < databases/redis < databases/tdb < devel/argp-standalone < devel/binutils < devel/cmake < devel/cmake-modules < devel/ding-libs < devel/git < devel/icu < devel/jansson < devel/jsoncpp < devel/libhtp < devel/libinotify < devel/libpci < devel/libunistring < devel/nasm < devel/nspr < devel/py-babel < devel/py-backports_abc < devel/py-botocore < devel/py-dateutil < devel/py-enum34 < devel/py-futures < devel/py-Jinja2 < devel/py-jmespath < devel/py-msgpack-python < devel/py-pytz < devel/py-singledispatch < devel/py-six < devel/py-yaml < devel/swig13 < devel/talloc < devel/tevent < devel/yajl < dns/bind99 < dns/c-ares < emulators/open-vm-tools-nox11 < emulators/pfSense-pkg-Open-VM-Tools < emulators/qemu-user-static < graphics/graphviz < lang/p5-Error < mail/p5-Net-SMTP-SSL < math/mpc < math/mpfr < misc/pciids < misc/py-progressbar < net/daq < net/freeradius2 < net/libdnet < net/libpcap < net/ndpi < net/ntopng < net/p5-IO-Socket-IP < net/p5-Socket < net/pfSense-pkg-freeradius2 < net/pfSense-pkg-ntopng < net/py-libcloud < net/py-pyzmq < net/rsync < security/barnyard2 < security/broccoli < security/nss < security/p5-Authen-SASL < security/p5-Digest-HMAC < security/p5-GSSAPI < security/p5-IO-Socket-SSL < security/p5-Net-SSLeay < security/pam_ldap < security/pam_mkhomedir < security/pfSense-default-config-azure < security/pfSense-default-config-bhyve < security/pfSense-default-config-ec2 < security/pfSense-default-config-ec2-csm < security/pfSense-default-config-kvm < security/pfSense-default-config-openstack-csm < security/pfSense-default-config-serial-alix < security/pfSense-default-config-vmware < security/pfSense-pkg-snort < security/pfSense-pkg-suricata < security/py-certifi < security/py-pycrypto < security/snort < security/sssd < security/suricata < shells/bash < sysutils/blinkled < sysutils/dmidecode < sysutils/flashrom < sysutils/grub2-bhyve < sysutils/htop < sysutils/lcdproc < sysutils/lsof < sysutils/pfSense-builder < sysutils/pfSense-pkg-blinkled < sysutils/pfSense-pkg-gwled < sysutils/pfSense-pkg-LCDproc < sysutils/py-salt < sysutils/screen < sysutils/smartmontools < sysutils/u-boot-ufw < sysutils/vm-bhyve < sysutils/vmdktool < sysutils/wrapalixresetbutton < sysutils/xe-guest-utilities < sysutils/xen-guest-tools < textproc/flex < textproc/libyaml < textproc/py-docutils < textproc/py-MarkupSafe < textproc/xmlstarlet < www/p5-Mozilla-CA < www/py-requests < www/py-tornado < x11-fonts/libfontenc < x11-fonts/mkfontdir < x11-fonts/mkfontscale < x11-fonts/webfonts < x11/xproto The packages that are not on ARM are mostly missing because they either do not compile or do not make sense on the platform, or they are dependencies of packages that are not there. For example, no need for VM guest tools if we know it's real hardware, not enough horsepower for snort/suricata even if they did compile. To boil it down to user-facing stuff: $ grep 'pfSense-pkg' not-on-armv6.txt | cut -f2- -d '/' | sort pfSense-pkg-blinkled pfSense-pkg-freeradius2 pfSense-pkg-gwled pfSense-pkg-LCDproc pfSense-pkg-ntopng pfSense-pkg-Open-VM-Tools pfSense-pkg-snort pfSense-pkg-suricata

Any suggestions? I am having the same problem. Once before it corrected when I reboot pfSense. But not this time.

First: Ditch NanoBSD. It's not doing you any favors and it has been removed from pfSense 2.4. Second: Disable the dashboard update check (System > Update, settings tab) and also if you have the packages widget active, remove it.

The only place that TRIM is activated automatically is on 2.4 when choosing ZFS, because ZFS has TRIM support built-in.

"but I really like how the NAT redirect works." Why??  If you block dns, your teenagers can try until they are blue in the face to use some other dns.. Just not going to work..  This is honest, sorry we do not allow that.. Redirection is oh you want to use 8.8.8.8 here is answer to your dns query to 8.8.8.8… Didn't tell you I sent it to opendns instead.. If you want to use redirection you still can, but you can not have the thing your redirecting to use redirection.. You have a loop..

M.2 disk only, the miniPCIe socket isn't capable of mSATA IIRC.

My connection is currently 100Mbps/10 and will soon have 250Mbps/50. There are some nice matching units to get success. APU2C4 & mSATA Chinese J1900 box Jetway NF9HG-2930 Supermicro C2558/C2758 Alternatively I would more have a look on the SG-2440 units from the pfSense shop.

you can create a new macro an execute that from commandline https://doc.pfsense.org/index.php/Using_the_PHP_pfSense_Shell#Recording_and_Playback

Ok, it would seem it is a known Bug. It was due to the fact I was running CODELQ on both parent interface and VLAN.

Thanks! Not sure how I managed to not find that page…

Hello, I'm looking at my syslog server and I find the following log entries around every time the wan connection goes down: Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 /usr/sbin/cron[93325]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc) Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 /usr/sbin/cron[93770]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout) Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 /usr/sbin/cron[94091]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout) Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 /usr/sbin/cron[94344]: (root) CMD (/usr/local/pkg/swapstate_check.php) Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 /usr/sbin/cron[94545]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot) Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 cron[93249]: (root) MAIL (mailed 46 bytes of output but got status 0x0001 ) Dec 15 11:00:00 10.1.1.65 Dec 15 11:00:00 cron[92957]: (root) MAIL (mailed 74 bytes of output but got status 0x0001 ) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 /usr/sbin/cron[30482]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 /usr/sbin/cron[31532]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 /usr/sbin/cron[32008]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 /usr/sbin/cron[31725]: (root) CMD (/usr/local/pkg/swapstate_check.php) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 /usr/sbin/cron[32172]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 cron[30438]: (root) MAIL (mailed 46 bytes of output but got status 0x0001 ) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 cron[30168]: (root) MAIL (mailed 74 bytes of output but got status 0x0001 ) any idea what could be happening?