I ended up going with a ebay used dell/hp sff i7 4770 with pcie. It will replace a n54l which is struggling already with pfblockerng (large list), snort (alerts only) etc using 8gb ram out of 16. I already have dual and quad intel nics ready to go in. vpn to connect to firewall. multiple vpn points of presence to accommodate gamers and streamers. snort and one day suricata. 1/3 the price of a appliance for me and way more powerful, cheap easy to replace.

As that is not a typical deployment, there isn't any way to know that without trying. Probably could be done with minimal RAM (512MB or probably less, but I wouldn't go lower than 256+swap), no reason to skimp on disk space, standard there is ~20GB for a VM. Again, may by able to get by with less but not much reason to these days. Single CPU core would do fine.

Thanks for the responses. I see that I can set a client identifier and/or description when assigning static mapping and that is the kind thing I was looking for. Ideally, I'd be able to do that with any client/MAC address (not just static mappings). It's really convenient for understanding what is active on the network at a glance and I don't want to assign static mappings for everything. Thanks again!

Hello Steve, How stupid of me. I changed both to meetingpark and now it all works. Thanks for your help.

If that all happens through your WAN port, maybe the block bogons option on your WAN interface is getting in the way? I’ve never had to disable that before to hit 100.1, but maybe it’s a “feature” of newer versions of pfSense (I haven’t touched pfSense in almost 2 years)

HI thanks both for your explanation that make more sense now for me. Effectively it s better to use Split DNS and to add entry for all i just forget this simple solution. KR

Were you able to try Ctl+t there? If you shutdown the firewall from normal running conditions does it shutdown and power off as expected? You might also run some tests on the boot drive. If that fails it can appear like that. Running processes continue to function but nothing can be started or logged. I would expect to see errors on the console though in that situation. Steve

You don't need a switch if there are only two hosts in the segment, there is no switching to be done. IMO at least. I wouldn't use a switch there. Steve

Not covering the break room with solid guest wifi is just, well, so uptight. 8 APs looks a lot better. Stuff will sing.

First thing to do here is upgrade to 2.4.3_1. This may have already been addressed. If it doesn't then we would need to see logs covering the reconnection that results in no outbound traffic. Steve

It depends how they 'discover'. But most use either mDNS which Avahi should cover or they using the SSDP component of UPnP which can be made to work using IGMP proxy. But it is by no means guaranteed. It's worth pointing out that the UPnP component in pfSense is only for Internet Gateway Device protocol and does not help at all with this. So don't enable it. Unfortunately all these manufacturers cater only for a single flat layer 2. If you attempt to add some security to your network by separating devices into different subnets you're outside their target audience and on your own. They could easily allow this by just giving you a box to enter the server IP but..... IMO. Steve

Yes I agree, I seems unnatural to do that. However I guess that by doing that you can add new nodes to the mesh and as long as they are in that subnet the system routing table does not have to change to reach them. Only the internal routing in the daemon. Steve

It's almost certainly Squid if you're running that. Either cache or logs. Try running at the command line du -hs /* Then drill down further to find what's using the space, e.g. du -hs /var/* Clear the Squid cache from the package menu of you haven't already. Steve

oh nice

Solution System > Advanced > Miscellaneous https://prnt.sc/kp9ek6

You are correct, that would appear to be a symptom of a failing disk

Hi ! I have already the same problem. If you have this error : 10.50.3.1 | FAILED! => { "changed": false, "module_stderr": "/bin/sh: /usr/bin/python: not found\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 127 } You can pass the interpreter /usr/local/bin/python2.7 in Ansible Variable ! In the /etc/ansible/hosts file you can put : fqdn_server ansible_python_interpreter: /usr/local/bin/python2.7 After this modification it's work fine !