@stephenw10 thanks for the support! @JonathanLee said in Netgate 2100 inexplicable slow internet problem: What’s your MTU set to? default 1500.. I also tried to lower it but without success

Not easily. Not as far as I know at least.

Ah so in Status > Interfaces? Not show the link speed/duplex is quite common for N-base speeds. Is i actually linked at 2.5G? What do the linl LEDs at either end show? What pfSense version are you running? What firmware version is on the NIC? As far as I know the X550-T is one of the few NICs that has been shown to link at 2.5/5G so I'd expect it to work.

We use UDP Broadcast Relay for SSDP control which in our experience, the other packages had difficulty handling.

@stephenw10 Ok, thanks

Yup, you don't need support to get the firmware images.

https://forum.netgate.com/topic/186556/how-to-run-pkg-upgrade-from-diagnostics-command-prompt/20 echo /etc/rc.initial >> ~/.tcshrc.local

Strange, it was doing it middle of the night, no one was using internet or was logged in to the firewall.... No errors sice then, all seems to be good

@dotgate I'll add a little on my own c) there is no problem activating these options (if the device allows it) https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerators.html https://man.freebsd.org/cgi/man.cgi?qat however, version 2.7.2 does not include the core modules of the QAT driver (Intel QuickAssist Technology (QAT) [Plus only]) But, if you build your Freebsd 14.0 kernel on any test device, you can download this driver manually into the PF kernel (by copying several files) [image: 1718133204206-1928c0d4-207f-4416-b8ac-1854b2e61e0c-image.png]

When you restore the config if should pull in any packages that were installed as long as it has access to the repo.

If you have a downstream (internal) router with other subnets behind it pfSense needs static route to those so it knows where to route traffic. https://docs.netgate.com/pfsense/en/latest/routing/static.html#example-static-route

@stephenw10 Thank you very much for your analysis and advice! With the configuration changes mentioned above, I no longer have pfsense blocking, it's a bit of a shame that some settings aren't more “original” configured for a (in my case) 8200. I'm glad to have found the https://forum.netgate.com/topic/182534/just-purchased-a-netgate-8200-having-a-few-issues/13topic which helped me enormously to find a solution to my problem. EDIT Last test [image: 1718113901940-16c681da-6cab-4ad6-b09e-d190ec1fad3f-image.png]

Yes, exactly like that.

@Teddy thanks that's what I was looking for and it works in version 2.7.2

In Status > IPSec you should see traffic on the packet-counters for both P2s. If you don't they either don't match the traffic or your firewall rules don't.

@stephenw10 Ok, thanks)))

@stephenw10 Yes, indeed :-). When pinging something continually and the problem occurs it will fail until pfSense+ ages and renews the ARP table entry or, as with my script, any ARP Request containing the layer-2 and layer-3 addresses of the pfSense+ WAN interface is transmitted to the ISP. Thanks @stephenw10. Andrew

@Unoptanio said in About Status/DHCP Leases: "on line" is still shown. Here : [image: 1718009737456-7751a241-64e0-4f99-93a7-035954be5abd-image.png] the green arrows. And before you ask : "on line" or the green arrow means probably something different as what you might think. "On line" or the green arrow means : the IP is in the "arp cache". See here Diagnostics > ARP Table pfSense, or the DHCP server, is not 'pinging' (or something else) every (lease) IP every xx seconds to see it it replies. Static or not : the admin knows what leases are static, as he set them up as static. But I get it : why showing 'n/a' twice, even if it's true, if the word "Static implies the same. Not sure why that was changed.

@stephenw10 Yes. Kids_Devices Host(s) 10.10.10.50, 10.10.10.51, 10.10.10.52, 10.10.10.53, 10.10.10.54, 10.10.10.55, 10.10.10.56, 10.10.10.57, 10.10.10.58, 10.10.10.59…