This seems to be signal monitoring and statistics collection process. Do not have PPP configured right now, so cannot compare CPU usage.

well yeah your automatic rules would of been natting that source network for you.  You might have been able to just use hybrid since I believe the hybrid rules are evaluated first.

Understood!  Thank you for your in-site and your time!

Probably in the Traffic Shaping forum, where people post questions about the traffic shaper and quality of service.

There's FreeBSD port for sshguard-pf 1.6.4 You could install the pkg from the FreeBSD repo. Not sure how hard it would be to get it working with pfSense.

Status->DHCP leases

Which Networkcard should I use in KVM for the pfSense VM? Intel E1000 VirtIO (Paravirtualized) Realtek RTL8139 VMWare vmxnet3 Thank you!

I'm pretty sure mermen's issue is a defect with the pfSense package for ntopng. The core issue is that the current package does not support use of HTTPS. If you are using HTTPS for the webgui you cannot access ntopng by hostname because of HSTS. Only HTTP by IP address will work. This is discussed here: https://forum.pfsense.org/index.php?topic=110026.msg643065#msg643065 There is an outstanding PR for the pfSense package for ntopng to address this. [edited for politeness and clarity]

The links below should help you figure out what ports you will need to forward and how to setup port forwarding in pfSense. https://community.netgear.com/t5/ReadyCLOUD/RN104-Router-Ports-to-open/td-p/948497 https://community.netgear.com/t5/ReadyCLOUD/ReadyNAS-102-ReadyCloud-Cannot-Discover-Device/td-p/922769 https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense https://forum.pfsense.org/index.php?topic=55676.0 Not sure how you are going to use ReadyCloud but if I were you I would setup a VPN on pfSense then use a VPN client to connect to your LAN to get to whatever files you want.

Perfect - Thanks Jimp!

Sorry for the slow reply. Thanks for this, will try that tomorrow if I can get it working it will be really helpful.

Thank you all for your replies. Quite interesting to have different views on the situation. I use the vpn service so my pfsense is not only used as a fw. In the meantime I also activated egress filtering. For some of you maybe overkill, but it's also to learn how to use the pfsense (making aliasses and rules, check my fw logs etc..). @chris4916: Are you hosting internal services exposed to internet? NO Do you need remote access to your LAN? YES Do you need to segregate internal subnets? Isolate guest wifi from LAN… Not today, but could be in the near future. @chris4916: all-in-one UTM will do the job with less  flexibility but more efficiency… if you don't know how it works behind. Well apart from protecting my situation, I'd like to learn how it works behind. It's fascinating. @Harvy66: Don't forget to teach your children how to be responsible Internet citizens and not get virii. I got a virus once when I was 7, it was from a floppy disk I got from a friend. I have never gotten malware or a virus since. I absolutely agree on that point too. @pleriche: Regarding pfSense I'm a bit of a noob round here but I would humbly suggest that what you need is a UTM rather than a firewall such as pfSense. I'll have a look at that UTM stuff. @jahonix: Personally I would separate my network in trusted and untrusted subnets with the kid's gear being in "untrusted". This way they cannot infect parents stuff. With vlans, yes this could be an option too. But the "untrusted" part will need access to the "trusted" part. For example: ipad is using application to navigate in the gui of the Kodi Media Player. I'll have to check that. Again, thank you all for the interesting advises.

Hi John, I've finally created the tutorial! You can check it here: https://forum.pfsense.org/index.php?topic=116980.0

If you run the manual ruleset reload command at the CLI (or from Diag > Command Prompt) it will report the error that is causing that. Almost certainly an unpopulated alias that pfBlocker created in that case. pfctl -f /tmp/rules.debug https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting#Ruleset_Loading Steve

it works connecting it via a switch. will keep it that way, still i need to separate the dhcp pool from my LAN. I have created an aditional dhcp pool (in the same network) but i'm not able to make it use that one only. like force all requests comming from ESXi to be served from that pool. Any clue on this?

Are the hosts actually connected with 10Gb links? Several hypervisors including Hyper-V report 10Gb nics on the guest-os which doesn't necessarily mean they actually have a 10Gb link. Having said that, I am currently planning a datacenter move. Our main datacenter has a few HP DL360 G9 machines, each with 2 Xeon 2950V3 CPU's, some pretty neat and fast 10core machines, so a total of 20 cores (for what that matters). We are running pfSense (on Hyper-V) on those boxes, and it never passed 60MB/sec, about 500Mbps. In our new datacenter though I've mounted a spare Cisco 3750 switch and a Xeon L5520 based machine, so even one generation before your L56xx host. With the exact same pfSense setup on Hyper-V as well this much older machine reaches linespeed and I can do a 115MBps, so about 1Gbps down and up. Note that I am running pfSense on Hyper-V 2012R2, which isn't even the best hypervisor for it at all. Now this difference might be the line in our current datacenter, but it might as well be some other issue. In any case, the rather similar L5520 based machine can actually do 1Gbps routing with no issues at all in my setup. No specific tweaks done at all.

We still haven't done the domain rename. The parent domain we were planning on joining ended up being a mess… still has a server 2003 box for some ungodly reason... IMO we should make a new domain of a different name, but I've been unable to convince the powers at be. As far as the firewall goes though, I'm pretty sure all I have to do when the time comes is change the domain name within the settings. This will trickle down to the IPSec VPN settings as well, correct?