Lets not forget that there is no scanner on the planet that detects all bad files. I have to wonder how your "server" would get infected to be honest - other than some worm running on your network.  Why would you be browsing or executing anything other than trusted exe on a "server" in the first place?

It's not possible currently, CARP does not support an active-active configuration at this time for load sharing.

The anti-lockout rule is there to make it more difficult to lock yourself out especially if you're not very familiar with the firewall. You can still tighten up the LAN rules though. You can still lock yourself out.  ;) Steve

thanks bro, its has been solved :)

nanobsd is the way to go

Thanks, I submitted a bug report for this issue.

Check to see if the mtu is 1492.

Yes.  The Suricata package will decode and log all HTTP traffic.  You can see the source/destination address and the exact URL that is being requested.  Everything is timestamped.  However, it is a 'raw' log and will require some manipulating to pull it into a more readable format. Another alternative is Netflow.  Export the data to a Netflow collector and you can see the conversations, but not the actual URL's being requested. Another less informative alternative is to use OpenDNS.  You can generate reports on what domains are being requested, but not from which machine and the report is only on a full-day basis. EDIT:  The squid solution posted above would be a very good way to accomplish what you want.

Are you able to ping from a SEC device to a DMZ device? What about from the DMZ interface to the SEC network (within pfSense in Diagnostics -> Ping)?

@jimp: Sounds like either ntop is running multiple times, or you have a clock issue causing ntop to believe the clock is stepping backward or not ticking properly. Time zone set  Europe/Athens from console-terminal  is ok. Must to configure and ntop time ? seperetely ?

I assume you want to do this to backup your configs. All you need to do is setup an FTP server on the backup target and use this script: #!/bin/bash HOST=IP  #This is the FTP servers host or IP address. USER=USER            #This is the FTP user that has access to the server. PASS=PASS        #This is the password for the FTP user. dstamp=date +%Y-%m-%0e cd /cf/conf Call 1. Uses the ftp command with the -inv switches.  -i turns off interactive prompting. -n Restrains FTP from attempting the aut o-login feature. -v enables verbose and progress. ftp -inv $HOST << EOF Call 2. Here the login credentials are supplied by calling the variables. user $USER $PASS Call 3. Here you will change to the directory where you want to put or get cd /cf/conf/ Call4.  Here you will tell FTP to put or get the file. put config.xml chmod 777 config.xml rename config.xml config$dstamp.xml or #get test.txt bye EOF i have this on a daily cronjob and it works very well.

It seems you have connected your pfSense to an existing network. pfSense sets the LAN IP to 192.168.1.1 by default. For existing networks this would not fit. At first you may to configure the LAN interface on the shell and assign an unique IP in your network. Then you get access to the web interface.

Bridge what connections? What do you think you need to bridge?

@Harvy66: I'm just going to wait for 2.2 stable, then try it out again. Might take quite some time. Meanwhile, snaps seem to be back.

There is a new advanced option in 2.1 that will allow the creation of a RAM disk to store logs on. It is documented somewhere, just search for it.