ZFS is also a lot more resilient to filesystem issues than UFS. So if you see frequent power outages it's a much better choice. But, yes, it does write more to the drive. Though the default values in 25.07 reduce that significantly. You can mitigate it almost entirely by running RAM disks too.

Yup so check the routing and arp table on a client when it's unable to browse.

@ChrisJenk said in Netgate 6100 / 25.07 - any recipes / guidelines for optimising high speed LAN and WAN connections?: Speedtest program on the router itself No, I ran it on a Windows computer connected at 2.5Gb. I got full line speed up and down. I have since changed my internet to 1Gb so I only get 1.2Gb up and down now. A while back a friend and I were building and testing a VPN tunnel between us, a 7100 and a 6100, we found a noticeable speed difference if we used iperf on pfSense vs a computer on each end. We only get in the 700Mb/s range and still iperf on pfSense really added a load and skewed the results at least 10%.

If it's a paid subscription and you had to replace the hardware you should open a TAC ticket. We are not completely inflexible. Yes, it's tied to the hardware but if you are forced to change that we have options.

^^ yes - this. - and the syslogd fix in the works should resolve this.

@chudak said in Why do we need to pay for pfS + ????: How do you connect monitor to it? See for example https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4200/#how-to-guides In general Netgate makes sure new releases work on old Netgate hardware until it can’t.

@stephenw10 thanks for the feedback!

Mmm, you'll probably have to wait for it to fail and check what states are still there. I'd expect it to just re-connect if the states timed out and start to fail.

Sounds like they are getting redirected locally if they see a cert error. Check what cert they are being offered. The details there may indicate what is intercepting the traffic.

@akhuyna It's like I already said that. :)

@SteveITS Since the Netgate 2100 is at the Methodist local church and I support the firewall, this was a real user issue. They access the site monthly to do retirement account contributions for the church employees. Fortunately the login mechanism (once you can see it) requires two-factor authentication. Glad for that.

@Bob.Dig No worries.

Thanks. I had the same issue, kept failing boot verification 43000 files in the config backup directory. After getting rid of those, it upgraded faster than I have ever encountered in the past., I had gotten used to upgrades taking 10+ minutes.

It should still have a default route of course.

Yup more and better logging is coming. However it also looks like there is an issue with the negotiated MRU/MTU value so a fix for that is in the works.

All sorted. SUE..... Turns out ethernet doesn't work that well over a 300m long cable..... Interesting though, the RJ45 Cable Tester did work so that was a bit confusing. Anyhow, good to know for the future and all sorted now.

@jwright Which device do you have/are running pfSense? If it’s a netgate device, connect to the console with a serialport terminal like “putty”. If it’s a homebuilt pfSense CE, connect a monitor and keyboard. Then you will know if it boots as expected or something catastrophic has happened.

@guardian said in Anyone using pfSense with telMAX ISP (Canada)?: I don't trust my ability to secure it. Not much different than IPv4. You start out with everything blocked and only allow what you want. In fact, you can configure many rules to apply to both IPv4 & IPv6. Here's an example: [image: 1755915116010-9101928c-dd2d-4e58-abe2-d4a68923083d-image.png] The first rule blocks pings and the second allows other ICMP.

Anybody is using Protectli Vault V1410-4 Port ?