Try looking for the VLANs tab on Interfaces -> (assign)

I realize this was posted in wrong place. I just want to update in case someone was scared off by my experience, When I downgraded to 2.0.2 I had the same issue when I restored the config backup. So apparently there was an issue with my config exposed by the upgrade process, unrelated to version 2.0.3. I am now running 2.0.3 with config rebuilt by hand (with aid of the xml file open in notepad) and all seems fine. Was probably a good time for a config 'spring cleaning' anyway..
Thanks again to maintainers of this project for this solid update!

@pvoigt:

@dig1234:

I'm on nanoBSD i386. upgrade from 2.0.2 to 2.0.3 was a disaster. Bootup would hang at Starting Firewall.
Turned on verbose logging, eventually bootup finishes but packages did not reinstall.
Getting message in syslog and console:  kernel: t_delta 15.fd984de3455432fc too short etc.
Will try installing from scratch, maybe upgrade process just crapped out. Otherwise I'll go back to 2.0.2

Well, these issues are looking even more serious than those nsswitch warnings. Maybe I missed it but are you getting the nsswitch warning besides your other problems? If yes, could you please give feedback I they do disappear after a clean install? I'm runing a NanoBSD image and it is a real pain to exchange CF card for re-imaging.

Thank you all for your help. I also found out that every night comes the night guard to this company with his own laptop which was also infected:)

@heper:

squid on pfsense can work with AD authentication. How well it integrates with squidguard/dansguardian i don't know.

You have to install the following packages

you will sea the proxy filter and proxy server on the service tab you have configure like this

You can't use two WAN NICs with the same gateway.  It'll only route traffic out of the default gateway.

If you have more than one public IP address that can use the same gateway, you can do it with one NIC, and VirtualIPs and 1:1 NAT routing. (http://doc.pfsense.org/index.php/1:1_NAT)(http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F)

On my WAN2 interface I have a public IP address ...39, and ...40, and ...41.  The ...39 is the LAN2 subnet.  ...40 is a single IP on LAN2, and ...41 is another single IP on LAN2.  I could easily have added another public IP and had that route to LAN1, but in my case I have a completely different WAN connection with a different (different than WAN2) gateway instead.

Create the one WAN interface and use 1:1 NAT with a VirtualIP.

If you are looking at building a new box it's hard to recommend anything other than a low-end Sandybridge/Ivybridge based board. As Tim suggests above, using an socket 1155 board gives you lots of upgrade options. This board:
http://www.newegg.com/Product/Product.aspx?Item=N82E16813121622
Is slightly more but gives you a smaller footprint and DC power for greater efficiency.
Even a low-end Celeron will firewall/NAT at Gigabit wire speed so should be good for 120Mb of OpenVPN (I have no test results to confirm this). http://www.newegg.com/Product/Product.aspx?Item=N82E16819116889
If you want less building then maybe something like the Shuttle DS61: http://forum.pfsense.org/index.php/topic,56950.0.html

To be honest you could probably get 120Mb VPN with a far less powerful system but it's probably easier and cheaper to go with something such as the systems above.

Steve

If they fix it upstream, we pick up the changes either the next time we shift OS versions (not very often) or if we bring their patch into our code (happens all the time).

You cannot expand it to fill the card, at least not at all easily. It's relatively easy to load up the 4GB image and restore the config though.
However there is very little point in doing so. It's very unlikely you'll run out of space in the 1GB image. The RRD data is stored in the config (50MB) partition and I think that is the same size in the 4GB image. I'd have to check that. The RRD data does not grow in size though, that's the primary feature of it.

Steve

**my system work on ESXI 4.1 , pfsense for merge 2 line my multigatwy then go to Mikrotik 5.20 for Distribution internet to clients ,
every route have bult in siwtch take cable form router 1 to router 2  and from router 2 cable to wan , ( i disable dhcp in bothe of them )  ( in ESXI creat  2 virual network adapter in pfsense , contact to wan by creat virtual  switch then acreat vm switch btween mikrotik an pfsense

this is my network every time restart my Routers only one is online and the other is offline to solve problem need to restart pfsense every time after restart routers  , hop to fond solutoin**

thanks for your reply..
@dhatz:

Your best bet to increase overall performance would be to switch to pfsense 2.1-BETA (based on FreeBSD 8.3, with new drivers for most hardware). As long as you won't be doing any disk-intensive tasks (e.g. squid) the most important factor affecting performance would be your NIC(s) e.g. Intel or Broadcom etc.

Since you have plenty of RAM, you could try
kern.ipc.nmbclusters=262144

thanx  for thats a  big help  now i  just need to  work out  installing  but it cant be  that  difficult    hopefully  ???

however that  not my  firebox 700  but its a big help

That's an IP conflict, the device with the MAC it's listing is using your IP. It won't be in the ARP table since that IP is local and it won't believe whatever the conflicting device is. But your upstream router will. What to do about it depends, if that's something on your network, turn it off or change its IP. If you're plugged straight into your ISP's network, you'll have to contact them about it.

That'll happen if that traffic makes it to the firewall. At that point you can either block or pass it, but it's going to show up in your RRDs either way. Whether or not it makes it to your firewall depends on the device its WAN is plugged into. Something on that upstream device must have changed to send out that multicast on all ports rather than just ports that have joined the appropriate group. Whether or not that's configurable or you can do anything to change the behavior, not sure, better chance of finding that out from your provider (if you can get someone with a clue) or a forum of theirs if one exists.

@dillbilly:

Is there any way to figure out what might be advertising itself on that port?

Traffic doesn't necessarily result from something "advertising itself" on the port. For example, some might "probe" a range of IP addresses on a particular port looking for a systems that responds. Or you might have a dynamic IP address which was recently used by a system providing a service on that port.

Do you see a range of IP addresses accessing the port in question?  Do you see the accesses in the firewall log?

Diagnostics -> Traffic Graph?

Thank You everyone for all you help!  It is now fixed.  I had to reinstall blacklist and this time setup the correct URL for the download and everything went back to normal.

Again,  Thanks All for your time and efforts.

ChiefTenToes