@makq
not sure whats exactly your question, but yes we have two VDSL and one LTE WAN.

It's a known issue with log rotation. Some of those firewall logs are rotating at ~1min intervals which I would class as quickly rotating.

Though I can't actually find a bug for it right now. 🤔

Well, I was wasting too much time. I blew away the build and rebuilt from scratch. Working fine now with exact same settings.

Very disappointed that a working site is brought down by upgrading.

Thanks for the reply and the attempt to help me.

When you run pkg it tries to update itself and right now the FreeBSD 14 repo has a significantly newer version. 1.2X has a few changes from 1.9X that you're hitting. But you should always be able to use pkg-static.

You should just be able to remove the <sysctl> section from the config and it will go back to using the defaults.

Steve

Yep! I can login to the GUI just fine assuming my user is part of the "pfSense_Admin" group - the same group I have setup in the shell auth group section

@SteveITS

Thanks for the input.

Not sure exactly how you mean to do this. Got some images? Already did this - when I stated seeing the errors in the logs, I did some research and it advised this. Some others (which I have not done yet - give instructions on setting up DNNSEC from the ADDS side). I am guessing you mean this (images) - this is what I have setup (should I change anything? I always question the Network Interfaces and Outgoing settings):

fbb105ca-6466-4583-b754-f5816cda747e-image.png
cd74ce90-5da0-4b81-95ec-2e9c7a8ff3ea-image.png

Thanks for all feedback.

I've upgraded my setup to a xeon e3 1270 and added the 4 port NIC.

It's much faster now but I'm only using 2 ports as usual, LAN and WAN.

As I want the simplest solution I'll just get the switch and solve all my limitations at once.

@AlphaSecurity said in GovCloud Compliance of Google vs. pfSense Open Source Security and Privacy Interests:

I am blocked out from changing the password to one of sufficient quality

Your saying your pfsense was breached, you had it open to the public? The web gui is not available to the public internet out of the box..

If someone accessed your pfsense and changed the password, just console in and reset the password. You then for good measure reinstall clean, etc. The pfsense gui should never be exposed to the public internet without restrictions on what IP can access, or only via vpn access, etc.

@JMV43-0 you know how your router at home nats your public IP to your rfc1918 address. CGnat is like that - the nat is just done in the isp network, and then your router nats the cgnat space 100.64/10 (normally) to your rfc1918 space 192.168/16,10/8 or 172.16/12

Thanks
both IP ranges are /24 now ans can see each other

(feel so silly)

@SteveITS that fs and disk troubleshooting has lots of very useful info - shame it's buried there!

I could certainly image that the faster you push traffic the more is lost, though not necessarily as a percentage.

Do you see the same when connected to other servers? Is that server in London far from you, is the latency high?

Steve

@NollipfSense said in Hot / Standby Pfsense PC:

@stevencavanagh said in Hot / Standby Pfsense PC:

Assuming I back it all up

You're just backing up your workable configuration...nothing more.

Yep, all backed up so just need to order another disk

Update: It looks like a firmware update for the adapters may fix this problem.

So it's been about 6 weeks since anything happened and we had a crash today. Just replying to add 2 pieces of information in case anyone comes across this post in the future. Today we rebooted the VM host for the first time in 8 weeks after pushing some Microsoft updates. Second, I tried to reboot from shell and it hung on stopping ntopng. I think the reboot is anecdotal/coincidental.

@SteveITS I just read them more carefully now, thanks!
That leaves node exporter then.

@stephenw10 Factory reset modem seems to have cleared up the link issue. ISP claims nightly outage is scheduled service

Hmm, well if that is the case you might be able to set the NIC to just link at 1G only and be able to remove the switch.

Yup AFAIK it only affected that one card.