@steveits fair enough, will just pivot to blocking all and only allowing ports that are confirmed in use, thank you for the confirmation

As the Fritzbox can be accessed and adjusted remotely by your ISP (similarly to most ISP supplied boxes) you can not guarantee your configuration as well as one can with a pfsense box. It is worthwhile with a Fritz!Box looking at the security tab to see what open ports exist and the services supported.
Configuring pfsense to work with a Fritz!Box in modem mode is a whole other kettle of fish!

Ok perfect...

I would like to keep all the configuration of ACLs, VPN, etc. redoing everything by hand, besides the waste of time would definitely cause errors.

Thank you very much

I would not remove the switch if you have multiple devices on the same VLANs talking to each other. The 6100 ports are not a switch. If you have devices connected to them that need to be in the same subnet they would have to be bridged and that uses significant CPU cycles. An external switch can do that without loading the firewall.

Steve

Ok, start a new thread for that then it seems unrelated to the notifications issue.

That is the same error we saw from others who had an outdated Home Assistant pfSense integration installed. You will need to update the integration in Home Assistant (or disable it).

The error isn't coming from code in pfSense, but code being sent by that pfSense integration, so there is nothing pfSense can do to alter that code.

There are several threads for this already if you need more information.

@johnpoz
Oh yeah. Go to correct it. Thanx.

@sdugoten said in Register custom hostname by MAC address:

Could you please point me to which screen that would do the static mapping? Thanks.

Bottom of the DHCP server page.

22781824-e8e8-47a2-a8b6-2d91a794a058-image.png

Also, the easy way to make a static mapping is to connect the device and find it in Status / DHCP leases and convert it to static mapping, to add the desired address and host name.

@jrey I only looked because I was expecting it to comment out the periodic daily line but it didn’t. Then it rewrote the file at boot, still I commented, so I pulled up the patch details. no memory spike the next day so it must have worked.

Perhaps crontab write triggers again at other criteria?

@derelict Thanks for pointing this out - we hadn't had a rule on the previous version but added it in before the gateway rule and all is working OK again.

@viragomann

I found the culprit, why it only has been on this one unit, I cant explain. It was being blocked by Snort..

140:20
(spp_sip) Invite replay attack

Disabled the rule and it has resolved fine. All 4 units run Snort, only this one has had an issue.

Thank you for your help.

John

@steveits thank you for the reply, I'll try finding the docs :)

@eddie-raydian said in Fatal trap 12: page fault while in kernel mode after upgrade to 23.01:

@fsc830 first of all, this is not helpful and disrespectful to all users on the forum. If you cannot provide help or good feedback, I think we can all agree that it you should not post.

Second of all, asking, if a backup (or in case of VMware a snapshot) is available is a legitimated question to think about further steps.

Cant see, why this should be disrespectful.
But as you desired: I will not post to any of your questions again. 😎

Everything is now LIVE.
When I was out, I decided to try the site(s) and see what I got while totally away from the office, and I got the site but with a non-working SSL. OK, Good.
So, when I got back to the office just a few minutes ago, I grabbed the SSL cert I had installed the other day before creating the SSL through PFSense, and everything is working.
All sites are LIVE in front and behind PFSense.

Thank you, everyone, for all the help.
Have to say this community absolutely ROCKS!!!!

All the information to get the site(s) live was from this thread here, with the link(s) provided and the link(s) I provided.
So, if anyone has this same issue, all you have to do is follow everything from start to here, and you should be good to go.

I've tried to notate everything I had to do, so I can write an article for our Knowledge Base site.
Love sharing and exchanging knowledge.

@saqqara I don't have two LAN interfaces with the same IP address. The original is 192.168.1.0/24 and the new one is 192.168.2.0/24. But, with the spacing in my OP, it's a bit hard to see. I'll edit that to make it clearer.

BackupLAN is simply a backup interface. I recently lost access to my whole network (not just the internet) and one line in my logs implied there was a problem with the LAN interface that wasn't cleared by a reboot of the device. This is just something I can try if it happens again (to see if it's actually a problem on the LAN interface or something else).

@mer Well sadly, I am going back to 22.05. I am having too many DNS issues with Unbound (I've been posting in the pfSense and pfBlockerNG forums about this).

Any DNS queries for entries not (or no longer in) the cache are really slow. It causes my browsers to lag, app updates to fail, and worst of all: overnight backups are failing.

I'm just glad I ensure I have the previous good release + config file on a USB stick. I'll be repaving (and perhaps upgrading to ZFS in the process) in a few days. Can't take the network down without some notice...

@michmoor
I have two spare HP T730 boxes: one with the same Broadcom 5719 NIC and the other with Intel pro 1000. I tried using both but I am getting the same issue.

Furthermore, I have also tried disabling hardware offload with absolutely no effect.

The weird thing is that I am using a similar setup at my home with the same ISP with a broadcom NIC and that works fine

I have noticed that it usuallyt happens when the ARP entry for WAN gateway refreshes i.e. around 1200 seconds