@stephenw10 said in netgate licencing and hardware changes:

Nope it would not. The ordering of NICs is not important.

Thank you 😊

@cheapie408 where in your "modem" which doesn't have a public IP.. You mean your gateway, a modem/router combo that you put into bridge mode.. Modems don't get put into bridge mode.

And yeah its possible for them to passthru a different public IP to the client than what it has.. Many of those devices can do passthru, ie bridge mode and also still do nat for devices connected to its other ports, etc.

Have seen this a lot in business deployments of comcast/xfinity.

Rebooting switches wouldn't have anything to do with it - other then the interfaces would cycle if you rebooted the switch, do you have a switch between your isp device and pfsense wan?

Probably a temporary connection failure. Try making a manual backup and make sure it appears in the backup list.

For whatever reason the system alias TAILSCALE__NETWORK is not being populated so the firewall rules cannot be loaded.

So if you replace those in your firewall rules with the actual subnet it will then be valid and load.

Did Protectli ever get back to you? Is it resolved? Im curious because I have a similar issue with my hardware. I have it sitting at the BIOS screen to see if it may be hardware rather than software based.

Thanks!

2.7.2 does include that functionality yes. It's the ability to check the current or any available repo for updates:

[2.7.2-RELEASE][admin@t70.stevew.lan]/root: pfSense-upgrade -h Usage: pfSense-upgrade [-46bdfhnRUy] [-l logfile] [-p socket] [-c|-u|[-i|-d] pkg_name] -4 - Force IPv4 -6 - Force IPv6 -b - Platform is booting -d - Turn on debug -f - Force package installation -h - Show this usage help -l logfile - Logfile path (defaults to /cf/conf/upgrade_log.txt) -n - Dry run -p socket - Write pkg progress to socket -R - Do not reboot (this can be dangerous) -U - Do not update repository information -y - Assume yes as the answer to any possible interaction The following parameters are mutually exclusive: -c - Check if update is available in the current repo -C - Check if upgrade is available in any of the available repos -i pkg_name - Install package PKG_NAME -r pkg_name - Remove package PKG_NAME -u - Update repository information

But 2.7.2 is latest version anyway so safe to upgrade rsync there.

@MacUsers
By default pfSense blocks all private address ranges on WAN. To disable this, go into the WAN interface setting and remove the check at "block private networks".

Also you need to add a rule to the WAN to allow access to the web GUI.

Yup so that's only the grep command you're running. Kea is not running.

If states have already been opened they will continue to pass traffic even if new rules would prevent those states.

Hmm, I not aware of any blacklisting there. Could be co-incidental I guess.

@stephenw10 Done! Thanks for reviewing; let me know if you need anything else from me.

SG

Well you test there seems to show it's possible with the right NICs. There have been a few other similar posts. Most systems will not though.

I haven't tried it personally, I can only dream of 1G where I am! 🙄

If you have a paid Plus subscription then open a ticket with TAC to discuss. Usually it can be migrated if you had to replace failed hardware for example.

@stephenw10 I did shut it down twice while troubleshooting, to make it restart. This was while the network was down, and I was trying to figure out why, before I connected a monitor directly to it.
I'll go through the logs again, and see if I can find any clues to why it went down in the first place ( and what caused the config file to be left empty ).

@allsome Yup I was about to respond that unchecking it should do what you need, at least as far as I can tell. I am still using it with this firewall and Proton's SMTP service and it's working fine.

@SteveITS, Thank you very much for the pointer, I appreciate the pertinent tip and look forward to better speed on the reassigned WAN to 2.5Gbps. Have a good one.

@Gertjan

thank you very much
i have removed the VLAN ID from the network card settings directly
and i try the config on the unifi control and now work on allow device.

The option is moved to the DHCP server setup page when Kea is running in 24.11. You can now choose to register leases from each interface separately if required.

@Gertjan as a last resort i will enable that ;). If i would be owner of hotel i also would not enable that ;)