@stephenw10 This worked thanks guys!

Go to Firewall:System -> Advanced -> Firewall & NAT: Firewall Maximum Table Entries value of "800000"

@denverdesktopssupport Sounds like you'd be interested in Zabbix? https://www.zabbix.com/integrations/pfsense

@tyz Also if you want to know when something is down etc - setup a external test. status cake or uptime robot allow for free testing.

I get alerted if my plex server goes down for example ;)

If the NIC/driver doesn't report it the OS has no way to know. Usually they do but SFP modules introduce a lot more variables and sometimes it will link fine but not report a speed or report as 'unknown'.

@johnpoz and that's the edited version! :D

@jarhead
thank you! after several tries and errors i am less confused now :)

In System > Advanced > Misc you need to set Skip rules when gateway is down.

Otherwise the pass rule is still created but without the VPN gateway set when it goes down. Hence the traffic leaves over the WAN directly.

Steve

Edit: What Bob said! 😉

If it's a VM you should be able to see the memory use in the hypervisor.
But you can also see it in Status > Monitoring in pfSense directly.

Steve

Is it actually pulling a DHCP lease correctly? Showing a valid gateway?

If the WAN shows as UP but you cannot connect out on it you may have a bad lease there. A cable modem handing out private IPs for example.

Steve

You might have the AT&T homegateway device that requires shenanigans to get a true 'modem' mode. What's the actual model number?

I've never used Adguard so I can;t comment on the specifics there but if it's just DNS filetering then I'd expect to just set the DNS resolver in pfSense to forwarding mode and enter the Adguard IP in Sys > General Setup. Of course that will filter queries from pfSense itself too.
I just use pfBlocker on pfSense itself to do that.

Steve

Assuming the AP management is in the same subnet it too would need an ARP entry in order to reply to connections from the client. If pfSense is losing it's ARP entry or has a bad one the AP may well be seeing the same thing.
When it fails do you just see no ARP entry rather than a bad entry?
With no entry it should just ARP for the device to create one.

You should see ARPing entries in the pcap. Make sure you're not filtering them.

If the wifi interface became detatched n the client I imagine that would blow away any ARP entries that were built on it. I would still expect the client to just send ARP queries as soon as it re-attached though.

Steve

@johnpoz The fun thing is the webserver behind the DMZ does vhosts so that is why there is a wildcard in the DNS for the domain.

My IP block files are pfsense Aliases so backup is not an issue since these will be done with pfsense backup.

Unbound in Docker is a blessing I tell you. Backup is done with Synology using 123 backup strategy.

The WAN disconnects appear to have nothing to do with accessing the rockstargames sign-in page. Unless you are saying that is logged everytime you try to connect?

I see your LAN IP is the expected 10.0.10.1 though so that's good. The AP really is running as an AP.

I suggest continuing this in the other thread. Putting info in more than one place just confuses everyone.
https://forum.netgate.com/topic/176134/please-help-me-under-stand-what-the-issue-is/

Steve

There isn't a way to do it, and shouldn't be. Do not run something like that on your firewall, especially the unifi controller as it requires Java.

That is not a task you should be overloading on a security device.

Most BIOSes will pass a different set of ACPI values to Windows than any other OS. You can set FreeBSD to pass a different string so it pretends to be Windows, or some other OS, but I doubt that's the problem. Nothing there would have changed between 2.6 and 22.01.

Yes, some sort of log from the upgrade would help a lot here. A virtual com port would be ideal if it supports that.

Steve

You can add and remove interfaces in pfSense and it doesn't affect the ordering.

The problem is if you delete the NIC from the VM. I'm not sure what you could do about that other than using the MAC address since in a VM even the PCI device location may not be fixed.

Steve

@michmoor I reeeeeeally got to do a better job of RTFM.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/dns-queries.html