Not all of the interfaces were selected so it was re-broadcasting only on a few interfaces. Thanks for the push in the right direction.

I think you should restate your requirements. The number of clients is not the correct end number you are looking for, it is the number of states (RAM usage). I have about 20 devices on my network doing things. I have 800 states, or about 40 states per device. 10k clients times 40 states is 400,000 states. My 8Gb FW defaulted to over 800k states, my memory usage is low so there is room to grow. (40 states per device is not a solid number you should use, just an example.) 10Gb is where you look at interfaces and CPU, a 6100 should handle that speed. Any packages you add on top should be added to the CPU and RAM numbers. When you are done you should have an idea as to the the CPU and RAM needed, then you can make an educated guess on which device is best suited for your needs. If you have performance data from previous events you can improve your estimation on CPU and RAM needed.

@josephchrzempiec do you have multiple dumb switches? If so you could plug 1 switch into the interface on network 192.168.1/24 and another switch into interface 192.168.2/24. Stuff you plug into sw1 will be on that network, stuff you plug into sw2 would be on the other network. Then you could firewall all you want between these network. Your other option would be just plug say this server into the port directly on pfsense, and put it on a different network that way. But you can get a 8 port "smart" switch that does vlans for like $40 or so. Other option if you did have a managed switch that supported private vlans, you could limit who could talk to each other in the same network/vlan Other option is to do your filtering on the hosts firewall directly.

@stephenw10 Nothing like that in any of my logs. Might be though. When I didn’t double boot I still over wrote everything with the restore.

NUT reports everything correctly. Doesn’t seem as easy to configure for when to shut down, etc. Looks like defaults are good to go as is though.

It means the bogons v6 table has not been populated yet. It's common to see that at reboot because of the order things are loaded in so if you only see it there it's probably not an issue. Make sure if you clear it and then do Status > Filter Reload it does not return. The other reason you might see that is there is insufficient table size to contain the v6 data, which can be quite large. If that's the case try increasing 'Firewall Maximum Table Entries' in System < Advanced > Firewall & NAT Steve

It doesn't look like there's a port forward associated with that rule on WAN so it shouldn't be there. Check the Outbound NAT rules in Firewall > NAT > Outbound Something is allowing that inbound state on WAN to be created without NAT and that may be conflicting with the outbound state preventing it. You don't appear to have a rule on WAN that would allow it so check the floating rules too. Steve

@stephenw10 Yes Firewall Rules. I don’t think my AppleTV’s, iPAD or iPHONES use Apple Talk. Might. Now on to other questions. Thanks again. Cleaned up some of the network routing and was able to eliminate both Netgear switches in two person office. Added UPS’s to each work station and to the “Internet” station, the router, modem, wireless AP. Power rarely goes out here but it does once and awhile. Employer gets a tad annoyed when everyone disappears. Thanks again. NOW my Firewall is doing what its supposed to do for WAN side. Lots of blocking going on. I've installed and configured the UPS package. Need to figure it out though.

So when exactly would curl on pfsense be doing this for example "When sending data to an MQTT server" "redis -- Integer overflow issues with BITFIELD command on 32-bit systems" How is that applicable? If you were going to update every single package every time any sort of issue is found, all you would be doing is running updates.. Unless the issue is applicable to how pfsense is used, it really shouldn't be a concern.. I am all for keeping up with what is out there, and what could be issues - but it can get out of hand really quickly if every little alert is some sort of fire drill for how the sky is falling.. Pfsense and the Netgate team should be keeping abreast of issues that could effect pfsense install base. And taking the appropriate actions - if you do not trust them to do their jobs, why are you running their software? Are you following up with the 2400 some plus CVEs currently out for windows 10? And following up with MS to what they are doing about them? ;) What is funny to me is how on one hand you have users worried about some odd cve report for a package and use case that I just do not see how its an issue.. And then you have others running 2.3 still of pfsense ;)

@kosvision pfSense is a router firewall. If you need a firewall / router, pfSense might fit your needs. Most often, your ISP router will do just fine. Hook it up, and it works, you'll be fine. Anyway, you can test it for yourself.

@jsmiddleton4 what exactly did you set? you should be able to view what that is directly with sysctl whatever that is..

It sounds like you whitelist includes your own IP and you are applying it inbound on WAN which you probably don't want. The pfBlocker rules generally get moved to the top of the list whenever they update which is probably why your block rules is being overridden. You can change that behaviour though or add a floating rule depending on how you have set the pfBlocker rules to apply. Can we see a screenshot of your WAN rules and floating rules if you're using them? Steve

No worries. Please ask if we can clarify anything further for you.

@stephenw10 said in Routing Error :radvd 40776 sendmsg: Permission denied: Go to Services > DHCPv6 Server & RA > LAN(or any other interface) > Router Advertisements tab. Set the router mode to disabled. Steve Dear Steve, your explanation help me out - thank you - roland.

What I set up for a client that is on FTTN is a Draytek Vigor 130 (i think) in bridge mode and a pfsense box. Their modem/router with the phone connection is connected to the pfsense box and goes out to the internet all by itself. All the other internal network runs off the pfsense box. FTTN ^ Draytek ^ pfsense box----------------> Old modem/router with ATA built in | |-----------------------------> Rest of network Hope that helps.

@sven72 The controller can just run on a VM.. Or a docker even - I run mine as a vm on my nas. You get a better AP, you get a better switch to be honest and more ports. While the UDM and the PRO and what the SE do have market I suppose. They have a new budget one coming out its in EA I think right now that is only 79$ that could be a good seller for them. I am just really not a fan of all in one boxes.. For big one where that box would go is rarely the correct place for an AP.. 4 ports pretty useless and would need a switch anyway ;) Once you put all that stuff into one box you limit yourself on features and functions, etc. While you can get a $40 smart switch.. You could also spend way more than that if you want more features at the switch level, etc. AP you can spend way more as well - but the U6 lite is better than the wifi that comes with that udm I do believe. If you really want to make it work - it can be done, it would end of being a bit of a mess in how has to be configured to be honest. Just a normal AP or even APs, a switch and your router makes for a clean setup with lots of options for expansion and configuration to really do whatever you would want to do.. There is a market for the UDMs even if your past your return window and want to get your money back. But if you don't want to use it as they intended a all in one box setup, its a pain trying to force it into your network and just use the functions you want.

@stephenw10 said in AWS pfSense VPC DNS: Start a ping to it. Check the state table. Where is the ping going? Where is that subnet actually available if you haven't created it yet? Steve Steve, once again many thanks for giving your time to help me. I've got is working. I had DNS resolution enabled on the VPC, but not DNS hostnames. My EC2 still has XXX.XXX,0.2 as its dns server and I don't have a XXX.XXX.0.0 subnet. But its working now.

You can see that to a certain extent just using the traffic graphs: [image: 1640215014521-screenshot-from-2021-12-22-23-16-09.png] Otherwise the options available are shown here: https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html Steve

@stephenw10 Yeah, to be clear, I think this whole issue is mostly because my ISP suuuucks. lol If they had better documentation, or actual support personnel who knew the difference between a modem and a router (I mean this literally), then this probably wouldn't have even come up.

@stephenw10 I wondered if the 1 and 0's quotes not needed because they are simply enable/disable, yes, no, etc. Now to look at variables.