@stephenw10 Ok I'll keep that in mind. So I was able to use the console to go to an earlier configuration, reboot, and I was able to get into the WebGUI. Proceeded to immediately make a backup configuration on file just in case. Phew! Thanks for that suggestion, and thank the Devs for having such a feature available. Truly a lifesaver! Next meeting we're gonna take it slow and only forward the ports that he needs. Maybe he won't need all of them.

@R-Mana So everything was correct and the VPN tunnel worked as expected. But I have a different problem to which I created a new post.

Try mtupath mtupath www.detran.rs.gov.br I have had similar problems some time ago, this was happening with IPv6 enabled but some sites were ipv4 only, so after mtupath discovery I have changed the MSS to 1352 BTW I have zero problems opening www.detran.rs.gov.br in firefox also, but not in edge.

@stephenw10 but THANK YOU for your invaluable knowledge and desire to help. You really are indirectly one of the invaluable qualities that makes pfSense such a fantastic product.

@stephenw10 Actually I was just able to get it to work. I logged in via my phone's web browser then switched to the app and got in just fine. Why, I have no idea, but it's working. Thank you for your assistance!

Potentially you could use rules matching by priority tags perhaps. But you would need to be able to tag the traffic from the application in the client. Not something I've ever tried.

@stephenw10 I'm looking forward to the 25.03 version and will test it right away. Thank you for the information

@sensewolf restart the gui [image: 1740574045784-restart.jpg] And yeah if your using acme for your webgui - then that command @Gertjan shows should be in your acme client. I don't have it because I don't use them in my gui, only for my haproxy stuff [image: 1740574268955-guirestart.jpg]

Yes, that applies to the local side where the VPN would effectively be the other WAN. At the remote side you just need firewall rules to pass the traffic coming in over the VPN and outbound NAT rules to translate it at the WAN. The OBN rules may already be added. Try routing some traffic from a single client. Start a ping to something unique then check the states at both ends.

General Motors makes Chevrolets. And Cadillacs. EOF

Oh, yes indeed. And by far the easiest!

Then the ISP router must be configured to forward traffic to the Sonicwall. It might be forwarding all traffic (a DMZ style setup) or just forwarding the required ports for the SSLVPN. You need to setup similar forwards to pfSense. But, yes, a better setup would be to eliminate the ISP router entirely. That may not be possible though.

@SteveITS said in host in alias used by firewallrule refuses to work: @a1aba ...you're welcome...? ¯\_(ツ)_/¯ thanks for the help of course! vereybody who helped thanks for the effort

No, patches survive a reboot. They may not survive an update but, yes, this would be in 25.03 anyway so you shouldn't need to do anything.

https://redmine.pfsense.org/issues/15544 That seems to cover what you're asking. You can add comments there.

@Fandangos said in DLNA discovery doesn't work: I am not using the wan port. I'm using the first lan port. Ok perhaps I found pictures from a different model router than the one you have. The one I found had one orange and four blue ports. But that's good, you need to be connected to one of the LAN ports. And even though some routers these days have an "AP Mode", all you really need is to turn off DHCP to make it function as an AP. So I guess, problem solved right?

@stephenw10 Thanks for the replies and insights. So far it's been over 24 hours with no issues. I'll report back after a longer period of time if issue re-occurs with details.

If they are statically assigned and in the same subnet then you should just be able to use virtual IPs. How did you test it? Adding a bridge is only required if you need multiple MAC addresses. Usually you would not. You can only add one though. Your screenshot implies you either already have WAN in a bridge or you tried to add it to more than one.

@patient0 yeah I would assume that a static mapping would override any deny, same goes if there is an existing lease already I would think.