@bmeeks Got one 500VA UPS coming tomorrow for the fiber modem, pfSense, switch, and the two UniFi AP's. This will be USB cabled to the pfSense and it's an APC so if nut doesn't work then I will use apcupsd.

I have a second UPS also coming, in the range of 1800VA for my NAS, switch, and ESXi boxes.

As far as the restore, since I have backups and copy them off the appliance, it was stupid simple. I created the USB key, added the FAT32 "Recover" partition and copied the backup xml file and named it config.xml. I had to hook the firewall up to my TV as I have no VGA monitors in my house surprisingly, but it booted, installed, and on reboot applied config.xml and was up and going. Stupid simple DR in my mind and a huge bonus for pfSense in my book!

From now on, it's going to be a DR instead of hours of troubleshooting, its just too damned easy to recover.

Going to use a SIIG USB over IP device and a FTDI cable to have remote access to the console for any future needs.

Usually that would indicate that you didn't provide the correct encryption password

@techgeek055 can you tell me how you did it? i face the same problem though i got live ips from the service provider, the ping is working fine. do i need to change the monitor DNS to the google?

Never mind, checking KB below and selecting "Disable hardware checksum offload" option did a trick:

https://docs.netgate.com/pfsense/en/latest/interfaces/low-throughput-troubleshooting.html

g.PNG

Have not had time to script tests yet. One of the 2 brand new boxes with same hardware and "WOL" disabled froze a couple of days ago as well. The previous box's console was still interactive when issue happened. This one was a full freeze. Not reacting to any inputs.

Thank you!

@jimp Any update now ? I would like to us this feature as Official

Followed the full reset instructions on the linked page, reinstalled squid - back in business.

Thanks for the help @stephenw10!

@johnpoz said in Planning to use PFsense with Cisco L3 core router and Unifi for L2... does this look ok? suggestions?:

@Jpub said in Planning to use PFsense with Cisco L3 core router and Unifi for L2... does this look ok? suggestions?:

Keep it simple."

Which is why you have to make the choice - if you want to easy firewall, then use pfsense to route between your vlans - be it you fire up another another one in the core, or just route at the edge.. Or are you going to take the time to actually do it correctly at your L3... If your not - then you might as well just do a big fat flat network and not have to worry about the routing at all.

In pfsense land, one thing I've read as a reason for segmenting, at the least in terms of provisioning IP's along CIDR/subnet lines, is if you're using IDS then you can filter and target logs better. Another is "network ACL's" ... but yeah.... it sounds great, but maintaining this doesn't seem like something a small shop would be doing very well beyond that first day or two they set it up. The IDS logs I think I would actually use a lot, or at least want to narrow things down quickly on alert.

Hey steve,

So there is a plugin in OSSIM which I enabled thinking that might help me read pfSense logs directly but I realized that is not going to work. Besides that I found about https://github.com/decay/alienvault-pfsense. This seems promising but it says AlienVault USM not OSSIM. Not sure if I should try this or not so I wonder if I could get some help.

@KOM
okay then thanks i will try my best

@teddygramps
And on those dell cards, be careful many are small form factor. These cards won't fit in a regular size atx motherboard setup. There are people who do sell the proper bracket out of china.

I would not even begin to know how to look at the firmware version let alone updated it on this board. The NIC is on the motherboard.

Yeah. It could be that the NIC chipset may have been zapped. or maybe my initial install from the USB was corrupted. The one thing that was different was that I flashed a new USB installer.

I might one day try the old board but I have spent like 20 hours and just happy to be done with it for now. I will put the "other router" i bought on the shelf and play with it later as well. As long as this box stays stable it will me my new router.

Thanks for everyone who spent their time with me. Sorry that the problem was a wild goose chase.

The easiest way around this is to create an alias called ProxyExempt for example, and then add all clients that you want to that alias. Then add a firewall rule just above your tcp80,443 block that allows ProxyExempt out on those same ports. That's how I do it:

Untitled.png

Hello Steve

Systems Activity page.......Screenshot from 2019-10-17 11-34-07.png

Packages are......Screenshot from 2019-10-17 11-33-41.png
System information....Screenshot from 2019-10-17 11-34-26.png

And bandwidth is 20MBPS unlimited.

In 3.5 years here at Netgate plus a long time before that I have never seen a situation that required Static ARP to fix.

What pSense version? What browser? What OS? What error are you seeing?

More info needed. 😉

Steve