Do you just have a port open on your WAN to allow access the webgui? A port forward?

Are you accessing it by IP directly or by FQDN?

Is the Cyberoam device known to you? How is it connected if so?

Steve

Ah, then that's almost certainly the cause!

In environments where it's not possible to guaranty the power you can set /var and /tmp as ram drives. That minimises drive writes and hence the chances of filesystem issues. That's a setting in Sys > Adv > Misc. It does require rebooting to set that.

Steve

Unless you have fiddled with gateways groups and failover, it will not fail over if WAN2 goes down.

@Derelict said in What is best practice for my scenario:

@JeGr 🌈 🦄

Thanks for the laugh! 😄

And yes, as @Derelict and @stephenw10 already stated, try getting them to route your subnet via a transit network. Sometimes one has to be very stubborn and persistent about it, but it pays off with any kind of box behind it to be far easier configuration-wise.

so I have chosen one that would turn the bars green, will they change color as the situation nears criticality? I don't want to run up my router to find out.

@stephenw10 said in pfSense behind 4g router:

Right so if you use pfSense instead of the local computer you use currently you could create a VPN to the VPS from it and forward ports across it.

Exactly.
Permit rapid tunnel creation, their activation / deactivation and the possibility to control their states and an automatic reconnection (autossh) in case of disconnection.

It is a quick way for a webmaster to allow access to these self-hosted site under development to be tested by his client for example ...

The MobaSSHTunnel software under Windows does that perfectly!

@revengineer @johnpoz Good to know, thanks.

They are pretty good. Ask them what is required.

@stephenw10
i have not been brave enough to test it. I just assumed that having both squid and HA proxy was a bad idea. Will give it a try today and see how it goes.

@riahc3

First off, what your phone can do is irrelevant. It's what the actual equipment you use is capable of that matters. However, you're not going to get anywhere near 1 Gb with LTE, no matter what you use.

Spam thread. Lifted from here: https://www.reddit.com/r/PFSENSE/comments/dfbts6/unbound_dns_secondary_dns_zone_for_ad/

Yes, it would be very similar but possibly easier since in the default configuration the SG-3100 does not require vlans, laggs and switch config. Of you just have the default 3 interfaces you should just be able to import the config and re-assign the interfaces.

Steve

You can do it within pfSense:
https://docs.netgate.com/pfsense/en/latest/monitoring/performing-a-packet-capture.html

Steve

You mean using the Freeradius package in pfSense?

If you want this purely as a radius server you should use something intended for that, not pfSense.

Steve

Unless you have changed the rules since taking that screen shot you should still be able to see what rule 197 is.

It must be a custom rule of some sort as that would not otherwise be logged.

Steve

A lot has changed since 2014. If you're seeing the bogonsv6 table limit make sure the Firewall Maximum Table Entries is set to 400000 in System > Advanced > Firewall & NAT. That is the default value in current pfSense.

Steve

https://www.netgate.com/docs/pfsense/routing/bypassing-policy-routing.html

I'm going to be rewiring my home network this weekend (many of the cables are hand-crimped cat5). Although they still seem to be getting the job done and everything is negotiating at 1000, I figure as long as I'm pouring money into network upgrades, I should upgrade the cables too to pave the way for gigabit-plus speeds. Since bulk cat5 is expensive, I often bought the cheapest box, and sometimes cannibalized other cables and other weirdnesses... I figure it's high time to purge that.

When I take things down to do the rewire, I should have a chance to shut down the router and take screenshots of the BIOS. I'll be sure to get version number as well as the various settings. I suppose one nice thing about having a serial console is I can literally just copy/paste the text from the BIOS screen 😁