Hello Harvy66
did the same for my net: WSUS and SCCM local, via GP distribute the addresses and get local full speed and offload the WAN line at daytime for user stuff. Afair: "one ring to bind them all"
As alternative: you could use squid as transparent proxy and there's a manual esp. for the WSUS case to offload the WAN line (problem with the lot of IPs/subfolders).

Cheers
Michael

Either the hardware is bad, the installation is bad, or some combination of the two.

Take a backup ASAP, run hardware diagnostics, and then reinstall with a current version if the diagnostics pass.

[2.4.2-RELEASE][admin@pfSense.geek.local]/root: pfctl -vvsr | grep -A3 1000000103
@5(1000000103) block drop in log inet all label "Default deny rule IPv4"
  [ Evaluations: 666223    Packets: 6750      Bytes: 588103      States: 0    ]
  [ Inserted: pid 15505 State Creations: 0    ]
@6(1000000104) block drop out log inet all label "Default deny rule IPv4"

Did you also try setting the Peer Certificate Authority for the LDAP server to Global Root CA List?

As you get a bit more advanced, your prob going to want to do vlans on your wireless networks and even wired networks, etc.  In that case get a vlan capable switch and your AP.. you would then be able to leverage any interfaces in pfsense as other networks either via physical or vlans, etc.

Network interfaces make really poor switch ports..  If your at a point where your thinking - oh I can bridge one of my interfaces on my router to use as a switch port..  Your going at the problem the wrong way - clearly you need another switch or higher density switch at that point ;)

Like saying hey I need to drive this nail in to that piece of wood..  Oh shit my hammer is on the other side of the room - let me just use this screwdriver I have to hammer it in.. Its got a big handle on it ;)  I will just hold it by the shaft and swing it like a hammer.  While it might get the job done - its not the proper tool for the job..  Its not really designed to do that..  Your prob going to miss the nail and slice up your hand, etc. etc..

Ok I figured it out. Indeed the problem was a routing issue. I

I first added a route in my VPN Client software(Draytek Smart VPN client) andnoted that it worked . I could have connected to resources behind the Pfsense box.

Since that worked I furgured that I'd try to reconfigure the  VPN Server. I put the IP address of the VPN server withe the same network as the LAN( 192.168.12.2). That did the trick.

Thanks for your support.

It only happens to Google Docs when the Sophos Web Agent is running.  This happens on the Chromebook itself, or when the kids log into the Chrome Browser with their school accounts.

As far as using wireshark to capture packets, should I run ChromeOS in a VM? How do I get Wireshark to just capture the packets from the Chrome Browser or ChromeOS?

help please :-[

@slimypizza:

I removed the TP Link smart switch and replaced it with the Cisco SG200-08.  I get the same results as before.

That's as expected.
Rules apply where traffic enters into an interface/"the pfSense box".
On your VLAN90 rules tab you control where traffic from VLAN90 host may go to - NOT how they can be accessed.
Ruling traffic from LAN to VLAN90 is controlled on the LAN rules tab. Only (except for floating rules).

Any yes, this particular TP-Link switch is a bad choice. Others perform as expected (I have multiple TL-SG3210 but prefer Cisco SG300 or SG350 now.)

Some users seem quite happy with D-Link DGS-1100-08 "$30 for an 8-port D-Link DGS-1100-08 would have been better money spent."

Use PfBlockerNG to blackhole the DNS for sites do is protocol agnostic.  You just need to find the right block list to feed it.

Do not use visudo. Use the GUI, System > sudo

Can someone help me ?

Regards,
Dimostin

Oh you are the first one ever to ask this question … NOT.

Seriously, that's a question that comes up quite regular, so go and search for it.

Thanks for the confirmation Steve!