It has been there as long as I can remember.

And why do you wan't to leave your hyper-v Host unprotected?
In my eyes it should be behind the PFsense VM

thanks I will look in to I t

Interesting because the port going to your modem should be untagged on VLAN 100.

pfSense is based on the FreeBSD operating system, so anything else you install must be compatible with that OS. It is generally considered very bad practice to do so, however. Let the firewall be a firewall, and use another box for your applications.

Mh, pppoe is like a tunnel and uses 8byte from your connection. so MTU of 1492 is most the fact. All of your traffic goes through this tunnel for accounting and I think, you get every time the same IP so it is static. Other ISP (Cable) may don't use pppoe.

pfadmin

Please make a picture of what ist what in your network. I don't know what you mean with "PPPoE Modem" and so on.

pfadmin

Hi, I also had this error, in my case it happened using qemu as hypervisor. With KVM it works correctly instead, so it's probably an issue of virtualization

My current Time Capsule doesn't give me any flexibility… It works but I can't see whats coming in and out of the network and can't isolate the devices...

@AMizil:

Your Splunk Light license expired or you have exceeded your license limit too many times" . After expiring the trial period you have to somehow manually change to free otherwise …

Go to Settings > Licensing > Change license group.  This does limit you to sending less than 500 MB/day of logs to Splunk though.

Yeah it's a little confusing because I see this in the logs also

But when I check the Arp logs and DHCP logs as well as the control panel for the router it all looks right


@Harvy66:

Looks like you enabled polling. Instead of an event based system that reacts when new packets come in, it spins at 100% CPU checking to see if any new packets came in.

You rock :) Thanks.

I would certainly expect it to. You will only get close to the limit of it's abilities trying to fill the pipe with encrypted traffic. But even then since OpenVPN is single threaded it can only use one core leaving the other to do whatever else may be required.

The D525 won't do that.

Steve

@pvr2002:

I am in the process of familiarizing myself with the Cisco IOS and have a Cisco 3750 (with routing functionality).  Please see attachment for current working network setup.

I am trying to enable IP routing on the 3750 and only route internet traffic through to the Virtual PFSense box.  I have successfully setup IP routing and ACLs to prevent vlans from talking on the switch.  However, I am running into issues determining how to get the switch to forward traffic onto the Virtual PFSense box.  I attempted to utilize RIP between the switch and PFSense, but was only able to get access from VLAN100 (even if shutting off all ACLs) to the PFSense VLAN100 Interface.  The other 3 VLANs did not communicate at all.  Can anyone provide any insight as to what may be the issue?

Thanks in advance.

1. Decide whether you want cisco switch to route between vlans and route all the traffic to pfsense through a interconnect network ( pink colored in Derelict's diagram) or (2) .

In this case (1)  you need to have VLANs created on the L3 switch, assign ports to VLANs , enable ip routing by configuring a routed port on L3 switch, static route on L3 sw to route all traffic to the transit IP of pfSense. On Pfsense you also need to add static routes to all your vlans  through pfsense transit IP address. ( otherwise routing won't work). In this case you also have to configure DHCP helper or  server on each L3 interface …. or use static IP addresses.  Also configure outgoing  rules on pfSense to allow traffic. Don't use routing protocols only if you have multiple network with multiple routers...

2. Use L3 sw as a L2 sw ( similar to your drawing , create vlans, assign ports to vlans, create trunk ports  on L3 sw  and on vSwitch + pfSense, configure vlan interfaces on pfSense - LAN  or wan ( for wan you also add gateway IP address), enable dhcp on  each interface , enable outgoing rules on each vlan ... .

If you have a small network I would recommend to route all traffic to pfsense box ( 2)  so you can also inspect inter vlan traffic if you wish ( from security perspective).

Check this topic also : https://forum.pfsense.org/index.php?topic=57239.0

you can dump  ...  show run conf

BR,
Adrian