@Maerad: Honestly - the whole approach to the problem is wrong IMHO… ...Secure you Windows, work with care, get a more expensive router... ...if you are not a enthusiast user that has no problem spending hours to find problems and just want the network to function, do yourself a favor and go the easy way. @pfBasic: In general, pfSense won't prevent you from getting viruses. That being said it will absolutely help if implemented correctly. Best all around anti-virus is still going to be your decisions on the web and on your device. @Maerad: Separate networks might help a bit, but in reality, it's way too much work and investment in a private home Eh, seriously? Separate networks take a few minutes to setup and the cost of getting a web managed switch that supports 802.11q over a "dumb" switch is pretty negligible for a home use switch. The firewall rules are not complex at all. Just write a rule on the interface you want access from to allow access to the network that contains the device you want to access… Buy a more expensive router that has a Guest network? One of the big draws of pfSense is the ability to run it on the old computer you have sitting in the closet from 8 years ago, or a $50 eBay/craigslist special. Out of the box, pfSense works. Any complexity is user implemented. The $50 T420 from 2011 I have sitting on my desk with a single NIC paired with a $30 switch will easily outclass a high end SOHO router...

OK, pulling my hair out with this - and I don't have enough to spare …  ;) If I try to start my services (which use daemon, so fork to the background) ... they block other services from starting (actually, one does, the other doesn't - but they both just call Python ... very odd). So I tried a shellcmd in the bg (trailing &) -> then pfSense doesn't even boot fully! I have to go to the console, press Enter to get it to continue (and then again to skip changing the configuration). Next I tried a super-complex script (ls -alF) ... ;D. Ran that in the background (test.sh &) -> again, pfSense won't boot, it gets stuck, have to press Enter on the console. But after that, all the services have started at least). But boot shouldn't stop, agreed? So very confused about this, and why it's not working. Has anyone else been able to get it to work? Thanks!!!

Thanks for the reply, its very odd that it recognizes as USB controller the mac that is registered on pfSense of that NIC is d8:cb:8a:59:29:8e it was a tplink box and within was the PCI express, i guess the question is should i leave it as it as the NIC only purpose is to separate the WAN IP from the EMAIL Server IP meaning that users navigate on another NIC while the email server static IP is on the NIC d8:cb:8a:59:29:8e.  So far i have not had any users complain. Or would there be possibility to modify the config?

I am ready to mount the disk with freeBSD live cd (through usb), but when i want to create a dir with mkdir /disk I got error Read-only file system nvm, now I am using recover option from pfsense usb install, but I don't know how to mount the disk: # gpart show ada0 63 123666369 ada0 MBR (59G) 63 123665409   1 freebsd [active] (59G) 123665472       960 - free - (480K) # gpart show ada0s1         0 123665709 ada0s1 BSD (59G) 0       16 - free - (8.0K) 16 106888177     1 freebsd-ufs (51G) 106888193 16777216     2 freebsd-swap (8.0G) **EDIT I solved through myself, follow this procedure: # mkdir /home/disk # mount /dev/ada0s1a /home/disk we have now disk mounted then: # mkdir /home/usb # mount_msdosfs /dev/da1 /home/usb we have mounted a usb stick (the device name da1 could change) then browse to: cd /home/disk/cf/conf/ and you will find config.xml and the folder backup with old config auto-saved. Just do: cp config.xml /home/usb to copy your config to your usb stick

sigh.

I have a feeling I many not be able to use the VAs since I want to separate the guest from the domain.  I just found this post. https://forum.pfsense.org/index.php?topic=112288.0 It is a good write up.  Thanks for the reply.

Plugging directly to the modem, I got 450 down and 400 up We also have HP Procurve 2810-48g switches, so I put one of these between a laptop and the integra modem and still got 100 down, 165 up, to test if it was the switch According to your statement, the problem seems to be related to the switch.

https://forum.pfsense.org/index.php?topic=132735.msg729802#msg729802

I think that happens because, instead of wrapping the security into the package or similar they're used to using, they're given a new thing that's more complicated to use and they just give up. Server side can be complicated, but client side can't be more complicated than what came before if you want users to adapt it without any whining. They care about security when you talk about it, but a lot of them don't care if that means they have to jump through extra hoops to get there. That's why apple has done so well and why windows 8 failed.

Thanks for the hint. I have ntopng installed, but it doesn't appear to store traffic data, but only shows live data. I.e. I would have to get up at 4 a.m….?

Turned out to be my USB network adapters, they don't appear to handle tagged traffic well (or at all).  Not planning on using them in production, just for POC.

For alerts im Just trying to get more information on what is happening.  Currently I have this system setup with 2 ports one for management and another for traffic.  The traffic port has no ip on it and at the switch I have all external traffic coming in and out mirrored to it.  I could run a constant capture on this interface, but it will fill up the box in no time.  Im just trying to find something out there to pull a full pcap upon a triggered alert.

Hey folks, I found the root cause. I initially installed pfsense then restored a configuration. I can only assume that this created the user home dirs in the first place. During the adjustments needed I decided to start over, so I reset the configuarion and re-did everything. The home directories are owned by the other users, for example: user1 is owned by user2 user2 is owned by user3 user3 is owned by user1 I can only assume that the uid mapping changed due to re-creating the users while not wiping the home directories. Seems like the revert option does not wipe /home. Ah well, another mystery solved.