System>Packages, uninstall it.

Because your WAN's reconnecting or renewing every 10 minutes. "IP change or dynamic WAN reconnection" Guessing you probably have a DHCP WAN with a 20 minute lease time. If that's the case it's not anything to worry about.

Okay, thanks.

So, this is my LAN firewall rules and these are my Outbound NAT rules. I set DNS servers for each gateway under System>General settings. However, when I put them in place and disable the default LAN to all rules I get no connectivity on both the file server (101) and my PC which should fall under the next rule, correct? Edit: This was the guide I used.

The block the support guys use is out of Austin (shared between our office and Austin colocation), the updates and much of the other file hosting is out of NYI in NJ. So no, the same netblock can't be used for both. Point taken on support access though, it's something we've talked about making a package or similar to help accommodate. That may be something that comes in the future.

Use an alias that contains all the possible IPs. Shouldn't be a big deal.

As to running multiple ssid with different vlans.  While this might be possible with something like openwrt or dd-wrt on your old router yours going to use as just AP.  If I recall the vlan support on these devices were dependent on the chipset and not all of the routers that run wrt support the vlans. If you really want to run vlans for your wifi I would suggest you go with real AP with this support, the unifi stuff is quite home budget friendly and support up to 4 different ssids per radio and very easy to setup for vlans on your different ssids.  The new AC lite model is only $89 while the pro model is only $149..  I have 3 of these in my house, the lite, the lr and the pro of the new AC line.  I run 3 different ssids all on diffferent networks.  My normal wifi which is eap-tls for auth (my devices like laptops, ipads, phones all use this), my psk network for devices that do not support eap-tls like my nest thermostat, my harmony hub, nest protect, rokustick, etc.  And then your typical other psk authed network that is for my guests. The unifi AP bring to the table band steering to put your devices on either 2.4 or 5 with the same ssid, they also support Air Time fairness and just recently enabled the DFS channels for 5ghz band so lots and lots of channels available depending on your clients support for these networks.  The free controller software you can run also brings lots of insight into your wifi network, what clients are connected to what AP, what speeds they are connected at, errors, bandwidth used, etc. etc. These wifi networks are all firewalled via pfsense and have varied access into my other networks. As to blocking ads, yeah pfblocker package makes this pretty simple to do. As to openvpn, yeah this is few clicks of the wizard to setup on pfsense, I vpn into my home network pretty much every day from work.  And yup there is a openvpn app for both ios and android devices that is clickity clickity to use.

https://forum.pfsense.org/index.php?topic=113750.0

And in post https://forum.pfsense.org/index.php?topic=114205.0 everything works in 2.3.1

@dyox: Hi, guys My question is: How PFSense "knows" my Internet speed? For example, I have a 50MBps Internet link, which is attached to my PFSense on a 1GBps Lan Port. How it "knows" that the link is 50MB and not 1GB? Did I have to set it, if so, where? This question is related to Load Balance. This is the Link Priority explanation: "The priority selected here defines in what order failover and balancing of links will be done. Multiple links of the same priority will balance connections until all links in the priority will be exhausted. If all links in a priority level are exhausted then the next available link(s) in the next priority level will be used." If PFSense don't figure it out that the link is 50MB, it'll never be exhausted and the Load Balance will not work. It doesn't know Load Balancing When two gateways are on the same tier, they will load balance. This means that on a per-connection basis, connections are routed over each WAN in a round-robin manner. If any gateway on the same tier goes down, it is removed from use and the other gateways on the tier continue to operate normally.

Dude how did it the drawing you create do it by default??  Yes I understand the switch sets those as excluded my point was that there is no point in showing that on your drawing because it is a GIVEN!!!  That all other vlans are excluded. As to harm, I don't know do you count a performance hit as harm? File sharing your talking about p2p? Torrents? So your putting in proxy and blocking all other access to the internet that does not go through the proxy?  Just installing squid doesn't stop all the other access.. [image: drawingexcluded.jpg] [image: drawingexcluded.jpg_thumb]

Its not so much that either pfsense or switch create the vlan, they both need the vlan info to be able to work together.. If the vlan is untagged pfsense has no clue that its in a vlan, just traffic it sees you control what untagged vlan that interface pfsense sees in the switch. If your sending tagged vlans to pfsense interface, then yes pfsense needs to know what IDs are which..

up on this. Thanks

I went through and double checked all my settings.  I discovered that the "From" line was causing the problem. I had to create an email for each pfsense box (used alias accounts) that was recognized by our mailserver. So, for one pfsense box I created an alias email of " office-1-pfsense@myemaildomain" and it worked fine I then created alias accounts for each pfsense box I will put into production so I can easily recognize them in my emails Thanks so much for all the comments and suggestions!!

@ronwbrown: I don't want to bridge the entire WAN, just one of the IP addresses..  I don't know how, or if it is even possible I actually have 3 subnets x.x.x.32/29 (1 gateway 5 usable) x.x.x.72/29 (1 gateway 5 usable) x.x.x.80.28 (1 gateway 13 usable) I want to assign x.x.x.35 to server on lan going thru pfsense You can break the x.x.x.32/29 into two /30 subnets, then assign the second of them to the LAN or DMZ interface of pfSense. ISP x.x.x.33 –--- x.x.x.34/30 pfSense x.x.x.37/30 ----- x.x.x.38/30 Server Now, since the ISP still believes that his router shares L2 segment with the whole x.x.x.32/29 subnet, you have to trick him using ProxyARP VIP x.x.x.38/32 on the WAN of pfSense that will make the server reachable from the Internet.

I considered that and the complexity it added, got a SG-2440 with three LAN ports, much simpler. Also if I ever have an issue it is easy to swap in another router and get back on line while debugging or waiting for a repair.