No, not reqs per sec. The Firewall - Traffic Shaping - Limiter -> using dummynet. (Yeah, CP uses dummynet as well.)

When you say "failover does not work" what do you mean specifically? You may have a firewall rule preventing traffic from the LAN routing over the other WAN connection.  Can you verify that a client on the LAN can route successfully out of both WAN connections?  I usually hit something like checkip.dyndns.org to see where I'm routing out of.

I will need to change up my internal address's as im currently using the 192.168.1.X range at home and have a bunch of static addresses that would need to be changed to avoid conflicts. pfSense's DHCP server for LAN makes handling "static" internal addresses very easy, just set all your devices to use DHCP and assign the addresses you want them to have as entries in the DHCP server "DHCP Static Mappings" table. Leveraging the DNS features in pfSense can greatly simplify your life across two linked subnets.  With a little proper setup you can create different domains for each house, say "freenhm1" and "freenhm2".  Then a computer or device on each network (say "mywrkpc") could be addressed as "mywrkpc.freenhm1" or "hiswrkpc.freenhm2" without having to remember all the IP addresses. As in all things computer related, pre-planning is your friend.  But pfSense gives you plenty of flexibility to accommodate most things you can think of….

Go to diagnostics, command and try du -d1 / Maybe a package filling the disk?

https://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_plaintext_in_config.xml

That is probably overkill.  Transfer rate matters more than the number of clients.

@Zaphod use Visio to create your Network diagram

You can use your router as an access point and the DHCP, DNS, and filtering would manage pfSense. It should be lSP modem–-(connects to the WAN port of the pfSense box)----pfSense-----(connects to the LAN port of the router)----Router(netgear,linkys,etc) If you want more out of your WIFI i recommend flashing the router(access point to DDWRT)

MoCA.  Screw the powerline stuff. http://www.amazon.com/Actiontec-Ethernet-Adapter-without-Routers/dp/B008EQ4BQG And a high-pass filter for your entry point: http://www.amazon.com/Filter-MoCA-Cable-Coaxial-Networking/dp/B00DC8IEE6

Thanks for the replies, anything is an option right now. After another long wait i got: Fatal error: Maximum execution time of 900 seconds exceeded in /etc/inc/xmlparse.inc on line 0 Starting CRON… done. So you are probably right, i just don't know what could have caused it which is a shame. Better get started. Thanks

Thanks for the pointers about Snort. Blocks and passes were observed in logs.  Once I noticed the issue, I logged all LAN traffic. Still not understanding how my LAN traffic would be effected by Snort on the WAN? Please note that the router is now operating correctly through a reinstall and configuration from previous saved configuration including Snort.  Therefore I can not repeat/test.  Heavy handed yes, but I needed to get onto real work, not debugging a firewall and not replying to emails, etc for days. Peter

the 'nanobsd' versions of pfsense generally don't write to disk (a lot). but there are downsides to the nanobsd/embedded releases …. see: https://doc.pfsense.org/index.php/Installing_pfSense#Full_vs_Embedded_vs_LiveCD

Good night everyone, I was having the same issue after implementing the Hurricane Electric's IPv6 tunnel service. I ended up checking "Prefer to use IPv4 even if IPv6 is available" in System: Advanced: Networking. This solved my problem and I didn't have to deactivate IPv6. Good luck Francis V Garcia

Thanks Steve - it was a blind alley as I am trying to get an obscure FTP client working to a server behind pfsense rather than the other way round, which is what this option affects….

pfBlockerNG Service Watchdog

@Carreswag: … but im pretty sure it should still connect ... Well no, you have to decide a sensical setup first. Trial & Horror, with double routers, doesn't cut it. Suggest make it work with Bell-router, if signal true then replace Bell-router with pfSense.

If you are looking for a consultant, then I suggest you hire one. Otherwise RTFM. Its a 2-4hr job if they know what to do and can easily be done remotely. You just need one sitting at the office to establish the remote connection when switching from TMG to pfSense. @germain.safari: Hello, Currently we using TMG Server 2010 for publish our company website (using https and http), Exchange email, VPN for staffs to access company from outside, internet access and etc…. Kindly advice how can i take all those rules and policies from TMG to PFsense. Regards, GS

Yes I know this but how can I get the log of connection without it ? I mean that if I disable the transparent ip I will read that connection are coming from pf. I need that only for ipsec tunnel or for a specific address webservers that are behind haproxy have to answer back directly. I mean that if I'm on 192.168.x.x and connected via ipsec to pf the LAN side of pf having 10.1.x.x , on this network we have  haproxy working on port 80 and 443, if i try to do an http://10.1.x.x it won't respond back ( any other port like ssh do ). Best regards

https://redmine.pfsense.org/issues/4664

Like I just said, pfSense's captive portal is time-based, not usage-based.  There is nothing in the gui that will tell you how much a user has transferred because pfSense doesn't care.  It cares how long a user has been connected.