@BlueKobold: Well, that seems to have worked.  Looks like it's all functioning again. And can we also know  what does the trick? Sorry, of course. Full disclosure:  after some email with customer support at pfSense, I probably caused the original problem;  pulled power without doing a shutdown first, causing fsck to get overly aggressive on reboot and making a mess of things.  Lesson learned, do  a full backup of the device before mucking with it. What I did: Grabbed the LiveCD ISO for amd64 from the pfSense support site, stuck it on my FreeBSD desktop.  Unzipped, did  the following: mdconfig -f <diskimage.iso>-u 0 mount -t cd9660 /dev/md0 /mnt find etc in the /mnt tree copy passwd, master.passwd, group and crontab from the /mnt to a flash drive umount /mnt Boot the SG2440 with the serial console attached (I used a putty session),  stick in the flash drive, then do: mount -t msdosfs /dev/da1s1 /mnt (da1 was my device) copy passwd, master.passwd, group and crontab from flash to SG2440 /etc cd /etc pwd_mkdb -p /etc/master.passwd umount /flash I then did passwd admin just to make sure I knew what the password was, rebooted and all was happy again. The trick was finding install versions of passwd, master.passwd, group and crontab, LiveCD ISO was best shot at that, then it was digging back in my brain about mounting the ISO and pulling the files off.  If you can mount an ISO file and get to the files on it, this should work just about anywhere.</diskimage.iso>

Cables straight I have a cable testing device I do not have a crossover cable I will bring and check

for unrelated functions. If you are using a network switch between them it would try to set up LAGs (LACP) so you will be able to set up 2 GBi/s aggregated throughput.

@kejianshi: Whats the current CPU load on the media server (average and max)? Its unlikely that pfsense will cause much additional load. It's hard to say because I don't believe vSphere keeps performance logs by default (and I never setup any) other than what you can see is currently happening over a one hour span.  However I know that my media serve at night will often have 4-5 files transcoding at the same time. The main purpose for me setting up the site-to-site VPN is the secure all transmissions between the two sites which will start including daily/weekly backups of my media server.  So that could be something like 5-10GB per night or 50+GB per week.  The VPN's stress on the CPU was the reason I went with the Avaton 2558 in my current pfSense box.

No idea about BGP. But you for sure won't get any counters with pf disabled.

This ain't MS support forum. => https://social.technet.microsoft.com/Forums/

@L0aded: well that is a possibility but before switching to pfsense (last night) I was using Asus Rt-AC87u and ran the speed test for a base line and have always and never really had an issue with the speeds as advertised but i highly doubt it's an ISP problem but non the less ill look into it. The AUSUS RT-AC87u is running a tiny Linux kernel optimized for this hardware, and this is not matching the pfSense platform, because this is more optimized to run on many platforms as possible but by using adequate hardware the pfSense would bring more capabilities, features, options and functions then the ASUS would be ever own. And a very old Alix or Soekris net5501 platform is also able to push something at 47 MBit/s IPSec AES128 CBC over the VDSL line! For SPI & NAT you will normally loose 3 - 5 % from the entire throughput and what ever you where configuring on top is also taking some some more % from the rest throughput!

I did finally get it to work late last night with NAT. I made a virtual IP and added some port forwarding. I put rules to only allow SAMBA and ICMP to my NAS, I haven't opened up anything to my gaming PC yet. What I am trying to figure out now is if I can get SSDP to forward through that interface. I have seen a few threads on this forum, but it didn't seem like there are any conclusive answers. I'd like it if my NAS would show up under "network" on other peoples machines because they don't seem to be too tech savvy around here and it would save me a lot of redundant conversations.

Or if you want devices on your network to have "static" DHCP addresses, go to Services > DHCP Server, and at the bottom of the page, you can add DHCP Static mappings, so those devices will always get the same address via DHCP. You can either specify the address yourself (which will need to be outside of the normal DHCP address pool) or you can skip specifying an address, and the next address that device receives will be the one that it keeps (which will be within the DHCP pool).

Ok, I had to come back to VirtualBox because KVM is a total disaster in terms of virtual networking which makes it impossible to set up. Anyhow, I followed your suggestion and - lo and behold - the cause: The time on pfSense is 13:30  but the timestamp on rrd files is 15:30, which means they are two hours ahead. This does not happen in KVM. I do not know why it is so in VBox. The time on pfSense box is correct because it's synced with an NTP server. Perhaps the box starts with wrong time and only afterwards it corrects it, but the .rrd files are already created? EDIT: I fixed it by setting the time to UTC in VBox guest settings.

Sorry for the delay, too much going on recently. Once I had a chance to do some more digging, turned out it did seem to be some kind of power settings, with the box "sleeping" after short periods of idle time. The box is headless, but none of the lights indicated this and it was extremely fast to come back up after sleep. I never found any settings for this in the GUI, and disabling powerD didn't help, so I just installed from scratch since I was seeing other issues anyway. It's resolved now. I hope this was abnormal (new user to pfSense and the first time I've upgraded; I hope most upgrades go more smoothly than this). doktornotor, thanks for the reply, I guess. I'm new to pfSense and not a networking expert. Maybe it's not an ideal setup, but I'm willing to learn, and open to constructive feedback. To answer your questions, WAN is a cable modem, no PPPoE or anything going on. I went the bridge route because it made sense for the hardware I had at the time and I figured I could add a switch later if needed. I've read it's not ideal, but haven't seen downsides mentioned other than performance, which is not affecting me for now; if you have more to add, or why you think this issue would be at all related to the bridge, please do so, so others can learn. Snort was something new to play with since I haven't had the opportunity before, which I may not keep. I like the proxy because not all of my devices can run Privoxy natively.

Thanks. Also protected, if you have Block Bogon/Private networks enabled on WAN.

I deleted the settings of wan fail over and the  latency  is back to 8 to 15 This is supposed to happen or I do something wrong ? why the latency go high when there is wan fail over i running pfsense 2.1.5

Hum, first idea would have been wireless dropouts. I get similar when streaming from Mini/MBP to ATV but always put it down to wireless. The iMac isn't going into power save on the screen/computer is it and cutting off the airplay ? Does it work if you just extend the screen onto the ATV (so mirroring in OS X) then drag iTunes onto the TV and maximise ? If that works with no dropouts then it would suggest a specific iTunes/Mabericks AirPlay issue. I assume it works fine with iPhone/iPad ?