@jahonix:
An install of this size needs a budget in the range of US $10k to $20k EASILY.
Double or triple it for Ruckus/Aruba/Cisco. Take the apartments. 350 units, say an AP for every three if they're really small. That's 120 APs. Figure $200 each. That's $24K right there.
I would probably lean toward Ruckus for the apartments and Ubiquiti for the outdoor stuff (Houses). Ruckus really shines in high-density and pushing through walls. But their outdoor stuff is for high-density. Ubiquiti is pretty solid in the PTMP CPE realm. And the radios are cheap.
Do not think that you can put a few access points in cupboards somewhere and users will be happy.
Yeah - Mine is using 128.0.0.1 locally and the root servers in unbound, so maybe thats why I'm not getting the huge delay.
At any rate, with such a big delay but without failure, I figured DNS must be involved.
Don't forget, PfSnese is a stateful firewall. Best practices would be to reset states after creating rules/nat mappings, so that states must be reestablished based on your restrictions or lack there of.
That's what I started with. I had to get support to get the config back and things working. The attached the old pfsense this is on a Xenserver and read off the config.xml
