Excellent..that helped me sort it :-)

Meaning most likely your clamd has died… probably due to lack of memory. Other than that, this HAVP thing is a huge headache and simply not worth the trouble at all. P.S. This is an English-speaking forum. Why are you multiposting here? http://forum.pfsense.org/index.php/topic,65286.0.html

Cmb, sorry for the late reply but that did the trick. how do i mark it as answer?

"but I am the only person at the moment who is using this exchange server. PLUS these ACKs are coming from just 3 IPs 24/7!" So the only traffic outbound from pfsense is this exchange server, there is NO clients behind pfsense? Also the ips your seeing are NOT on the list from godaddy for their CRLs  - but yes crl is a FQDN, and its served up from a CDN so its IP will change I would assume. ;; QUESTION SECTION: ;crl.godaddy.com.              IN      A ;; ANSWER SECTION: crl.godaddy.com.        855    IN      CNAME  gdcrl.godaddy.com.akadns.net. gdcrl.godaddy.com.akadns.net. 12 IN    A      50.63.243.228 So its quite possible that IP changes.. As to the oscp ;; QUESTION SECTION: ;ocsp.godaddy.com.              IN      A ;; ANSWER SECTION: ocsp.godaddy.com.      1647    IN      CNAME  ocsp.godaddy.com.akadns.net. ocsp.godaddy.com.akadns.net. 31 IN      A      72.167.18.239 I really would watch a full sniff to see if your sending out traffic to these IPs - which don't really seem to be CRL or OSCP.

Depends what you mean by safer. From a security point of view there is probably very little to choose between the two correctly configured devices. It then comes down to the speed at which new exploits/bugs are patched and updates released. The pfSense team have a good track record there and needless to say Cisco have whole departments of programmers doing that! However if, as you say, it's not possible to apply the patches for whatever reason it doesn't really matter how quickly they are released. An important measure of security is how many hours/days your router is running code with known exploits. My opinion.  :) Steve

PPPoE relay is not bridged mode. That's for half-bridge mode I believe. You need to change the device mode to "Modem Only". http://kb.netgear.com/app/answers/detail/a_id/20310/~/setting-the-dm111pspv2-to-modem-mode-%28bridge-mode%29

I don't think you can do this with pfsense, but you should try binding services to wan 1/2 , e.g. http to wan1 and smtp to wan2 you would have to create rules and setup gateways.

thanks senser, Actually I think I am not going to continue until a more reliable builtin functionality is provided by pfsense, it would be great to have the openvpn AS's simplicity but with current pfsense I think it would create more problems than solutions.

thanks Jimp, yea I guess that would be risky, even with secure website its basically down to user auth at the headend, even if they are unable to break into, they would certainly put the system in the crapper with the traffic.

The log extracts you posted show pfSense reporting the clients decided to release their DHCP leases. You will have to look to the clients for an explanation. I expect getting an explanation for that from a Nintendo might be a challenge - does it have an event log you can examine?

Yes you will be good to go. Just make sure that the SLM2008 are Tagged ports with all vlan members needed to the 3rd floor. Also not sure how far apart the Access points are but remember the only channels that don't interfere with each other are 1, 6, and 11 @ 2.4 GHz. If your switch is not MDI-X capable then you will need a cross-over cable from switchport to switchport.

Thanks you got my point. I have 5 lives IP pool, one is assigned to pfsense wan port and I have not yet assigned any live IP to Asterisknow server. I also get your point that it good to use VPN service to connect IP phone. Actually I need know what steps should I have taken to connect my IP phones through internet.

I have taken the -s9999 from the chaosreader script. It uses -s9999 when run in standalone mode. It seems to work fine, though -s0 seems more optimal.

Are you using multiwan? Any other details of your configuration that might help? Why are you still using 2.0.1? Steve

The DHCP leases "online" vs "offline" designation comes from whether or not the system in question is in the firewall's ARP table. A system can be up and not in the ARP table, it just means they haven't tried to communication to/through the firewall in a while.

We don't have any automated way to do it, but you could check the sha256 of the ISO you used to install from, or the last firmware upgrade file, and then you could take the files from there and compare them against the ones on the installed filesystem to see if they match. /etc/pfSense_md5.txt can also help but you'd need to get a copy from the verified installation source and not the one on the live HDD.

The ability to look at raw radio signal data is not required by the vast majority of users. Normally it is handled by the wifi hardware such that only relevant data is exposed to the OS/driver. To get raw data requires some new mode for the wifi hardware and that requires new firmware and that introduces more cost which either reduces profit or product affordability. Hence most do not. Some however do especially older models where hardware was less integrated.  There are plenty of opensource wifi software projects that have a lot of this stuff detailed. A lot of it focuses on various security stuff such as encryption and breaking it though!  ;) The ability to make a wifi card do things it's not supposed to requires low level access to the radio hardware. Steve

Ohhhh.  Thats nice.  I'll be glad when its standard squid package.  I like it.

Another thing, Isn't the purpose of a DMZ to keep that traffic segregated from the rest of your network? You should create a rule on your DMZ to block all traffic going to any LAN IP and make sure its before that allow any any rule.