Well then welcome to pfSense.

Yes.  I ruled this out on the last time I was present.
SSH attempts didn't magically make the firewall pass traffic on the native interface again, as it appeared to have in October.

During the last ten minute span the "event" occurred I noted this:
The switch port the firewall is plugged in to never went "down"
ARP requests to the IP of that interface came back empty when requested by a workstation on that VLAN.
I could not ping the firewall interface IP
Traffic passing over VLAN2 to the internet (same physical ingress interface) was unaffected.
Traffic passing over VLAN3 to the internet (again same physical ingress interface) was unaffected.
SSH attempts didn't "wake up" the interface (didn't expect them to but had to rule out the coincidence)

I updated to the latest firmware and rebooted.  So lets see what happens.

bump

https://forum.pfsense.org/index.php?topic=112072.0 and https://forum.pfsense.org/index.php?board=37.0

Sounds like they messed up VLAN behaviour for the multi-SSID part. On top of that, they probably couldn't do this in the ASIC or accelerator, so as soon as you use those (rather common) functions to spit 802.11 traffic into 802.1q VLANs the bad performance of the (supposed) MIPS device shows. I suspect that if you use no VLAN (or default 1) and no multi-SSID it all works fine because the switch is in hardware forwarding mode.

Way better than what cisco box?  i would compare pfsense to say the ISR line…

While I love pfsense to death, it can not compete with say a 12000 series router... Nor is it meant too..

But yes I would say that pfsense for sure is a better deal than a ISR from cisco... But you could not compare it to say a Firepower 9000 firewall, etc..

@keyser:

You can’t do that with RDP directly.
But if you install “Remote Desktop Gateway Services” on a Windows Server, that will provide RDP access tunneled through HTTPS.
When going through HTTPS you can do exacly what you are looking for with fx. HAproxy as a reverse proxy on pfsense. There you can do an ACL that only allows connections over HTtPS with the proper URL entered by the client.

This works - I have it running on my home fw.

A port forward needs the frames to be TCP or UDP (ethertype 0x0800 for IPv4, 0x86DD for IPv6).
No other protocol has ports.

EAPOL frames are a L2 protocol with ethertype 0x888E which is NOT based on IP.

Thanks. I was having the same issue and the alias works very well.

Thank you!

I can see how that would be annoying for people supporting pfsense as, depending on how fast the browers might autofill stuff. You don't know what autofilled it, and might not even consider the browser as the culprit.

Btw, can i connect to the vpn if i'm connected to the local network that pfsense is hosting, just on the 192.168.1 subnet. Or would i have to find a separate network to test the connection from?
Not sure how pfsense feels about that.

Remove GW_LAN. Also on the DHCP on pfSense make sure the default gateway is set to 10.0.0.1

no
same picture as  the old pfsense computer

strange
I deleted the picture
And I loaded it again

And now it's all right

anyone?

https://forum.pfsense.org/index.php?topic=111043.0

I ended up with something like this:

@Peter847:

I run a small small office LAN through PfSense and am looking for advice on how I manage my UPS.

The UPS supplies PfSense and a couple of Windows machines.  Its main purpose is to ride through the relatively frequent power drop outs that last a few seconds, real outages (greater than a minute) are rare.  It does not look easy to get one UPS management suite that will gracefully shutdown all the machines so I am thinking about letting PfSense just run out of power.

PfSense runs on a passively cooled Atom system with an SSD, will I damage anything if I just let the power on the UPS run out and restart PfSense when the power returns?

I have commonly dropped the power on a Pfsense router I have (Basically whenever I had a need to turn it off/restart it).  Only once in a few years of doing this have I had a problem.  I somehow managed to line up one of my power drops with a process you can't drop the power on and I had to run some program to fix it so that the router would operate again.  Consdering how many times I have dropped the power and yet I had this happen only once, it is quite rare.

It's possible that older APs didn't have the bandwidth to load the firewall to trigger the issue.

So, solution update. Editing the files via the webconfigurator was my problem. It seems as though the editor was saving blank files instead of my changes, and as such nothing was working. I edited the files with VI and the cert was accepted into the system. I do still have a issue with a different upstream cert, but I can fix that based on my fix with this one.

Thanks for everyone's help, I'll try to add a guide on my site for this because I couldn't find anywhere online that referenced both files.