@fredfox_uk:

Tried pfSense and VMWare ?

No.
I have no experience with VMWare.

And it isn't the Virtualization in any case.

well you could look in the dhcp leases if pfsense is your dhcp server.. You could look in the arp table, or you could look for states on the firewall for IPs that have states open, etc.

If your feeling lucky you might try perhaps?: pkg add http://pkg.freebsd.org/FreeBSD:10:i386/release_4/All/freeradius-2.2.9.txz might need several dependencies that need dependencies which can probably be found on that same site..

Squid & squidguard can do that.  In squidguard, you create Group ACLs and then apply policies to the group.

Yeah. dpinger can't ping the IP address you have set as the monitor IP address. Change it to something that interface can ping.

I've had this problem for over a year and didn't find a solution until now, when I did a dive into the code and put debugging around routing commands.

I'm sharing my findings in case it helps you and others who Google this error.

Symptoms:
Reset a WAN interface and the routing dies.

In the logs:

Dec  6 06:46:35 fw kernel: arpresolve: can't allocate llinfo for 192.168.21.1 on lagg0_vlan21

In the routing table:

Destination        Gateway            Flags      Netif Expire 192.168.21.0/24    link#14            U      lagg0_vl 192.168.21.1      192.168.21.1      UGHS  lagg0_vl 192.168.21.10      link#14            UHS        lo0

Root cause:
The DNS server and gateway are the same.

Fix:
Either change DNS servers, or patch the code (pfSense 2.2 and 2.3.5):

/etc/inc/system.inc, near line 257:

Change

                            mwexec("/sbin/route {$cmd} -host {$inet6}{$dnsserver} {$gatewayip}"); ```To

if( $dnsserver != $gatewayip )
                            mwexec("/sbin/route {$cmd} -host {$inet6}{$dnsserver} {$gatewayip}");

It's updating properly for me here. Maybe clear your browser cache.

Yes I have a Pro and lite and LR AP.. I bought the pro after they came out as update to my old gen 1 pro (square ones - someone on the pfsense forums bought it from me), and got the lite and lr when they first beta tested these - they had picked a few active people on the beta forums to test them.. They sent us FREE units to test ;)  It was way better then their new early access store ;) hehehe

Yeah I have two echo dots, I used alexa for their names (I am very creative hehehe) added -cpu for the one in my computer room (den/office/lab) whatever you want to call my room ;)  If my wife was more techy she might call it the MDF room hehe..

The only one I know of around here that works or use to be around here and works for unifi is Chris… Miss him here, but he is great over there - very very active on their forums..

If you have to manually configure it, there's something wrong somewhere.  Both ends are supposed to auto negotiate and setting one end, but not the other can cause problems.  What happens if you connect another computer?  If it does the same, there's an issue with the modem.  If it stops, the problem is with your firewall computer.

@Gertjan:

Google :
@NollipfSense:

…. "cam status unconditionally re-queue request" ....

Saw wrong partitioned drives (using ZFS) and mostly dead drives, even new ones.
also : Take your drive on a long S.MA.R.T. walk.

Thank you for responding…it turned out that the new cable was bad...I just replaced it with another new SATA 3 cable...all is good.

@johnpoz:

Yeah 64 is common default.. 128 is a lot of freaking hops ;)  Which is why so curious to why would need to change to 128..

Maybe he has a really BIG network.  ;)

@Harvy66:

Doing a quick wiki, FIPS 140-2 is about physical security.

Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.

It's logically impossible for software to comply with this.

FIPS 140 seems to be about cryptographic modules. pfSense/FreeBSD may use some cryptographic modules, but are not themselves cryptographic modules.

@jridings:  Perhaps a better question would be are "Netgate pfSense Security Gateway Appliances" FIPS 140-2 compliant?  Looking over the wiki it appears that any device could be compliant as long as it had a special certified encryption board.  It that case it is just about the physical hardware being certified and no off-the-shelf components will work.  Maybe if you installed a certified board into your build for it to do the cryptography work that would pass?  But finding one that has BSD drivers and getting it to work with pfSense could be a challenge.  I don't see anything that says the entire device must be certified, only the hardware responsible for encrypting but I'm not really sure on that.

@Derelict:

Where are you testing from?

I setup a laptop with a cable straight to the wan port.

I'm out for now but, what if I set the ip address to the wan instead of the bridge? do you think this would help. Or it shouldn't be different?

This bug with IGMP Proxy seems to still exist in 2.4.2.
I have a different ISP, Movistar Spain, with a different setup (IPTV comes through its own separate VLAN) and I still see the same "The IGMP message was from myself. Ignoring." message and no IGMP is forwarded to the right upstream interface.