There are some other methods to get a fast and cheap as can ac WIFi if it is urgent needed by you, and it
is matching to every budget too. So it could be used by many peoples.
1 UBNT UniFi ac lite WiFi AP for around ~$74
One RaspBerry PI 3.0 with internal ac WiFi card or together with an external USB ac WiFi stick for ~$60
An old and used WiFi ac Router that is broken or mismatching from the dump, with installed DD-WRT or OpenWRT (lede) for nothing ($$$) with some luck!

It's a pity that pfsense does not support any Wifi AC card. It would be nice to have everything in one box.

At first pfSense is based on  FreeBSD as the underlying OS and so it is a must be that FreeBSD is supporting it
well and first, then this could also be working on pfSense, but also with some adjustments or code writing to
realize it well and fine working out of the box.
Well working internal miniPCIe cards for pfSense, supporting the following standards a/b/g/n are;

Compex WLE200NX ~20 € UBNT SR71-E ~50 €

FreeBSD 11.1 special files (firmware and driver for Intel wireless-ac cards) over 12 month ago!
Outlook to version 2.4 and Intel Wireless-AC cards 12 month old
Bug report on reddit about wireless ac (solved) 12 month old
FreeBSD 11 and Intel Dual Band Wireless-AC 8260 8 month old

So if you own or have a miniCPIe card such as the following named cards from Intel;

Intel Dual Band Wireless AC 3160 Intel Dual Band Wireless AC 3165 Intel Dual Band Wireless AC 7260 Intel Dual Band Wireless AC 7265 Intel Dual Band Wireless AC 8260

You could have luck that it is working under FreeBSD, but with no guarantee and for sure for working well in pfSense.
pfSense is not or only something sitting on FreeBSD, after growing up more and more there was a bigger code
change under the roof as we all perhaps could imagine as I see it right.

Instead of trying to whitelist squid by domain name (which you obviously didn't do correctly) you might, instead, put the netflix device IP addresses in the Bypass Proxy for These Source IPs settings.

There is no guarantee that everything that needs to be outside the proxy will have a netflix.com domain name.

I intended to go back and set it that way, get screenshots, and come back here to post "I told you so, it didn't work"… but I'll be damnd if it isn't indeed working.

Thank you very much for setting me straight.

@johnpoz:

The register dhcp and static are right there on the resolve main config page..

There have been some issues with dhcp renews and such causing a restart of unbound.. Have not looked into this in a while.  Since I don't really can to resolve any sort of dynamic device.. Guest users to wifi, etc.

My devices pretty much all have a reservation so they always have the same IP… So use of that or host overrides will work just fine.

Alla thanks to you sir! I'll set this thread to solved  :D

@johnpoz:

The quality graph will give you a graph..  Its under status, monitoring - change it to your quality graph for your gateway you want to look at.

Reason you want to monitor from outside for such things.. Hard to get alert from our internal system when the internal systems internet connection is down ;)  There are plenty of FREE such sites to do simple monitoring that you can leverage.. statuscake is another one, etc..

Thanks! While noting what you say about the advantages of inbound monitoring, this is what I was looking for but couldn't find.

Post all the details if you want help.  What are you trying to do, what errors you receive etc.

You would be better off posting this to the Cache/Proxy forum.

No that is not the case that firewall (self) is just a built in alias that is all IPs on ALL interfaces on the firewall..

https://doc.pfsense.org/index.php/Firewall_Rule_Basics
This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+)

If you want the dest to be the IP of an interface, then you should pick the drop down address of that interface, ie Wan Address.. Not this firewall..

"haproxy (front end "SharedFrontend") should be bound to your WAN IP on port 80, where as your pfsense admin ui is bound to *:80.  This should allow both to co-exist and route accordingly."

Again NO - since you are creating a RACE condition on what is going to bind to what on port 80…

I guess that is a know?

If there is no ha or pfsync then it's probably not anything we've seen before, or at least anything I recognize.

The double fault makes me lean toward hardware, if pfsync isn't a factor. Is that hardware capable of running a 64-bit version? Or is it only 32-bit?

We don't have any docs about setting up a serial console but there isn't much to it. Your hardware has to have a physical (not USB) serial port built into it. Then just go to System > Advanced, Admin tab and enable the serial console there and set it to be the primary console. Hook up a client with a null modem serial cable and use PuTTY or something similar to watch/record the console output.

Without seeing what's in the report, I can't say why it wouldn't be saved. It's possible, perhaps, that the OS loses contact with the disk which leads to the panic. That would explain both the crash and the lack of crash dump, but that is pure speculation until we get some hint of detail. You could maybe disable the ddb scripts (run "ddb scripts" and then "ddb unscript <name>" for every script. Then when it crashes it should land you at a "db>" prompt so you can manually run and capture a backtrace.

To manually force a panic/crashdump/reboot, run this: sysctl debug.kdb.panic=1

Do NOT set that as a tunable (or you'll put yourself in a panic loop :-), just run it from an ssh shell prompt</name>

That makes sense now that you say it, hmm, I suppose I can just ignore those as real "in" traffic as it is coming from the LAN network.  Thanks for the clarification.

Is there any Pfsense commandline Guid that can help us to do in Shell whatever we can do in GUI?

pfSense is based on FreeBSD and this comes with his own commands by nature so why setting up new things if
all will be there?

New to pfsense as of yesterday.  Got it all up and running without much trouble.  The issue that I am seeing is with upload speed.  I have a 100/100 connection and on download, it pegs to 100 right now and stays their for the whole test.

Ok this is then a very good result, because in normal you will see something between 95 and 98 MBit/s related to the TCP/IP
overhead and the passing through firewall rules and the NAT process of the pf (packet filter).

On upload, it ends up ok but takes the whole speed test to get there.  It starts at about 30 then drops to about 7 and slowly works its way back to close to 100 by the end of the test.

It depends mostly also on the other end of the speed test! And for sure on the day time when you made this
test again, I am pretty sure you will be getting more different results out from that speed test as now!

Just to confirm I pulled my pfsense and switch back to my old router, same cables, same everything and it pegs to 100 on both up and down right now and stays their the entire time of the test.  Put pfsense box back in and same as before.

What is your old router? A plastic box router that is not working through firewall rules and only makes SPI/NAT?
Is it one of this routers that will be "doped" with an small ASIC or FPGA chip that is in real doing the entire job
and work!? Then please don´t compare this kind of routers to pfSense, because pfSense will be a small x86_amd64
firewall software that is based on FreeBSD and not Linux that will working more agile and/or faster.

I have tried everything I could google.  Speed/Duplex, Disabling offloading, etc.  This is a fresh install of 2.4.1.

Ah ok, this could be that you will be getting some hassle by that version if your ISP is using VLANs at the WAN port,
as many will do this at these days and it will be more common as in former days.

Any suggestions?  Does pfsense by default monitor/log outgoing traffic that would cause this behavior?  I am not even sure if this is expected or not.

Please try out the version 2.4.0 and test it again, without any packets and special firewall rules passing through
this be then showing up results they will be more near to the real WAN speed matching and according to your hardware!

By the way what kind of system do you using? CPU, RAM, Mainboard, HDD/SSD, case, and so on…...

Just out of curousity I swapped my WAN to a different nic card and got the exact same results.  So it has to be something in pfsense right or am I just overthinking this?

If it will be scaling up slowly, but even scaling up to the 100 MBit/s, starting from somewhere will be really nice
and must not be an issue, but if it stops at let us say 50 MBit/s or at 70 MBit/s there will be perhaps something
wrong or must (should) tweaked or tuned right to get better results out.

Can anyone confirm this is the way it is or if something is not working as it should?  Pulling files from remotely via vpn I would imagine will suffer with my upload being this wonky.

Try out the following;

install the version 2.4.0 fresh and full activate in the BIOS if there will be an option to do so, the HT (hyper threading) enable PowerD (high adative) in pfSense set up the num.queues size to 1, 2 or 4 set up the mbuf size to 125000, 250000, 500000 or 1000000

And let the test run again, please play around with different settings that will be matching to best result
you can get from the test and stay then with that settings. Would be my best guess here.

Bad news, this setup works for around 1 hour before Bell Hub 3000 start to reboot. The same symptom returned when I switched to Bell FTTH service. Before the old DSL modem works without any problem.

Any suggestion here, I will go with pfSense +  L2 Switch option where pfSense acts as router to see if the same issue will emerge.

For the pfSense + L2 Switch setup, I will start another post to seek help.

So adding a lease but not putting an IP & adding 127.0.0.1 allows connectivity but doesnt assign any IP - this is perfect!

Under Interface WAN

DHCP Client Configuration I have  Saved Cfg . Should it be pfSense Default.

Have not configured any of this. Just clean installed 2.4.1.

2 Days and 10 hours since last reboot, using 21-27% memory, hopefully it was just a fluke.

It is uprising be careful and wathing out what is coming next.

I expect to rise a little with squid caching turned on and Memory set to 1024,  on 2.3.4 i never saw over 40%

pfBlockerNG: DNSBL=on TLD=On

TLD can be eating much more pending on the used or subscribed IP addresses.

Hasn't been a problem when I was on 2.3.4