Thanks for the reply, its very odd that it recognizes as USB controller the mac that is registered on pfSense of that NIC is d8:cb:8a:59:29:8e it was a tplink box and within was the PCI express, i guess the question is should i leave it as it as the NIC only purpose is to separate the WAN IP from the EMAIL Server IP meaning that users navigate on another NIC while the email server static IP is on the NIC d8:cb:8a:59:29:8e.  So far i have not had any users complain. Or would there be possibility to modify the config?

I am ready to mount the disk with freeBSD live cd (through usb), but when i want to create a dir with mkdir /disk I got error Read-only file system nvm, now I am using recover option from pfsense usb install, but I don't know how to mount the disk: # gpart show ada0 63 123666369 ada0 MBR (59G) 63 123665409   1 freebsd [active] (59G) 123665472       960 - free - (480K) # gpart show ada0s1         0 123665709 ada0s1 BSD (59G) 0       16 - free - (8.0K) 16 106888177     1 freebsd-ufs (51G) 106888193 16777216     2 freebsd-swap (8.0G) **EDIT I solved through myself, follow this procedure: # mkdir /home/disk # mount /dev/ada0s1a /home/disk we have now disk mounted then: # mkdir /home/usb # mount_msdosfs /dev/da1 /home/usb we have mounted a usb stick (the device name da1 could change) then browse to: cd /home/disk/cf/conf/ and you will find config.xml and the folder backup with old config auto-saved. Just do: cp config.xml /home/usb to copy your config to your usb stick

sigh.

I have a feeling I many not be able to use the VAs since I want to separate the guest from the domain.  I just found this post. https://forum.pfsense.org/index.php?topic=112288.0 It is a good write up.  Thanks for the reply.

Plugging directly to the modem, I got 450 down and 400 up We also have HP Procurve 2810-48g switches, so I put one of these between a laptop and the integra modem and still got 100 down, 165 up, to test if it was the switch According to your statement, the problem seems to be related to the switch.

https://forum.pfsense.org/index.php?topic=132735.msg729802#msg729802

I think that happens because, instead of wrapping the security into the package or similar they're used to using, they're given a new thing that's more complicated to use and they just give up. Server side can be complicated, but client side can't be more complicated than what came before if you want users to adapt it without any whining. They care about security when you talk about it, but a lot of them don't care if that means they have to jump through extra hoops to get there. That's why apple has done so well and why windows 8 failed.

Thanks for the hint. I have ntopng installed, but it doesn't appear to store traffic data, but only shows live data. I.e. I would have to get up at 4 a.m….?

Turned out to be my USB network adapters, they don't appear to handle tagged traffic well (or at all).  Not planning on using them in production, just for POC.

For alerts im Just trying to get more information on what is happening.  Currently I have this system setup with 2 ports one for management and another for traffic.  The traffic port has no ip on it and at the switch I have all external traffic coming in and out mirrored to it.  I could run a constant capture on this interface, but it will fill up the box in no time.  Im just trying to find something out there to pull a full pcap upon a triggered alert.

Hey folks, I found the root cause. I initially installed pfsense then restored a configuration. I can only assume that this created the user home dirs in the first place. During the adjustments needed I decided to start over, so I reset the configuarion and re-did everything. The home directories are owned by the other users, for example: user1 is owned by user2 user2 is owned by user3 user3 is owned by user1 I can only assume that the uid mapping changed due to re-creating the users while not wiping the home directories. Seems like the revert option does not wipe /home. Ah well, another mystery solved.

Any abnormalities present in your logfiles?

Just mentioning, those struggling with Citrix XenServer, don't waste your time. I've tried every trick in the book for about 4 months, still pfSense would perform bad compared to other solutions. My suggestion is, like MasterX-BKC, go for VMWare for virtualized instances of pfSense. The downside is that VMWare doesn't support migrations and backup solutions out of the box in the free version. Multiple 3rd party plugin backup alternatives are available for a lot less cost than buying a VMWare license.

I just had a client visit yesterday that this appears to be very similar: Default WAN port flaps (Flapping) every 1min or less resulting in a state of constant resets that it cannot stabilize to the second WAN interface and the network is Internet dead. Hardware is a Supermicro - X10SDV-TLN4F – D-1541 2.1-2.7 Ghz 12MB L3 -  8 cores / 16 threads WAN0 -  is igb0 - DHCP  - Comcast Business class gateway/router in Router mode - 10.1.10.1/30 WAN2 - is igb1 LAN1  - ix0 LAN2 -ix1 (empty port) Steps to Resolve: 1.  pulled down pfSense 2.3.4-Release box - Tested with laptop direct on same cable and port to Comcast modem - no problems - stable. 2.  Repowered Comcast modem and put pfSense box back into the mix per above and flapping started immediately on WAN0 - igb0 3. Decided to test another port on Comcast - no change in status 4. Changed pfSense WAN0 port from DHCP to Static 10.1.10.2/30 and it stabilized and forced set the gateway IP to 10.1.10.1. - rest i believe were unchanged default settings. Here is the key part of the log IMHO: Jun 27 11:55:52 php-fpm 88701 /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.1.10.2 -> 10.1.10.2 - Restarting packages. Jun 27 11:55:51 kernel igb0: link state changed to UP Jun 27 11:55:51 check_reload_status Linkup starting igb0 Gateway Log entries that repeat over and over seconds back to back: Jun 26 12:18:26 dpinger WANIGB0COMCAST_DHCP 73.211.120.1: sendto error: 65 Jun 26 12:18:25 dpinger WANIGB0COMCAST_DHCP 73.211.120.1: sendto error: 65 Jun 26 12:18:25 dpinger WANIGB0COMCAST_DHCP 73.211.120.1: sendto error: 65 Jun 26 12:18:24 dpinger WANIGB0COMCAST_DHCP 73.211.120.1: sendto error: 65 Jun 26 12:18:24 dpinger WANIGB0COMCAST_DHCP 73.211.120.1: Alarm latency 22427us stddev 5835us loss 50% Jun 26 12:18:24 dpinger WANIGB0COMCAST_DHCP 73.211.120.1: sendto error: 65 Jun 26 12:18:23 dpinger WANIGB0COMCAST_DHCP 73.211.120.1: sendto error: 65 Jun 26 12:18:22 dpinger WANIGB0COMCAST_DHCP 73.211.120.1: sendto error: 65 Jun 26 12:18:22 dpinger WANIGB0COMCAST_DHCP 73.211.120.1: sendto error: 65 Jun 26 12:18:21 dpinger WANIGB0COMCAST_DHCP 73.211.120.1: sendto error: 65 Jun 26 12:18:20 dpinger send_interval 2000ms loss_interval 8000ms time_period 240000ms report_interval 0ms data_len 0 alert_interval 4000ms latency_alarm 500ms loss_alarm 40% dest_addr 10.5.0.1 bind_addr 10.5.22.1 identifier "LAN3igb1GW " Jun 26 12:18:20 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 73.211.120.1 bind_addr 73.211.120.82 identifier "WANIGB0COMCAST_DHCP " Doing searches on 11:55:52 line item - /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection: A.  Bug #4474 - OpenVPN client connection causing - this was not the case for me at this time of the error - though OpenVPN is set and actively listening.  I am remote OpenVPN now getting this log message and the logs are not showing this bug error. B.  Bug #6656 - similar? My thought is that "rc.newwanip" code does not run once the interface is set for static ip versus DHCP?