Thanks MindfulCoyote. You are correct. I am going to create a subnet specific for developers, and bypass the proxy altogether for them. Its the "least worst" solution on this occasion, but we lose the ability to track their behaviour which is a shame.

That did the trick, thank you.

Thanks chemlud I'll probably try that next.

@jimp: other than by looking at the source and patches to see their meaning by the context in which they're used. Thanks jimp. That was actually where I went first… but the source is harder to see nowadays than most. I'm slowly grinding  my way through the super secret authorization source code access process.  ;)

Did you look at the details of the certificate to see how it was generated and dated? The GUI certificate is self-signed so it would not show as revoked.

I experienced this today across 3 complete re-installs using the following setup: mBUFF filled to 99% and stopped working or outright crashed Physical Server Hardware (ESXi Host): HP DL360 G4p 12GB RAM Dual 72Gb U320 drives in RAID 0+1 2 tgz3 NICs onboard the server 2 INTEL Dual GB 82546GB NICs installed - (bringing total interfaces to 6.) ESXi Host : 4.1.0 u1 (fully patched) - BUILD: 1682698 Guest OS Configuration for PFsense 2.1.4 i386: PF NIC:                    ESXi NIC: 0: WAN1  DHCP  –------->  ESXi_NIC1 1: LAN  192.168.1.1  -->  ESXi_NIC2 2: WAP  192.168.2.1  -->  ESXi_NIC3 3: DMZ  192.168.3.1  -->  ESXi_NIC4 4: WAN2  PPPoE  -------->  ESXi_NIC5 5: LAN  192.168.5.1  -->  ESXi_NIC6 6: PFL  192.168.6.1  -->  ESXi_BLIND_SWITCH (PFlink to other PFsense FW VM on SAME ESXi host) Using official VMware Tools drivers and install. (NOT Open Vmware Tools Driver Package) This guest OS continuously has driver issues or something because i cannot keep the guest running correctly. I lose network connectivity constantly and/or the PFsense firewall hangs.

That's true. But software authors and configs do have the possibility to cache some items but not others, or cache them one way and not another. So perhaps I should have been more specific: Do any of the current caching packages allow selective caching of URL content according to a rule (ie URL matches this domain/mask/regex then cache, otherwise don't)? Or are they all, "all or nothing"? Do any of the current antivirus/antimalware scanner packages allow scanning either without caching, or using a RAM based (rather than disk based) scanning mode or caching mode, or using a ramdisk for the disk based cache? That's probably what I should have asked…

@MindfulCoyote: @elementalwindx: Ok so it ended up that I was trying to do the impossible. Trying to get 2 virtual adapters to use 2 different VLANs. So I simply added a 3rd gigabit nic I had laying around (7 total now) and I simply put vlan 6 in that enable vlan id in the hyper-v and configured the proper firewall rules, and everything started working perfectly. Added blocking rules to separate the networks and its working perfectly :) Those are very interesting findings. I've seen other issues caused by hypervisor's network implementations. It's seems that virtual pfSense instances definitely face obstacles that bare metal does not. @elementalwindx: Ok well I took pfsense out of the equation and put a dd-wrt router in place of it. Just curious, when you when you swapped in dd-wrt, was it also virtual or bare metal? It was bare metal off a netgear router I had. I'm now having issues of my pfsense 2.2 alpha pushing it's own ssl cert onto my exchange clients. :/ . Wish I could figure out how to stop that.

This page may help you: https://doc.pfsense.org/index.php/Known_Working_3G-4G_Modems As for how pfSense works with them, I have no idea.

Yeah well…!!! I have posted it as a bounty... but so far no one has answered.... I´ll be a little bit more patient... Your advice about the script helped... at least now I have a better idea on how to do it... I already got the ups...  So I´ll wait for the bouty to be taken>>> and in the mean time I'll continue to learn how to code... Thank you for your attention and time!!!  ;D ... Link to the bounty !!! https://forum.pfsense.org/index.php?topic=78832.0

This is just quick test setup I put together with minimal configuration, to reproduce the problem in the simplest way. The actual setup is an usual single WAN pfSense box.

If your default action in Common ACL is Deny then there is no web access.  Hard to tell what you did without seeing some screens.

Well here is reboot timed pinging to outside pfsense 2014-07-04 05:52:50.311: From 4.2.2.2: bytes=60 seq=0033 TTL=57 ID=51e8 time=10.075ms 2014-07-04 05:52:54.320: Timeout waiting for seq=0034 so offline  05:52:54 for reboot 2014-07-04 05:53:58.327: Timeout waiting for seq=0075 2014-07-04 05:53:58.327: From 4.2.2.2: bytes=60 SEQ=0077 TTL=57 ID=51e9 time=11.180ms pinging outside again at 05:53:58, so 1 minute But that is counting shutdown time..  And the 3 second wait until it boots.  So yup under 1 minute.  Now I am on SSD for my datastore, maybe the others with 1 minute boots are as well.. Do you have other freebsd vms that boot faster? Also - as already stated its a router, why are you rebooting it?  Mine runs for weeks if not months without reboot.  Only time would be upgrade or power outage, etc.

The numbers you see on the forum are often just the maximum download speeds through the box as seen from a client behind it. A single http conection. Sometimes they are a result from a speedtest website which might be 3-3 TCP connections. Some people who have gone to some trouble might post a result from an iperf test using a server and client on each side of the box on test. Even that is often not directly comparible because the iperf server/client do not always have the same default settings. It is also not a real world test and doesn't help guage Snort or Squid perfomance The numbers you see given for commercial 'hardware' firewalls are usually from a test that has been tweaked to give the highest possible numbers for better marketing value. Usually a sum of many connections through ther box at large TCP window sizes. It's hard to compare anything directly.  ;) Steve

I agree with heper, unless you have a good reason to need the Cisco box in place just let pfsense handle the whole setup. VLans under pfSense work well and it sounds like you already have a switch in place (already configured? ) to handle the client side. Can you describe a little more about your environment and what you're try to accomplish?

@elementalwindx: what about adding a line in the advanced section of the openvpn -> client "route 192.168.16.0/24" on the opposite client pfsense box? and vice versa on the other opposite one? (or according to documentation "route 192.168.16.0 255.255.255.0" Yes, that is the preferred  solution over a static route. Edit: If that doesn't work as expected, the book mentions some caveats to pushing routes.

Yes bridged interfaces is correct. If you move the bridge filtering from the bridge members to the bridge itself, as you have done, then firewall rules you have on the bridged interfaces no longer do anything. Instead you need to add firewall rules to the bridge interface. However if your bridge0 interface is assigned as LAN then the default allow all rule should be in effect. If you haven't rebooted since you moved the filtering you should. The sysctl changed only apply when the bridge is created, as it is at boot. Steve

Just the defaults that came with pfsense (at the time). I have since changed my modem to act as a bridge and it's working fine. I didn't even realise that it had the option to do that. So all is well. I have a new weird problem where ssh port forwarding doesn't seem to work for one ip address, but I'm not concerned about this now.

Ha! That's a funny blog.  ::) If that guy wants anyone to pay attention to that he needs to include at least few pro posts. Nothing but anti posts like that just looks like obvious trolling. Steve

@cirkit: How do I ensure SWAP turns ON on every reboot How do I change size of swap from 2048mb to 4096mb Make swap permanent by adding it to /etc/fstab. Something like: #/dev/label/swap0              none            swap    sw              0      0 Ref. https://www.freebsd.org/doc/handbook/adding-swap-space.html To increase the size of the swap you will need to repartition the disk or create a "swap file" (see link above) and add it to fstab as above. https://forum.pfsense.org/index.php?topic=78519.msg429186#msg429186