rectified….was AV

It's pretty easy to get active directory authentication going. Nothing is really specific to pfsense I guess. The general idea is the same on pretty much any software that uses LDAP/AD. Is there a particular part you are stuck on our having trouble with? You pretty much need to choose SSL or 389, provide a base dn like DC=domain,DC=local, uncheck anonymous and price the disinterested name and password of an account in ad to do the sync and the distinguished name of an OU to look for accounts in. Hit select containers to choose multiple ou's One thing I noticed about 2.3 web ui is that if you choose SSL and it isn't configured right on the AD side so you switch back to 389, then try to hit the select containers button, it won't work. This gives you the impression that your settings are wrong even if they are not. To get around this, I think I had to save my strings then go back in and hit the select containers button again. It will then show you containers to choose from.

Three or four probes isn't sufficient for a meaningful standard deviation.

Go to Status/System Logs/Firewall. There you will see the blocked logs as you mentioned. Under the Destination header in the logs there will be a blue + icon. Hover over that with mouse and a pop up will read "Easy Rule: pass this traffic". By clicking that a new firewall rule will be made. Next go to Firewall Rules and the new rule will be there. Then you can fine tune it to your liking or move it into proper order. Good practice is change the default description to something more personal (Sirius XM) so later you will know what the heck that rule was for. Other packages could block this also but not much info to go on so.

CPU usage? Most people who complaining about slowness is because they checked every box, like sync proxy, and install every package, ohh Snort, I bet that won't slow things down! What does your Diagnostics->System Activity look like when you're getting slowness?

If someone got on ur network and found out your admin pw and put a keylogger on you this can be plausible.  That's a lot of work, who did you piss off??? I don't even setup up the wifi password wirelessly these days, I plug into the AP and set it up over the wire. However, 2 factor auth has made a lot of this stuff irrelevant.  Unless you rooted your phone and got spyware installed on that too. If this stuff happened, you may not want to be running "highspeed" stuff that is "beyond your reasoning". Format and reflash the firmware of everything you got and try again.  Or better yet, throw everything away and buy new stuff someone may have put a chip in your computer board. Pull out your wires too, someone may have bugged your ethernets. See where this goes?  Crazyville - pop. IT folks.

For what it's worth in both xen and kvm VM's I've had pfsense in I've added smart widgets and also viewed the smart status page, and they certainly didn't spit any error let alone drop the entire disk  ;D This is most certainly a hyper-v bug, and a pretty serious one

@KOM: Can you explain why this is the case?  Normal use cases have pfSense acting as DNS for its clients, and pfSense would either use the Resolver to talk directly to the DNS root servers, or the Forwarder to have pfSense talk to an external DNS such as your ISP's DNS or Google DNS.  The point I'm making is that you generally don't want your clients to be able to use any old DNS if you're using any access controls. I use a dns-based service to avoid geolocking… at the moment the media devices are configured to use the service provider's DNS servers, and the rest of the network use the ISP's DNS. Thanks for the two articles - I suppose I can configure everything to use the service provider's DNS and then use overriders for the domains I want to prevent access to. I'm still intrigued as to how the commercial routers do their thing :) Thanks, I appreciate your help!

Will do, thank you as always

I've the same problem I fix it with prompt command : /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl

hi friends i can found soap link. Freebsd 10.0 X86 ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/x86_64/7.0/All/php55-soap-5.5.33.tgz Freebsd 10.0 X64 http://pkg.cdn.pcbsd.org/10.0-RELEASE/edge/amd64/All/php55-soap-5.5.33.txz and other links http://pkg.cdn.pcbsd.org/10.0-RELEASE/edge/amd64/All/ ftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/net/php-soap/README.html

Are you saying it disables remote logging also? The logs in the pfSense GUI are the logs on disk. Disabling the logs on disk will disable the logging you can see in the pfSense GUI. Remote logging via syslog should still work, though. It's basically doing exactly what you told it to do – though perhaps not what you expected. If you want to see logs on pfSense, they have to be stored somewhere. They aren't buffered in memory, they have to go to disk. You could try putting /var/ in a RAM disk if you're concerned about disk writes, though that has other caveats.

well what is the gateway you set on pfsense wan?  If points to your router as its gatway you would have internet access for all your vms just like any other machine on your normal network.. Since out of the box pfsense would nat all the traffic to its IP that is on your normal network. To get to vm1 you would need to setup a port forward for what port you want to send to vm1 IP in pfsense, then hit pfsense wan IP from the linux box on that port. Only if you don't have pfsense not natting do you run into complications because of possible asynchronous routing and your isp router not know how to get to the downstream network that is behind pfsense, and not setup to nat that network or even allow it, etc..

Someone just updated ticket, I'm sure I'm not alone :)

The default wan rules block all unsolicited traffic, so out of the box the web gui is not available via the wan.  You would have to have created rules to allow access via wan.  So I find it pretty unlikely that web gui not accessible before upgrade that it would be accessible after upgrade.  Nor would it be available on clean install of 2.3 without intervention to the default config. Please post how you believe that web gui is available via wan interface..

Ok, thanks for the reply. I've just tested it. Seems to work, I have the IP I ordered. I'll look into the logs if I find any such entries.