Thank you, @viragomann It works.

Hi guys, I don´t know why but I´ve overlooked following article from the official documentation: https://docs.netgate.com/pfsense/en/latest/hardware/troubleshooting-lost-traffic-or-disappearing-packets.html Currently it seems, that checking the checkbox is solved my issue. I´m happy now, but i will continue monitoring the topic Best regards Frosch1482

@user_three Thanks, I think this Noplan was suggesting. I'll give it a look

II worked it out. I had to add a Floating rule of Pass - src 'this firewall' - dst Internet Host IP - Quick - No Log. That seems to make sense given NAT. I understand things being matched as IN now also, all interface rules are IN. Although I'm still a little confused as to how I can have that floating rule only match if the traffic originated from the one specific LAN port (or if that's even useful) - and it seems it's default to log on the default rule, which means you kinda get double logs if it already matches on interface specific rules.

Yes On the openvpn I will On other machine (33), it will be a mess !

What are your Nessus discovery settings? When you say only some are able to go through, what are the symptoms you see of this? Do you know for certain that the internet host is online, and not blocking your requests? Have you checked the firewall logs during the time a scan is run? If not, it'd be a good idea. I run a Nessus scan out to an internet host daily and haven't had any problems (except for the passes being logged even though I have rule entries to not log... which is why I'm here)

Ok, thanks. That should explain the difference. I'm using the latest pfSense RC version 2.4.5.r.20200318.1500 which will probably be (very close to) two dot four dot five. edit : btw : rock solid - for my usage.

Ok, great. @paul_endeavour said in SG-3100 OPT1 Firewall configuration - basic help appreciated!: under Firewall / NAT / Port Forward Keep in mind that, when you need to access IPv4 devices that are on a LAN, you need to create NAT rules. The pfSense GUI, the SSH and VPN do not need a NAT rule. These 3 services are listening on any interface already, which includes WAN - VPN listens on the interface you choosed. The (hidden) default WAN firewall rule protects them from being accessed from the outside. So, see my image above : a simple firewall will do to let, for example, http traffic into pfSense to port 80 and your GUI is exposed on that interface. A very bad idea of course, but that's another story.

That was my understanding too but it did not work. Ironically it work with other DNS servers as the one of my PFSense.

unless the stealth mode and closed is normal for port forward then maybe its server issues with the company I streaming to.. I just figure its my end since I cant get it to OPEN and is there a port tester site that works with pfsense to see if the port 8000 is open and is working well reason I come here as the company figures maybe router isn't really open as I been trouble shooting

Your rules just say opt can not go to anything lan net, everything else would be allowed. What would be in opt that would try and go to something in your lan? dhcp would tell client in opt to use pfsense opt IP for dns.. Your rules shows some minor hits on the rule, 26KB worth..