@stephenw10 said in How to forward ISP provided vlans to an interface?: I assume you mean em(4)? But it shouldn't matter what NIC/driver you use. Add a VLAN 35 on em2 and assign that as an interface. If can pull two dhcp leases, and if others have this working with a switch is might, then bridge that VLAN interface with the WAN as I assume you have done with the other VLANs required. If not then you can enable that interface and set some unused static IP on it. Enable the dhcp server on it and the HH3000 should pull a lease. Add firewall rules if it actually need to get out to check connectivity. What do you have setup currently. Steve I'm not sure I can pull two dhcp leases or not, but if I did bridge it correctly, i guess not? [image: 1586391895481-wan.png] [image: 1586391903724-interfaces.png] [image: 1586391916769-bridges.png] [image: 1586391921184-hh3000-em2.png] [image: 1586391924811-hh3000-vlan.png]

I would probably try low-level formatting it using the Intel SSD tool if you have Windows available. Steve

Just a follow up that update worked as expected on both firewalls in the cluster, from -p2 to -p3. We'll wait a while for kinks to get ironed out of 2.4.5 before upgrading.

@stephenw10 yeap, it is seem to be corrected. All the previous versions may be wrong

It certainly could be related. If you were seeing connection issues during the package download it would fail. Steve

Not easily but once it's installed you can add that line to /boot/loader.conf.local if it works. Steve

@Gertjan said in New SG-3100. Cannot access Setup Wizard/Web UI: @ajtradtech said in New SG-3100. Cannot access Setup Wizard/Web UI: but not to my home network while I get the firewall rules squared away. If your home network, your LAN, only has devices you trust, you have nothing to do. The default WAN rules, that is no rules at all, and one default pass all rule on LAN, works well. If you have devices that you don't trust, never forget the most logic action : remove the device from all known networks. Like this, the unknown issue bug will never bite you. This solution is fool proof for live and beyond. If you have to accept this non trusted device on your network, put it on a dedicated, sedonc (third) network that can only communicate to the Internet, and you decide with rules, for this (these) devices(s) where to, with who, etc. When you make an error, you won't risk much. Never have these devices access your LAN based (trusted) devices. Using internal networks like this is they way firewalls routers should be used. Always keep it simple (for yourself) and try to make firewall rules that you understand and are able to test. For that matter, don't even trust your own firewall : test what you want to achieve. Thanks for your advice. It mirrors what I'll be attempting- segregating some IoT devices. I'll start a separate thread for that, though. Looking forward to the community's input there. I've unlocked some interesting opportunities with this pfSense box!

@stephenw10 Thank you ! And I want to repeat - pfSense is awesome and I’m glad I made several years ago to to switch to it !

Mmm, we'd need to seem more of the boot output I think to know. If you can install and boot 2.4.5 OK but then when you restore your config it fails that seems more like a config issue. Does it fail in exactly the same way when you do that? Steve

Yes you should be able to allow to 'see' the available upgrade using those steps. You might also consider installing 2.4.5 clean and importing you config though. 2.3.4 to 2.4.5 is a big step. Steve

:)

Nothing has changed there in 2.4.5 as far as I know. It's likely just luck it only happened now. Steve

@McDing I guess you learn something new every day. I always changed my config file before uploading it so I never saw this prompt to select new interfaces. Very Cool! Roy...

Correct

@stephenw10 said in PHP Error in pfsense 2.4.5: Oh, it only appeared during the upgrade? I thought you were saying it keeps re-appearing. Then if it doesn't appear again it's unlikely to be a problem. Just watch for futher alerts for a while. Steve Nope, it was a one-time occurrence. So yeah, I guess I can ignore for now. Thanks.

With screenshots: https://forum.netgate.com/topic/140169/update-failed/9 -Rico

@muppet You're right. In my case it seems to be CPU related. The utilization is much higher than before and therefore the individual cores cannot handle the load for the queue they're assigned to.

Sorted out. The issue is not related to the password itself as the error occurs even before the user get a chance to enter his password. The fix is to use either option from -o PreferredAuthentications=password -o PubkeyAuthentication=no or corresponding options in .ssh/config , this will prevent the client from offering the server all the keys it has available. I'm curious while that never happened before, as nothing changed on the user side.

@jimp Thank you very much for the help! problem solved