@jdillard: You'll have to use the Traffic Totals package moving forward and a 3rd party RRD reader, like an NMS, for past totals. You can select date range in Status > Monitoring and export to CSV and total there, but due to the way the data is stored in RRD the accuracy varies. I ended up finding the traffic totals package, and it is working going forward. I researched reading the RRD files manually and that's way over my head.  Doesn't appear to be an easy way to do that. So I used your tip and just exported the data to CSV and imported it in to Excel which I was able to manipulate way easier.  Thanks for that!!

Assuming you've installed the PFS system correctly, it should really just work. The fact you have it running on ESXi leads me to suspect this may be more an issue with a VLAN config on your virtual environment. Just guesswork, of course, until you can supply more details. Post a diagram showing your network setup, with internal IP addresses and some information on your WAN network setup. Not sure where you're seeing external traffic coming in - is this via the PFS logs or are you looking somewhere else?

There is no safe/supported way to change architectures in place.  On 2.2.x and before it could be fudged slightly but still dangerous. The safest way – and the only officially recommended way -- is a reinstall. As for the speed, it may or may not be related to that. Without more info, it's tough to say. We'd need to see info about the RAM usage, CPU usage, packages installed, etc, etc.

Just to add to Roberts reply. If you have wifi at 5Ghz on the pfSense router it will only be 802.11n, currently there is no support for 802.11ac with freebsd / pfsense.

Did you send a message in to our support team as well? I was looking through some very similar screenshots and logs yesterday with some of our other support staff. It looks as though it's having trouble reading the eMMC media, which may indicate a hardware issue. If you already have a conversation going with us via support, keep going that way. If not, contact us and we can check into what may be happening there. If it is a hardware issue and the unit is still under warranty it can likely be replaced with an RMA. If you cannot do that for some reason, or if the unit is out of warranty, then you could purchase an mSATA disk and use that instead of the built-in storage.

";; Received 446 bytes from 192.33.4.12#53(c.root-servers.net) in 5699 ms" So almost 6 seconds to get a response, yeah that is going to cause problems because many clients timeout after 2 seconds linux I think is 5?  So if you had a client asking for www.something.com and it was not cached and had to walk down the tree and your talking long long time to get a response its just going to give up. Shoot even with your 600ms response time from google, and it pulls from its large cache you could run into problems if anything causes a slow response, like what your looking for is not cached in google and it takes a while resolve.  You might want to look into increasing the timeout for dns queries on your clients. These 2 options could be increased from the defaults in resolv.conf timeout:n sets the amount of time the resolver will wait for a response from a remote name server before retrying the query via a different name server. Measured in seconds, the default is RES_TIMEOUT (currently 5, see <resolv.h>). The value for this option is silently capped to 30. attempts:n sets the number of times the resolver will send a query to its name servers before giving up and returning an error to the calling application. The default is RES_DFLRETRY (currently 2, see <resolv.h>). The value for this option is silently capped to 5.</resolv.h></resolv.h>

Thanks for the info  :)

:)

@kevindd992002: I tried this and it worked: https://forum.pfsense.org/index.php?topic=97554.0 Thanks :)

Currently there is no practical way to update offline using pkg. Though there are some ways it can be done with high effort (e.g. local mirror of the pkg server content) In almost every case it will be simpler to reinstall in place, using either "rescue config.xml" or this procedure to put the config back in during installation: https://doc.pfsense.org/index.php/Automatically_Restore_During_Install

There is no automated way to fetch a config like that from USB. It can be done manually, but you'd have to run the proper mount commands by hand. If you search around for something like "pfsense mount msdos config" you should hit a forum thread with the procedure.

I mask the addresses for a reason - I have been in IT for nearly 20 years now and I've seen my share of script kiddies and wanna-be's who troll sites like this looking for "inside information".  This is the first forum that I've ever seen it be a problem in solving an issue.  So here is the information you're looking for…you can tell me if it helps, but I'm guessing probably not? I apologize for my mis-explanation of the routing - the WAN is a single block of 3 usable IP's consisting of each WAN IP and the CARP VIP.  Then I have a ton of 1 to 1 mappings going on for several other IP blocks, and all of those are routed to the CARP VIP...the 3 IP's on the WAN side are routed to themselves (Primary to Primary, Secondary to Secondary and CARP VIP to CARP VIP).  I have not only confirmed this routing with my host, but they also told me they are getting no ARP replies from the secondary box either...  

If you want my 2 cents, not a fan of opening this sort of stuff open to the public.  I just vpn into if need to access anything on my network be it files or plex server, etc.

@cmb: Sounds like the same issue FreeNAS folks appear to have tracked down to: https://bugs.freenas.org/issues/3273 at least starting from the mountroot failure "failed with error 19" and following the trail lead there. Are you booting from a USB drive of some sort? What are the details of your hardware? I've seen that this was already been more than few months old, but if somebody out there still encounter this probel, you can try my solution below. I was able to resolve this issue with my pfsense 2.3.2 on Windows 2012 R2 Hypver-V. mountroot> mount <enter>Expected sample output: /dev/57c0727e81075d96e on / (ufs, local, journaled soft-updates) devfs on /dev (devfs, local) /dev/md0 on /var/run (ufs, local) devfs on /var/dhcpd/dev (devfs, local) Take the first line as your mountpoint mountroot> /dev/57c0727e81075d96e <enter>Expect the machine to continue boot process. Cheers!!!</enter></enter>

Yeah, I wasn't thinking. Reassigning using option 1 won't Re-IP everything. If you enter the same physical interfaces you already have you can they just set an interface IP address on OPT1. I do not believe that will create a firewall rule, however, pfctl -d should work too.

pfsense wanip is dhcped and is a 10.x.x.x ip. You didn't ask about my modem firewall rules but I thought it was pertinent. when I did the port forward rule it did create the rule and it will work but the issue is when I dhcp my WAN pfsense my ip is x.x.x.6 and I need it to be x.x.x.1.  When I set the WAN to static and pick x.x.x.1 neither in or out work.  That is where I think the Comcast modem has to be bridged to work.  And why I ended up putting the pfsense vm in the DMZ with DHCP, I tried static in the DMZ to no avail as well. I read the steps and followed through them when the pfsense was not in the DMZ.  Traffic was not getting thru in. I have no desire currently to do multiple ips but in the future I might is why I switched to the virtual IP. Either way with the port mapping getting the x.x.x.6 ip or the virtual ip x.x.x.1 in the DMZ it works.  The only problem is now my port 80 doesn't go through on the x.x.x.6 (I did move pfsense to port 81) and because my web server goes to a different server I cannot use the virtual ip. So now my biggest issue is getting my web server working and getting my ip to be x.x.x.1 instead of x.x.x.6 using port mapping and not virtual ip. I do have a Comcast business connection and modem with 5 ips the 6th ip they setup on the modem itself.  The business modem firewall nat is shutoff.  the business modem is a virtual bride right now.  You have to call Comcast to get them to set it in physical bridge mode and I do not want to do that.  smoothwall works with trhe modem as a virtual bridge and I want to run side by side comparisons of the firewall to insure performance etc. is good before I pick pfsense long term.