We successfully installed pfsense, we just transferred it to different machine. Thank you for all your response.

After some research it looks like i need the bwm port module. Does anyone know where or how to get that?

hi mate still not working

Putting the different types of devices into actual different subnets/VLANs has the advantage that a device that is physically connected to a particular VLAN port cannot fake being in the other VLAN/subnet. But if you don't have users/devices that are going to be messing about trying to set their own IP address to work-around your access rules, then they can all be in the same LAN/subnet and just give static-mapped IP addresses so you know which devices have which IP addresses. Make an Alias for the VOIP phones that includes the IP addresses of the VOIP phones. Make a rule on the relevant LAN/VLAN that matches the VOIP phones alias, passes the traffic, and set the gateway (in the advanced section of the rule settings) to the WAN gateway that you want the VOIP traffic to take. Set the system default gateway to where you want the other stuff to go, and put rile(s) to pass the rest of the stuff you want to allow, without bothering to put a gateway in the rule - it will be directed out the default gateway.

This is a known issue when pfSense runs on Hyper-V: https://forum.pfsense.org/index.php?topic=109901.0

looking around here i see that my LAN and WAN are indeed on 2 different ports so that is good. and looking at my host adapter settings config it looks like my host is using the 3rd port so that all looks good. i see my one printer is now connected through my switch so that may now be resolved too. i have to check the rest of my attached devices (my wife apparently turned the printer off without me knowing…lol) once i get the bugs worked out i may change this configuration and put pfsense in front of my wi-fi and set it to an access point so all of my wireless traffic gets filtered as well

Yep… the (flash) disk died  :'( Taking the firewall out and putting on the bench, it was easy to see the boot sequence struggling with read errors. I booted into single user mode, fsck'd it - seemed ok - but then the next boot it was just a mess  :o So, I have a temporary solution to get it back in to service until I build a new unit.

As of this instant there aren't any serious issues in 2.2.x. But tomorrow the next Heartbleed or similar could be disclosed, leaving you with an urgent need to patch. No practical way to do that yourself. So I'd suggest switching to the BIND package, or better, moving DNS to a server machine instead, so you're not in a bind should some major security issue arise that requires immediate patching.

@johnpoz: Yeah I would really really complain about #1..  Why would they force you to use their nameservers??  That is just plain - I will find a new ISP sort of restriction!!! The authoritarian & business reason: Because they can, and they probably have "helpful" things like redirecting to a search page instead of giving an NXDOMAIN response, and naturally they sell ad space on said search page. The reason they might actually admit to: To stop their network from being used for DNS amplification attacks and maybe some other wishy-washy handwavy "user experience" mumbo jumbo.

I think I resolved this and accomplished pretty much what I wanted to do in v2.3.1 by: Create port alias with LAN ports I want to allow outgoing traffic on the "Firewall/Aliases/Ports tab. On the Firewall/Rules/LAN tab, edit the "Default allow LAN to any rule". Change Protocol from "Any" to "TCP". Under "Destination" select "other" in the "Destination port range" "From" and "To" DDLBs. Type the name of the port alias in the "Custom" "From" and "To" Text boxes. Click "Save". Click "Apply Changes".

What's the purpose of keeping the untagged VLAN1 and the corresponding "LAN" interface on the pfSense? I can't find it anywhere in the OP's description. I'd get rid of it, personally. You need two separate logical networks - Staff (VLAN 10, unrestricted) and Students (VLAN 20, restrictive firewall/proxy). That's two VLAN interfaces on the pfSense and a trunk port between it and the main switch. Then other trunks between the main and all other managed switches. All other ports designated for users should be access ports (untagged egress traffic) belonging to any of those two VLANs. If you want to have a separate management or server network, just create third VLAN and use it for that the same way as those two. With these switches you should be able to set up some nice stuff, like MAC VLANs so that you can connect your laptop into any port on any switch and always be connected into your management network with its IP adresses and firewall rules. Mixing tagged and untagged traffic together on the same port should be avoided. It can work and I've done that a few times too, but it's ugly nonetheless. @MisterVance: But all the rest of the switches, I have to use their configuration utility, and it doesn't look on other subnets.  Would that cause any problems? They might need direct L2 connectivity between the switches, so they can't talk across different VLANs. I admit I'm guessing here, because I have got only the fully managed higher-end TP-Links (yes, I know, sounds funny) here so no config utility, just the web and command line. Anyway, in that case it would be one more reason to set up a management VLAN where all the management stuff (and your PC) would be accessible together, on the same broadcast domain.

Glad you made it work mate.  :)

Hi, You're posting in the wrong forum section. Post here pfSense Forum » Administrative » Feedback

Thanks cmb. I installed from CD to the system with the HDD installed and kept all H/W the same post-install.

Helo Jamerson, I've been in a similar boat trying to install pfSense on my MSI AM1I motherboard, an AMD based mini ITX board with a rather spartan bios.  The USB installer boot would crash out leaving me unable to install it.  Although I turned off the 'Windows 8/8.1 secure boot' and set it to boot from 'Legacy and UEFI', it defaulted to UEFI no matter.  After thinking about it for a few minutes, i switched the sata port setting from AHCI to IDE, thinking it would force legacy over UEFI.  I was then able to boot the USB (I have no idea how a sata setting affected USB but it did) and install it to the local drive.  Once it installed, I installed needed packages and restored my old pfSense settings, then went back into the bios and set the sata port back to AHCI.  I had nothing to lose at that point in trying, other than some time.  So far, so good, I've rebooted maybe 5 times and have had no issues with pfSense loading or with any services starting.  So I am just throwing out that idea as a possible way to force legacy boot.  You might also want to check if there is any kind of legacy setting in the BIOS for USB as well, and try them.  Good luck.

@yodabug: LOL–I see this has devolved into a discussion about the posters understanding of networks and the network stack.. That wasn't a discussion, just a explanation how the ISP works here in Belgium @yodabug: BUT, since the community here at PFsense seems to be of the  "holier than thou you must be an idiot" crowd I will take myself on over to the Zentyal crowd and just re-install next years developer version. I mean you should see the support people are getting in the community user forums at Zentyal–true open source atmosphere. This is a forum for getting help for free, so you don't have to be rude because you run a little bit frustrated because pfSense doesn't work at the first time. And if you don't like the support here, go ahead and go to Zentyal if you feel better there. And last, we do not pretend to be holier, but who started with the first sentence "i have 25 years of experience…." ? Not we, but you, so if like to be a smartass and can't appreciate the help people are giving to you, then figured it out for yourself !!!

For future reference, I had this same problem on an old laptop. Using "hint.agp.1.disabled=1" rather than "hint.agp.0.disabled=1" fixed the problem.

Given the fact that you had to run that command, you should enable "Use non-local gateway" option at "System > Routing > Gateways > (Default Gateway) > Edit > Advanced".