Got it figured out!! Resetting my cable modem fixed the issue. I guess the pfsense SG-3100 wasn’t getting an IP from my ISP... but resetting it worked. Thanks!!!

If you can reach the gui and have made that change then you should be able to restore the config again and it will pull in the packages at that point. Steve

The maximum table size actually needs to be around double the size of the tables you are loading as it loads in the new tables at update before removing the old ones. 1M is usually sufficient for bogonsv6 and few large pfBlocker tables. Steve

Yeah, it's almost certainly all the same root cause. We are working to find and resolve that. For some reason it seems to affect Hyper-V especially badly. Going to 1 CPU core will likely work around it, at obvious expense, until we do. Steve

If you're coming from 2.3.X you should select the 2.4.4 update branch to reach 2.4.4p3 first. Then go from there to 2.4.5. It will likely fail a direct upgrade from 2.3.4 to 2.4.5. However I would recommend installing 2.4.5 clean and restoring your config into it. The jump from 2.3.4 is large. Steve

Probably this: https://redmine.pfsense.org/issues/10414 Try setting the VM to one CPU as a test. Steve

You should reinstall 2.4.5 again and make sure you restore a config from 2.4.4-p3 or 2.4.5. The 2.5.0 configuration is not compatible with 2.4.5 and is likely the source of your problems.

No earth shattering issues upgrading my MBT-4220. I took the reboot-before-upgrade path and nothing jumped out. I did see a few messages relating to needing a few more Mb for a package but the update process succeeded. The entire process took about 10 minutes. All packages are up to date and all services started as normal.

@cthomas What do you have System -> General Setup -> DNS Server Settings ->Disable DNS Forwarder set? The description appears apropos to your situation: Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall By default localhost (127.0.0.1) will be used as the first DNS server where the DNS Forwarder or DNS Resolver is enabled and set to listen on localhost, so system can use the local DNS service to perform lookups. Checking this box omits localhost from the list of DNS servers in resolv.conf. Cheers, Liam

Faced the same problem. When installing in Windows, an error occurred checking the checksum. I downloaded the daily build and everything was fine.

To be sure : look up all the 'snort' and 'squid' posts from the last 2 weeks or so. You'll find a way to put things back in track.

@stephenw10 said in How to forward ISP provided vlans to an interface?: I assume you mean em(4)? But it shouldn't matter what NIC/driver you use. Add a VLAN 35 on em2 and assign that as an interface. If can pull two dhcp leases, and if others have this working with a switch is might, then bridge that VLAN interface with the WAN as I assume you have done with the other VLANs required. If not then you can enable that interface and set some unused static IP on it. Enable the dhcp server on it and the HH3000 should pull a lease. Add firewall rules if it actually need to get out to check connectivity. What do you have setup currently. Steve I'm not sure I can pull two dhcp leases or not, but if I did bridge it correctly, i guess not? [image: 1586391895481-wan.png] [image: 1586391903724-interfaces.png] [image: 1586391916769-bridges.png] [image: 1586391921184-hh3000-em2.png] [image: 1586391924811-hh3000-vlan.png]

I would probably try low-level formatting it using the Intel SSD tool if you have Windows available. Steve

Just a follow up that update worked as expected on both firewalls in the cluster, from -p2 to -p3. We'll wait a while for kinks to get ironed out of 2.4.5 before upgrading.

@stephenw10 yeap, it is seem to be corrected. All the previous versions may be wrong

It certainly could be related. If you were seeing connection issues during the package download it would fail. Steve

Not easily but once it's installed you can add that line to /boot/loader.conf.local if it works. Steve

@Gertjan said in New SG-3100. Cannot access Setup Wizard/Web UI: @ajtradtech said in New SG-3100. Cannot access Setup Wizard/Web UI: but not to my home network while I get the firewall rules squared away. If your home network, your LAN, only has devices you trust, you have nothing to do. The default WAN rules, that is no rules at all, and one default pass all rule on LAN, works well. If you have devices that you don't trust, never forget the most logic action : remove the device from all known networks. Like this, the unknown issue bug will never bite you. This solution is fool proof for live and beyond. If you have to accept this non trusted device on your network, put it on a dedicated, sedonc (third) network that can only communicate to the Internet, and you decide with rules, for this (these) devices(s) where to, with who, etc. When you make an error, you won't risk much. Never have these devices access your LAN based (trusted) devices. Using internal networks like this is they way firewalls routers should be used. Always keep it simple (for yourself) and try to make firewall rules that you understand and are able to test. For that matter, don't even trust your own firewall : test what you want to achieve. Thanks for your advice. It mirrors what I'll be attempting- segregating some IoT devices. I'll start a separate thread for that, though. Looking forward to the community's input there. I've unlocked some interesting opportunities with this pfSense box!

@stephenw10 Thank you ! And I want to repeat - pfSense is awesome and I’m glad I made several years ago to to switch to it !