What do you want to know dude, if your isp is locked down to prevent inbound traffic, there is nothing pfsense can do to fix that.. Run a vpn that supports inbound traffic if that is what your after.

If it's a moderate size disk then RAM isn't a huge concern. I don't have any specific disk size vs RAM consumption recommendations, but I've gotten away with ZFS even on some really low-RAM VMs when testing.

@kevin9033 said in Migrate Sophos XG/UTM to PFSense: Sophos UTM/XG I was also thinking to install pfSense on some old Watchdog hardware installation may be possible on some of them with a little hack but thought those hardware are too old to run the latest pfSense OS so decided to go with netgate certified / approved devices. I found a link regarding Sophos https://forum.netgate.com/topic/133355/installing-pfsense-on-sophos-xg-105-rev-2

@Derelict okay? The bug is restarting interface assignment after doing so

Actually I've learnt a lot form the guidance given here. But it has to be infuriating to deal with the problems of numpties who don't really understand how stuff works but non the less want to set up something which is beyond them. Cables are bought and changed about to check for errors tho not got a connection checker here. What I meant to be saying in my final note on the problem was that a good deal of time was wasted because I hadn't realised Id got a problem with dhcp on the client and restarting linux didnt flush the network if that’s even the correct phrase. sudo ip route flush table main – after which it got better -or maybe I just imagined it ;) Anyways, its doing what it should now - Thanks

Appears to be UPnP AV. So all multicast discovery shenanigans.

You can import the old configuration. When you restore it will prompt you to remap the interfaces, but that should be all it needs. You might want to remove any <package> ... </package> sections, restore that modified config, and reinstall packages after you restore. That would make it smoother.

So /32 is not correct.. Should be using the mask of your netblock [image: 1556532580703-vipmask.png] Then also run through the troubleshooting guide. https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html First thing I would do is actually validate traffic is hitting your wan with dest to that IP, with a packet capture. edit: Oh you got it working - you deleted your last post saying you were still having issues. Glad to hear.

Yeah so this got solved with a power cycle of the modem. That I SWEAR i'd done 1000 times in myriad different orders of operation. I did refresh and renew the dhcp under Interfaces->WAN before the the refresh/renew had seemingly done nothing (still had 0.0.0.0). So I'm up for now at least...

@JeGr said in New installation strange behavior - I can access web interface. however, I can't ping to the device: no ping" to "ping" that's your case: Thanks and it does explain everything .... You are a star.

Hi, The numbers I got were posted earlier. The changes I made to the loader/sysctl for the most part do not seem to have changed much. The speed increase happened once I turned off the option to insert a stronger ID. For reference here are the system tunables page (sysctl) and boot/loader.conf.local file. Most of which is now commented out and/or for the built in interface card and not the chelsio. :p #Improve Cache size hw.ix.rxd="4096" hw.ix.txd="4096" #Change processing limit -1 is unlimited hw.ix.tx_process_limit="-1" hw.ix.rx_process_limit="-1" #Set the queues to cores #hw.ix.num_queues="16" #force flow control settings 0 to disable. hw.ix.flow_control="0" dev.ix.0.fc=0 dev.ix.1.fc=0 dev.ix.2.fc=0 dev.ix.3.fc=0 #disable cache connection detail #net.inet.tcp.hostcache.cachelimit="0" #ensure HT is disabled machdep.hyperthreading_allowed="0" #enable optimized version of soreceive #net.inet.tcp.soreceive_stream="1" #unlimited isr threads to maximize all core use #net.isr.maxthreads="-1" #net.isr.bindthreads="1" #use msix instead #hw.ix.enable_msix="1" #use aim to improve efficency on network stack #hw.ix.enable_aim="1" #hw.ix.max_interrupt_rate="16000" #increase max interrupts #hw.intr_storm_threshold="9000" [image: 1556238943170-sysctl-resized.png] Hope that helps. Cheers!

Yes it does. It is listed as "default". That's what 0.0.0.0/0 is all about anyway! [image: 1556193675221-aaa657c2-01ae-4e73-a32c-a5dfaf21a1a8-image.png]

@homikaushal said in Data Transfer: I have a cisco 3560 8port swicth between pfSense and VMs. What is the exact switch model number ? IIRC some of the range are 10/100.

Hi, @Jungtv said in Convert pfSense from virtual machine to physcial machine: t 70 physical machines .... don't have internet access ... You could check with VMware how to clone the disk space. This way everything will be copied over, packages included. The basic idea of pfSense is : save the config file, and import it on another device But it will be not a 100 % pure "sit back and watch" experience : the network interfaces will probably be using other drivers, so other interface names. You have to re do that part of the setup for sure. Install a Ethernet router, not connected to the Internet is still like construction a swimming pool without any water in the neighbourhood. The question has been asked many times before, and I guess it's possible to preload the package files. It boils down to : are you a real FreeBSD expert ?

Well I hunkered down for a long list of troubleshooting, listed out the various things I was gonna try in the order I'd try them. I released and renewed DHCP under Status->Interfaces->WAN (while running a pcap) I restarted the modem with the WAN ethernet cable plugged in and the pfsense box powered on the whole time etc And I never got to spoofing the mac address or anything. The WAN IP was still 0.0.0.0 and the pcap looked the same after the first step but after a restart of the modem it grabbed an IP address!!!! I swear I power cycled the devices many times in a multitude of different orders of operations and it never worked. Maybe the release and renew of the dhcp, though not working before a modem restart, actually did something to help on the next modem restart. In any event, fingers crossed, i seem to finally be up. I don't understand why I had issues with only the Dell installation but at least I have learned a few things along the way:) Thanks for all your help!

@slightlybeige said in IP address conflict on new install despite changing it?: The fault I'm more interested in is how changing the interface IP appeared to somehow NOT change the interface IP. Connecting to an Interface and changing the IP is time critical. I can't test it right, now, but I guess you wind up having a big green Apply button. Ones hitting that, there will be a message that states that pfSense changes LAN settings, and a browser redirect should activate in "20 seconds". After the delay, the GUI should work on 192.168.1.4. If you connected your new pfSense to early, some of your network devices might have 'sniffed' that another "192.168.1.1" device was present on the network, and things go haywire. Btw : when starting up a new pfSense, I always activate the console access. Serial if possible, if not keyboard/VGA and by SSH also. Maintenance related to the GUI itself, IP changing, etc, I don't use the browser that, I use the console.

Hmm, that is usually OK to have enabled but yeah I;d just leave it disabled if it's causing a problem. Steve

Concur with Stephenw10 here, complex is normally not the best choice.. Why can you not just route/firewall with pfsense - if your current edge device can not be put in modem/bridge mode so that pfsense gets public IP on its wan.. Then just double nat.. Much simpler setup! Than bridging..