I had the same problem a few hours ago for a while. Now it works properly.

First, ensure that the traffic you are suppose to see, is there. tcptop won't tell you much, or anything, if the rules are not there to let the traffic in/out (use tcpdump). It should be straight forward to mirror a port in any managed switch, but you should ask in the ubiquiti forums. Now, think about this, if the mirror config is correct, and the date is being sent to the WAN in pfsense, WHY would pfsense do ANYTHING with that data if it is NOT addressed to it? You may be able to see traffic with tcpdump if you put the interface in promiscuous mode, but if pfsense doesn't have an address on the WAN and it is not routing/handling the information, it will not go through it. What you want is to put pfsense in series with your current network. Add it as a router and simply use an rfc1918 address to link the Internet to your current setup. I am sure there is a way to convert the IPS in pfsense to an IDS, but that's not the design/purpose of pfsense, so you are on your own there. @bbuchanan99: snort/suricata….I have gone into my ubiquiti unifi switch and mirrored port 1 (Router uplink) to port 19 (Mirror port).  The pfsense is then connected to port 19 via opt1.  I don't seem to be getting any traffic on the port, tcptop shows nothing on the opt1 interface.  Anyone know how to mirror a port on a ubiquiti switch?  seemed really straight forward but something does not appear to be working.

The act of working to understand why it almost certainly won't work isn't in itself a waste of time. Maybe you'll be inspired to learn FreeBSD and create a driver. It would be nice to see a response on the other thread though.  ;) Steve

I am running 2.3.2_p1 and was running 2.3.2 with openvpn and no issues.  I am currently connected for that matter.  Both as pfsense as a client connected to a vps server running openvpn-as and as a road warrior client connected to pfsense openvpn server. Without some actual details of your setup, and what exact errors your seeing.  I have to assume since your using the export that your trying to connect to pfsense from somewhere else.  What IP are you trying to connect too?  Sure your using pfsense public IP?  Are you using udp or tcp?  What port - do you actually see the connection to pfsense, or is the tls handshake error after some other error? What does the log on pfsense show, what does the log on your client show?

In case anyone else runs into this, it seems to be esxi 6 related.  don't know if it's update 2 or not, but I can confirm the behavior doesn't happen on the same hardware with esx 5.5.

Thread management lic for juniper is not cheap..  Lookup on CDW shows it going for like 11K for 3 years. I am with muswellhillbilly here.. This is a great statement "If you're running a Juniper that nobody knows how to use, then I would think this is an obvious weak point in your security overall. Either educate yourselves in how to use the Juniper and make an informed decision about whether to keep it or not, or remove it altogether and substitute it for something you know something about" I could not have said it better.. While there are clearly some things that juniper can do that pfsense can not..  Your going to pay for those somethings ;)  Do you need those somethings is the big question.  The srx can be a bit tricky.  They are not as straight forward as say the ISGs or SSGs

There, that's all I am saying, it is a bug when the upgrade on vanilla systems fails. @Nullity: @pppfsense: Not what I am saying. It has gotten better, but in my experience, with other similar free software, the failure rate is very, very low. I, for one, have never had an upgrade failure with Untangle, and I have been using it longer than pfsense. With pfsense, in the last few years, every upgrade has had issues for me. Most of them small enough, but that is not the point here: This code is known and it does get to fail in vanilla configurations. Some condition/exception is not being detected or handled properly. Example: https://forum.pfsense.org/index.php?topic=119344.msg661368#msg661368 When I see the word 'odds' as a possible explanation of why the upgrade went wrong, it proves my point: Something is missing or being missed…. I know it is hard and I appreciate the efforts, but in order to get better, we need to admit the issues. @JonH: Today performed my very first ever upgrade, not knowing exactly what to expect. Seemed to work just fine.  No problems. lol… everyone knows that all complex software has bugs, known and unknown. This is not an interesting or useful observation. So, we admit there are issues... now what? Bug reports require details so that others can reliably and repeatably recreate your situation. Without these details there is nothing anyone can do. Things like "The update failed! HELP!!!" are not helpful. Also, don't forget about user error. :)

Doesn't make sense. If the NIC was working with a previous version, a new version would not have killed the NIC. Plus you do see the link on the modem coming up as pfsense boots right? (i.e. NIC works). Reboot modem, reboot pfsense. Check Status - Interfaces and try to get a new DHCP address. You can also try assigning the MAC address of the Linksys router to the WAN interface so you don't have to reboot the modem. Last resource, just for testing, assign the given DHCP address to the WAN interface (no DHCP). (You can also try connecting the pfsense WAN to the Linksys router and see if pfsense gets a DHCP address). @Ramosel: @pppfsense: You DID reboot the (cable) modem, right? Yep, several times.  Observation: As the power comes on to the pfSense machine, the link light on the Arris box goes valid (green).  As the boot progresses and the drivers load, the link light goes out.  Boot finishes with no WAN IP negotiation. Been busy with other projects but just may do a clean reload today and pull a restore. Rick

@kjoe: @Renato: @kjoe: @Renato: @Juve: This is a huge step back. pfSense is used into higly critical internal network with no Internet connectivity (at places where Internet even does not exists yet :)) The only mean of upgrade I see is full reinstall with backup import…. This is sad. Lets say you want to upgrade 2.3.2 from LAN, you would need to mirror 2 repositories configured on /usr/local/etc/pkg/repos/pfSense.conf: http://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/ http://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/ To a local webserver, and then add a host override in 'DNS Resolver' pointing pkg.pfsense.org to the local address. is just a problems here to update how do you bypass certificate check Using http instead of https that's the problem whe it check ssl certificate from server it thow a warning because the server certificate is another thing diferent from pkg.pfsense.org is my server name. that make a conflict with ssl check so you can not install update. here the log from update Upgrading pfSense-repo… done. Updating repositories metadata... Updating pfSense-core repository catalogue... Repository pfSense-core has a wrong packagesite, need to re-create database pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error repository pfSense-core has no meta file, using default settings pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error Unable to update repository pfSense-core Updating pfSense repository catalogue... Repository pfSense has a wrong packagesite, need to re-create database pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error repository pfSense has no meta file, using default settings pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error Unable to update repository pfSense Failed the after that i got this in system update The following input errors were detected: ERROR: Error trying to get packages list. Aborting...     pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' required     ERROR: Error trying to get packages list. Aborting...     pkg: Repository pfSense-core missing. 'pkg update' required pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error pkg: Repository pfSense-core cannot be opened. 'pkg update' required pkg: Repository pfSense cannot be opened. 'pkg update' required Updating repositories metadata... Updating pfSense-core repository catalogue... Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/meta.txz: Authentication error repository pfSense-core has no meta file, using default settings Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-core/packagesite.txz: Authentication error Unable to update repository pfSense-core Updating pfSense repository catalogue... Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/meta.txz: Authentication error repository pfSense has no meta file, using default settings Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: Certificate verification failed for /CN=sdc.conjusol.cu 34401135112:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/builder/pfsense-230/tmp/FreeBSD-src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1185: pkg: https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz: Authentication error here is the logs with certificate error solved all this editing pfsense.conf repo in /usr/local/etc/pkg/repos setting as http local repo and is done

A simple check for folks thinking about a non-sine UPS solution. Check the temperature of the power supply on wall current and again on the non-sine UPS. Even better check it with the UPS batteries at 75% charge levels as that can generate even more unwanted heat. We have had issues with several power supplies cooking when running on UPS power, they had run for months on wall power with no issues. Some power supplies, particularly some with PFC do not play well with non-sine power. We had to replace a number of HP desktop power supplies as the computers crashed on switching to inverter power. Full-sine or near-sine units are cheap enough that I'd not consider less today.

Hi jimp, thanks a lot for your reply! I was abroad for work so couldn't test this earlier at home. I installed the CE image and that went fine, I was able to import my config and all is up and running now. I did however get following message which worries me a bit: [image: 7sMeA6T.jpg] I followed following guide to install pfSense again on my SG-2440: https://doc.pfsense.org/index.php/Installing_pfSense#Performing_a_Full_Install_.28ISO.2C_Memstick.29 Should I be worried about this message? What is the best way to get the official optimized image for my SG-2440 that was on it when I first received it so I can manually upgrade to the latest afterwards? Thanks again for your help, I'm really glad everything is back online now :)

The first 4 lines under Cache information for squid.

Thank you Jim.

PFSense 2.4 alpha UEFI boots out of the box. I run it on a Qotom Q190G4 with ultra fast boot enabled and the pfsense bootloader timeout set to 1 second and it's unbelievable how quickly it's back up when it reboots!

had a similar issue trying to update using chrome…switched to firefox and worked smoothly.

@Lucky06480: I had a similar problem, described and resolved here : https://forum.pfsense.org/index.php?topic=119077.0 May be same solution can help ? Best regards, Luc Thanks Lucky06480 it worked. Thanks alot! Cheers!