Pleas euse the ADI image to reinstall and play back then the backup file. That´s it, ready in ~15 minutes!

Like you mentioned, I think it may be a firewall rule issue. I am slowly getting better at understanding the logic to them but still struggle from time to time. VL10 Rules Before posting this reply, I created a rule at the top of VL10: Source: VL10 net Port: * Destination: VL10 address Port: 53(DNS) I have previously been successful using this rule which was created from the tutorial I linked above: Source: VL10 net Port: * Destination: LOCAL_SUBNETS (an alias with all VLAN Subnets) Port: Allowed_OUT_LAN (an alias with DNS in it) General DNS Resolver Options Network Interfaces: VL10 is highlighted Ping $ ping -c 5 192.168.10.1 PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data. 64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.243 ms 64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.206 ms 64 bytes from 192.168.10.1: icmp_seq=3 ttl=64 time=0.222 ms 64 bytes from 192.168.10.1: icmp_seq=4 ttl=64 time=0.189 ms 64 bytes from 192.168.10.1: icmp_seq=5 ttl=64 time=0.211 ms --- 192.168.10.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4049ms rtt min/avg/max/mdev = 0.189/0.214/0.243/0.020 ms netstat -an Proto Recv-Q Send-Q Local Address          Foreign Address        (state) tcp4      0      0 192.168.10.1.53        *.*                    LISTEN DNS Resolver logs I changed the verbosity level to 5, restarted the service and checked the logs setting so it would show 600 logs. I didn't see anything about binding to the IP. I searched for 192.168.10.1 as well. I ordered 2 SuperMicro SATA SSDs and will be re-installing in a few days but would like to understand where I am going wrong. Also, thanks for the help. I'm learning a good amount from this thread. Networking is one of my weaknesses EDIT I found the issue with mine. I had set a NAT rule to forward 5353 to 53 when the DNSResolver "broke" so I could use the DNSForwarder. While troubleshooting, I deleted the firewall rule in the VL10 rules page but forgot to delete the VL10 NAT rule. Deleted the VL10 NAT rule and all is well now. I feel accomplished and like a dumbass at the same time!

I need/want to do a fresh install on my /SG-4860 after a buggy snapshot screwed up my system. Reading the manual it talks about downloading Yes and this is owed to the circumstance that the SG-xxxx units from pfSense or Netgate should be sorted with that ADI image nothing more and nothing less. It came pre configured and is matching well to the SG-xxxx units. pfSense-netgate-memstick-ADI-2.4.1-RELEASE-amd64.img.gz from the portal ONLY if I have a subscription. So just want to be 100% clear, the subscription is the "Gold Subscription $99.00 for one year" and not a support subscription? You will be able to download it here too, and not only over the subscription based Netgate account! Please go here and chose the following: official pfSense download page Version as example 2.4.1 ADI image download server Please see the attached image to chose the ADI image While I want to do a clean install, I don't really want to manually redo all my DHCP Static Mappings. Is there any way to export/import just those? Do a config backup and export the config xml file first  

pfSense 2.4.0-RELEASE Now Available! You will need 5 minutes to read all, but it is worth the time, you will be sorted with any information you really need!

Replying to my own problem, for future readers who may have the same issue. This RAID card does not make JOBD drives bootable. It seems like a weird arbitrary decision, but that's the way it is and I haven't found a way around it. Morphing the JODB drives into simple volumes seems to create the equivalent of individual RAID0 drives.  Which does not expose the hardware to FreeBSD/pfSense. So yes, I am seeing 4 logical drives, but to get the full ZFS-experience and reliability I understand the OS must see the hardware, not just logical volumes. There seems to be no solution to this, besides getting a card with a proper pass-through mode. Which is what I am doing now.

I'm assuming you are wanting to setup also https filtering. If you are planning on doing ssl bumping, i recommend squid and diladele (QLPROXY) Depending on how many devices you use, they are fairly cheap, but can get expensive. https://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/index.html This is a setup on how to get it configured.

@genccluber: pls help me FIrst check this tutorial . https://doc.pfsense.org/index.php/Boot_Troubleshooting and https://doc.pfsense.org/index.php/Installation_Troubleshooting It helped me to install from a bootable USB Stick to a USB Stick - pfsense MemStick version. BR, Adrian

Edit the rule, make sure it has no schedule selected, then save. It should clear the old entry out of the rule.

@etian90: Hi guys, I´m having the same problems with my snort, I can´t update my rules. do you know how I can do it manual? thanks What error message is being printed in the log file viewable on the UPDATES tab in Snort?  There are basically only three things that go wrong here and those are: 1.  You are running pfBlockerNG and one of its IP address lists included the IP address pool of the Amazon Web Services network used by the Snort VRT to host their rule downloads.  That is probably the most common cause of this problem.  If you are using pfBlockerNG, disable it while attempting Snort rules updates. 2.  You have the OpenAppID rules download enabled but you are located in a country which is being blocked by GeoIP rules from accesing the university web site in Brazil that hosts the free OpenAppID rules download package.  If this is the case, you simply can't use those rules unless you can use a VPN so that you can appear to be coming from a different non-Geo Blocked country. 3.  Rarely, the Snort VRT folks have a problem with their automated system that posts the rules package files.  Sometimes the MD5 does not get updated or is missing entirely.  If this is the problem, it will fix itself soon. Reading the error message you will find in the Rules Update Log will help you figure out which of the above three common problems you are experiencing.  If the message in your logs is something else, then post the entire message back here and we will see how to proceed. You can't update the rules manually with the Snort package on pfSense.  Too much stuff has to happen in a concerted fashion to make that practical. Bill

Get a true AP, or use whatever old wifi router you have laying around as an AP to connect wifi to your lan network.

Roger that! Thanks, guys.

I know the vlan labels changed but would that prevent them from pinging out?  I can't ping any ip address via that interface and I can't ping the interface IP from my desk.

@Derelict: You have still not provided any console output from the VM host. The console only shows the message about the admin logging in from a remote IP address. I have mitigated the issue by using physical hardware instead of a VM. When installing PFsense 2.4.1 to dedicated hardware the restore works (3 attempts out of 3 succeeded). When restoring to a VM (ESX 6.5 U1) the restore attempts (0 out of 6) are successful. Thanks!

The intel datasheet says 64-bit is supported. Where is the problem? Go with version 2.3.5 it is maintained for ~12 month as I am informed right. And then you could change if you want to a newer hardware platform, but you can also try out to disable the graphic unit inside of the mainboard and then try installing the serial only version and not the VGA version. Could be running nice, but then a serial console cable or USB to serial adapter will be a nice to have thing if you must connect through it.

Ok, you are right, it's MBR. I had installed it twice and the first go-around I had chosen GPT. I thought I had the second time too but I guess not.