What is it connected to? What state does that show for the link? How is it configured? With a DAC cable you might have no connection options at all in pfSense. It will only connect at 10G autoselect.

Ah OK. Yup that's what I might expect. Using fiber modules will often give you more options for connection type.

One more update on this subject. pfSense is still stable with zero up/down events since limiting to 5Gbps. My TrueNAS box, on the other hand, started showing the same behavior (at the same 5 min intervals) after a software update. They were happening about 1x per day, but even though only one interface in the lagg would go down at any given time, I'd measure some packet loss, likely because smokeping is also on a 5 min interval. This was a change from previous observed behavior where the up/down events would occasionally happen, but not on the 5 min interval and no measured packet loss. I picked up a Dell X710-T2L for a song on ebay (seriously, like $30 shipped) and cross-flashed it to the Intel firmware. I replaced the X540-T2. My intention was to also limit to 5Gbps but I haven't had to do that. The events just stopped and 0% loss since then. It's even more puzzling because the cabling here, while short, has multiple excursions into wall-mounted jacks with Cat6 (not Cat6a) running under the house through the crawl space. That was not the case with pfSense, which is directly cabled to the switch with Cat6a patch cables. Don't really know what to think about this other than that 10GBase-T is a crapshoot.

I have an older ASRock Rack motherboard, and I also had my share of struggles with their BMC port sharing. On this motherboard, from what I found in my research, this virtual AMD port appears when instead of using a dedicated BMC port, you share this port for other purposes, or when you only have one cable connected to a certain port. As far as I understand and remember, the settings for this behavior are not in the BIOS but in the BMC’s web interface. In the Configuration section, there should be several options for network, link configuration, and choosing between shared or dedicated. One of these options should disable this virtual interface, but I’m not entirely sure. The motherboard manual might provide more detailed descriptions of the BMC settings, but on my board, these settings are quite confusing, and the manual doesn’t cover all of them. Overall, I had a similar idea—to have access to both the BIOS and everything else. But as usual, since their BMC relies on Java, which can’t be updated, it’s impossible to use their applets because the board is no longer supported. In the end, I connected a PiKVM to this board. For anyone considering purchasing an ASRock Rack, I highly advise against it if you plan to use the board longer than its support period (typically 2-3 years), as the BMC might "turn into a pumpkin" after that.

@ojosaghae For official hardware you get pfsense plus and TAC Lite. A side benefit of maintaining the project. Protectli you get robust hardware (faster proc, more mem) and a fair price but you will have to purchase pfsense plus or run pfsense CE. If I'm running a business I'm going with pfSense plus regardless of hardware. That said, factor in the cost of protectli including a license for pfsense plus.

Did it work are you now a Cisco Certified Netgate Associate ... jk. like Cisco's CCNA CCIE and CCNP certifications

@elspoon said in Protectli VP4630: was following NetworkChuck's YouTube video to the Tee for about the first 15min... your home router SUCKS!! At this moment, he, Chuck, is given totally non important setup information. He didn't tell you that : From now on, all your private ( ?!) DNS info goes to 'some' companies. Why would he advise you (us) to use these, or any other DNS server(s) ? These DNS servers entries can be left empty. pfSense, out of the box has a working SNS setup. pfSense resolves ! DNS was working just fine for decades before 8.8.8.8, 1.1.1.1 etc came along. I do not say 8.8.8.8, 1.1.1.1 etc make things worse ... but not better neither. So, again, ask the question : why are they there, what is there ultimate goal ?

@stephenw10 Thank You. Let me try the same.

Just to put some closure to this thread... It was the PCIe lane being saturated. Upgraded the hardware to a motherboard with a PCIe 3.0 x16 and this is the result: [image: 1729819384736-final-resized.jpg] @Gertjan @keyser @stephenw10

That was my expectation too. I didn't notice anything during the boot process. I was in a hurry, so I didn't look carefully at the logs. At the moment it is not a problem, the backup was only a few hours old. I just wanted to make sure that I didn't do anything wrong at the initial setup.

Ok, thank you very much. I will give it a try tomorrow.

Can you see them in the BIOS POST output? I would try the card in the PCIe slot only first. Do you have a PCIe 1,2 or 4x card you can try in the slot directly? Do you have a mPCIe card you can test dircetly? A wifi device maybe. Steve

@stephenw10 Not to worry Know dif between 2.5 GbE that can run over cat 5+ copper SFP which is 1 GbE based fiber and SFP+ which is 10GbE based fiber. G

Performance gain will only be marginal there but saving drive writes can be significant. You must have quite large drives to run with pfBlocker? If it's running OK, not exhausting the RAM drive, then why disable it?

Wanted to provide an update regarding this issue to share awareness for those who are running into the similar issue I was experiencing. I stumbled upon this forum, https://forum.proxmox.com/threads/not-showing-correct-ram-for-vm.70219/ and I confirmed inside of the Proxmox VM configuration, I had HotPlug enabled for both Memory and CPU. As soon as I removed this from the VM Option and reboot, it resolved my issue and now I can see the correct Memory Allocation in the PFSense Dashboard. [image: 1728670642850-a312e75c-a55b-48ae-80f0-93883e14f387-image.png] [image: 1728670729611-9ba076be-333f-4ac2-aa09-643d53798aef-image.png]

I will say that a lot of the bad rep Realtek NICs have is left over from their older 10/100M chips that were truly terrible. The 1G NICs were much better, but that's not saying much. The 2.5G 8125 seems OK from my limited testing. Still amusing https://github.com/pfsense/FreeBSD-src/blob/devel-main/sys/dev/rl/if_rl.c#L46

Since I got stuck with a non-connecting SG125, thanks for all the explanations that allowed me to find correct settings to access the freshly installed appliance. For future users, see the connections in the picture below, valid for SG125. I have only tested igb4 and igb5, but I suppose it will continue igb6, igb7, igb0, igb1, igb2, igb3. [image: 1728463169055-sg125_igb_conn.png]

Ah, good result!

It checks the status returned by the disk(s) every time you open the dashboard. See: https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/widgets/widgets/smart_status.widget.php#L85 Steve

A day later and, indeed, can confirm one of the modules in the MagicMirror was doing a nmap sweep of 192.168.1.0/24 (legitimately, just not clear why the static IP range) confirmed by shutting the module off and temporarily corrected by putting an explicit block rule on LAN > * for 192.168.1.0/24. Still not quite clear what, exactly, loads of requests on :80, :443, ICMP to 192.168.1.0/24 hosts being dumped out on my ISP router ended up doing. Likely, though, the fact that my router was in bridge mode contributed, though I never tried in route/NAT mode, so I can't be sure. Regardless, it's fixed now, but what a nightmare! Thanks @stephenw10 for all the patient help, even if it didn't end up being a PFSense issue in the end! At least it's fairly well documented here so hopefully anyone with similar issues in future will have a reference for other potential problems...