A day later and, indeed, can confirm one of the modules in the MagicMirror was doing a nmap sweep of 192.168.1.0/24 (legitimately, just not clear why the static IP range) confirmed by shutting the module off and temporarily corrected by putting an explicit block rule on LAN > * for 192.168.1.0/24. Still not quite clear what, exactly, loads of requests on :80, :443, ICMP to 192.168.1.0/24 hosts being dumped out on my ISP router ended up doing. Likely, though, the fact that my router was in bridge mode contributed, though I never tried in route/NAT mode, so I can't be sure. Regardless, it's fixed now, but what a nightmare! Thanks @stephenw10 for all the patient help, even if it didn't end up being a PFSense issue in the end! At least it's fairly well documented here so hopefully anyone with similar issues in future will have a reference for other potential problems...

Yup, that's one of the many advantages a real AP offers over using WiFi hardware in pfSense directly. 😉

Ok so that error is actually secondary. It's failing to display a notice but the initial issue generated that notice.

It's probably a file system issue that can be fixed by running a check from single user mode:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-check.html#manual-filesystem-check

Steve

@stephenw10 I got it sorted in the end. Mikrotik on the other end of the link, freed up one of the SFP+ ports. Very simple...

@Gertjan said in Stuck at booting:

igb8 and igb9

Why these two ?

Usually it's because there are 8 NICs on board and 8 on an expansion card. The expansions card NICs almost always get parsed first putting them as igb0-7. Then the on-board ports that are marked as #1 and #2 become igb8 and igb9.

@stephenw10 I just found a more highly related thread and just 2 minutes before your reply here posted there:

https://forum.netgate.com/topic/167192/newbie-question-is-the-6100-directly-compatible-with-this-fiber-connection/23

Does the NIC report the module present? Do you see link LEDs?

Have you tested the module in anything else?

How is the switch port configured?

Typically with an igb SFP port like that it will only link to 1G port.

Steve

@Ghost-0 said in Nuisance pfSence issues disappeared after upgrading hardware:

Error #3: dpinger 14176 send_interval 500ms loss_interval 2000ms time_period
60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms
loss_alarm 20% alarm_hold 10000ms dest_addr 10.X00.X.1 bind_addr 10.X00.0.X identifier "NORDVPN_VPNV4 "

Just for information that isn't an error. It's dpinger restarting.

The hardware required really depends almost entirely on the bandwidth you need it to pass. An i5, even an older one like that, is pretty higher power. You should pass 1G without breaking a sweat for example!

Steve

@denitrosubmena said in What uses storage space for pfsense?:

that is enough reason to get back to zabbix again then
you prefer zabbix to nagios?

I prefer Zabbix, but for no other reason that it is the product I learned first/most about.

so will setup new zabbix instance and test out what i want and see how far i get

one other question, can one use ntop-ng with any firewall? like fortigate for example?

NtopNG is a standalone product when installed on another machine monitoring a Mirrorport in your switch. You can use it with whatever firewall product you like when setup like that.
In terms of installing it on the Firewall itself, it is not really recommended and it is only possible on pfSense/opnSense and any “selfmade” linux firewall you might setup.

What as using it? Make sure you have top showing all process, at the cli use: top -HaSP

@Gertjan thank you, they fixed it and all is working.

BIOS attacks almost always require hands on to deploy. They can also be deployed by tricking the user into using a compromised BIOS.
I would also rate the chances of a remote attack as very low. The chances of a socially engineered attack has a higher probability. Your careful actions should make you safe.

@stephenw10 Thanks Stephen! We'll give them a shot in the 8300 appliances if the cards you sell will not be on stock for the next two weeks.

Best regards,

Hagen

If it failed to boot the 24.03 BE it should have rolled back to the 23.09.1 BE. And it would show and alert when you next logged in. I would also have expected it to have marked the other BE as bad.

It's possible you accidentally selected a different BE on the reboot screen.

I would select the 24.03 BE to boot again and check at the console while it reboots if you can.

Steve

Congratulations on your efforts.

I went a different route to eliminate any USB and virtualization delays/errors.

https://github.com/elvisimprsntr/pfsense-ntp-gps

@Gertjan
Maybe not but .....

@tiago-fgm
I have successfully killed the watchdog. I am still having issues with reboots after the installation. I can only assume it has something to do with UEFI, partition format, or something along those lines.

Here is what I used to disable the timer:

I am happy to collaborate here if you start working on it.

@michmoor Hello, sorry for late reply. No limiter configured on this.

Yes, upgrade to 23.09.1 then you will see 24.03 available.

No downgrading is not supported. You won't see earlier branches available. However if you are running ZFS you will see a new boot environment created at upgrade and you can always roll back to the old one.

Yes you can put pfSense directly connected to an upstream router.

Ideally I would want to see: Modem --- pfSense --- switch ---- < devices >
I.e. only one router and that's pfSense. Doing so avoids double NAT. However that may not be possible depending on what you're using your upstream router for.