The document not new enough message is not an error. It just means it's already up to date. The only actual error there is: * ipv4 connect timeout after 19808ms, move on! * Failed to connect to pkg00-atx.netgate.com port 443 after 30009 ms: Timeout was reached * Closing connection That's a problem, it should be able to connect there. But it does successfully connect to the other pkg server. And then later is able to connect to pkg00. So there could be an intermittent connection issue.

@g405tsh311 said in pfsense 2.8.1 ISO: @nimrod Just another limited minded with narrow and low IQ. Yeah. Im very limited. Do you realize that you are crying on vendor forums just like thousands of other users have been crying before you. Do you really think Netgate will change their stance on what they are doing just because you started this thread? They can do whatever they want, and there is absolutely nothing you can do about it. Deal with it and stop your whining. If you want to pay go right ahead but, don't sit there claiming opensoure licensing while doing the opposite, I absolutely wont pay. But i also wont start a thread and whine because they switched to payment only model. I will just quietly move to something else. Simple as that. No need to be drama queen and seek attention on vendor forums. It wont change anything, so stop it. Do you even know what being entitle or spoiled actually is? You are the best example of it. The people like you are crying and running to the cloud, that by the way, do you even know where that concept came from?, trying to save money, when in reality you are wasting it. You are so brilliant arrogant user. You know me so well. Spot on good sir. Again, DON'T READ THE POST!! Again. Stop whining.

@stephenw10 You are correct, but it confuses me even more. The Idrac says port 4 is down. From the idrac8 software: port 1, identified as 10gb, mac ending with 6e. port 2, identified as 10gb, mac ending with 6f port 3, identified as 1gb, mac ending with 6c port 4, identified as 1gb, mac ending with 6d From the arp table (either in pfsense machine or router) WAN 192.168.0.89 :6e (pfsense wan address, passthrough) WAN 192.168.0.90 :6c (proxmox address) OPT2 10.1.1.50 :6d (direct connection) OPT1 10.1.1.50 (not active now) :6f Also what is confusing is that the interfaces widget indicates the wrong speeds for some reason. [image: 1760592608385-5e957934-8be9-4fd1-816c-1c0a3c6861ca-image.png] Part of the current idea is to have a 10gb directly wired to a 10gb so that i can use that for fast backups. When I move into the COLO, I will connect OPT1/2 (whichever works) into a local switch tied to 5 other machines.

@SteveITS said in How to read CPU temperature on 1100, 2100, and 4200?: @Joe0x7F I don't think the ARM devices have a temperature. It may not be possible for them to get that hot. ;) It does show on the 4200 though. At least the 3100 do have a sensor. [image: 1760603438130-f6b751d6-d8f2-4995-a3a9-27ef511ce44f-grafik.png] Regards

@varelasantiago said in Resolver nomes entre vlans: @mcury Thanks for the suggestion, but it's not feasible to do this on a large network with 1,600 computers. I saw a configuration that uses a firewall rule, but the example uses Active Directory servers 192.168.1.250 and 192.168.1.251... but I don't know how it would apply to my Pfsense + Nxfilter. https://youtu.be/aEKCA67kv5I?list=PL3Sj98RICiBGwqBgTGDTCMlwwwF6fiD2a If you're using Active Directory (AD), configure AD’s DHCP and disable pfSense's DHCP. Use AD's DNS servers to manage name resolution. To integrate NxFilter, configure AD’s DNS server to forward requests to pfSense’s DNS resolver.

@stephenw10 bingo...its a 10 for you sir

I am receiving this trying to update: ld-elf.so.1: Shared object "libutil.so.10" not found, required by "pkg" I am on pfSense 25.07.1, it is the first time I see it, I never had issues updating manually.

Thank you all for helping me. In the end I've managed to make it work. As you said, following rule(s) were necessary to access devices on OPT1 and OPT2 respectively. [image: 1760577607694-4278df83-2799-41fa-a032-8ae0b9205d44-image.png] There are some things that I learned along the way: When spoofing MAC address, don't spoof it on the interface you are accessing the web GUI from. Don't spoof WAN MAC address when connected to internet. Do it with WAN port disconnected. Also, clear DHCP leases on your upstream modem/router. When you already have an enabled interface, but then want to spoof MAC address, delete the interface first and then recreate it with spoofed MAC address. Reenabling doesn't work properly. Sometimes the device you're trying to access doesn't allow access from different subnet. This is the case with my OpenWRT router, but home server works flawlessly.

Yes I reproduced here and asked our devs about it who confirmed the likely cause. Work is in progress.

Sorry for the delay, I got stuck on some other testing. I'll try to get this setup today.

@BBcan177 Will find a solution for this sooner. Thanks in advance. :)

Anyone has an idea about the power consumption of the M350/370's once they run PfSense ?

Hello! I know this post is a while old, but others may experience the same issue. I have an XG125 appliance and had the same problem. How did I solve it? The appliance has 8 ports, and pfSense detects them all, but the ports are reversed in relation to the silkscreen numbers. Here is a list of ports: ibg0 = port 5 ibg1 = port 6 ibg2 = port 7 ibg3 = port 8 ibg4 = port 1 ibg5 = port 2 ibg6 = port 3 ibg7 = port 4

Hello! I know this post is a while old, but others may experience the same issue. I have an XG125 appliance and had the same problem. How did I solve it? The appliance has 8 ports, and pfSense detects them all, but the ports are reversed in relation to the silkscreen numbers. Here is a list of ports: ibg0 = port 5 ibg1 = port 6 ibg2 = port 7 ibg3 = port 8 ibg4 = port 1 ibg5 = port 2 ibg6 = port 3 ibg7 = port 4

You show a VLAN configured on the LAN physical interface. VLANs and netmap (the underlying FreeBSD kernel device used to support inline IPS mode operation) are not great friends . While it can work, a VLAN interface requires the use of an emulated netmap adapter which is a software construct that is much less efficient than the hardware adapter netmap interfaces. Another issue that can severely affect throughput is the number of enabled rules. More rules means more CPU work and less throughput. Lastly, you may need to fine-tune settings for the NIC adapter using sysctl variables. You would need to perform your own research for that. I have no experience with that and thus no tips to offer. Legacy Mode uses the PCAP library to simply grab copies of packets traversing an interface. Suricata is then fed those copied packets to digest while the original packets continue on to the host. That means Legacy Mode will leak the initial packets and let the connection be made. Then, after Suricata has time to compare the packet or packets to the signatures and there is a match, a pfctl firewall API call is made to place the offending IP address into a pf table for subsequent blocking. Another API call is then made to flush any active states that are associated with the blocked IP. Also noticed that you posted this same issue on the upstream Suricata forum. That will not help. The Suricata package on pfSense is highly customized and the developers upstream are not privy to the inner workings of the Suricata setup used in pfSense (nor in OPNsense, for that matter). Both *Sense products use a GUI front-end for managing Suricata. Suricata itself (the binary used on Linux and Windows) has no GUI. It is managed completely at the command line level. But that is not true on pfSense as the GUI code manages the underlying binary and controls the creation of the suricata.yaml file.

Hello, The issue is resolved! Without me having to change anything / touch a thing , I tried adding an ASN this morning and it worked; the dropdown list appeared. Thank you very much to everyone who took the time to reply. Have a good day, everyone.

Failed to reproduce it here so far. So, yes, I think trying ctl+t there would be the next step.

It worked! I needed to add the NxFilter IP in Captive Portal > Allowed IP Addresses... however, for blocked sites, for example in the Porn category, the NxFilter blocking page is not displayed, it just keeps rotating the browser without accessing the site. I will continue looking for a solution for this. [image: 1760523860187-1dbf1da9-2786-446f-8ac2-30b77b06b1a3-image.png]