@stephenw10

Not to worry
Know dif between 2.5 GbE that can run over cat 5+ copper
SFP which is 1 GbE based fiber and
SFP+ which is 10GbE based fiber.

G

Performance gain will only be marginal there but saving drive writes can be significant. You must have quite large drives to run with pfBlocker?

If it's running OK, not exhausting the RAM drive, then why disable it?

Wanted to provide an update regarding this issue to share awareness for those who are running into the similar issue I was experiencing.

I stumbled upon this forum, https://forum.proxmox.com/threads/not-showing-correct-ram-for-vm.70219/ and I confirmed inside of the Proxmox VM configuration, I had HotPlug enabled for both Memory and CPU.

As soon as I removed this from the VM Option and reboot, it resolved my issue and now I can see the correct Memory Allocation in the PFSense Dashboard.

a312e75c-a55b-48ae-80f0-93883e14f387-image.png

9ba076be-333f-4ac2-aa09-643d53798aef-image.png

I will say that a lot of the bad rep Realtek NICs have is left over from their older 10/100M chips that were truly terrible. The 1G NICs were much better, but that's not saying much. The 2.5G 8125 seems OK from my limited testing.

Still amusing 😉 https://github.com/pfsense/FreeBSD-src/blob/devel-main/sys/dev/rl/if_rl.c#L46

Since I got stuck with a non-connecting SG125, thanks for all the explanations that allowed me to find correct settings to access the freshly installed appliance.
For future users, see the connections in the picture below, valid for SG125.
I have only tested igb4 and igb5, but I suppose it will continue igb6, igb7, igb0, igb1, igb2, igb3.
SG125_igb_conn.png

Ah, good result! 👍

It checks the status returned by the disk(s) every time you open the dashboard.

See: https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/widgets/widgets/smart_status.widget.php#L85

Steve

A day later and, indeed, can confirm one of the modules in the MagicMirror was doing a nmap sweep of 192.168.1.0/24 (legitimately, just not clear why the static IP range) confirmed by shutting the module off and temporarily corrected by putting an explicit block rule on LAN > * for 192.168.1.0/24. Still not quite clear what, exactly, loads of requests on :80, :443, ICMP to 192.168.1.0/24 hosts being dumped out on my ISP router ended up doing. Likely, though, the fact that my router was in bridge mode contributed, though I never tried in route/NAT mode, so I can't be sure. Regardless, it's fixed now, but what a nightmare! Thanks @stephenw10 for all the patient help, even if it didn't end up being a PFSense issue in the end! At least it's fairly well documented here so hopefully anyone with similar issues in future will have a reference for other potential problems...

Yup, that's one of the many advantages a real AP offers over using WiFi hardware in pfSense directly. 😉

Ok so that error is actually secondary. It's failing to display a notice but the initial issue generated that notice.

It's probably a file system issue that can be fixed by running a check from single user mode:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-check.html#manual-filesystem-check

Steve

@stephenw10 I got it sorted in the end. Mikrotik on the other end of the link, freed up one of the SFP+ ports. Very simple...

@Gertjan said in Stuck at booting:

igb8 and igb9

Why these two ?

Usually it's because there are 8 NICs on board and 8 on an expansion card. The expansions card NICs almost always get parsed first putting them as igb0-7. Then the on-board ports that are marked as #1 and #2 become igb8 and igb9.

@stephenw10 I just found a more highly related thread and just 2 minutes before your reply here posted there:

https://forum.netgate.com/topic/167192/newbie-question-is-the-6100-directly-compatible-with-this-fiber-connection/23

Does the NIC report the module present? Do you see link LEDs?

Have you tested the module in anything else?

How is the switch port configured?

Typically with an igb SFP port like that it will only link to 1G port.

Steve

@Ghost-0 said in Nuisance pfSence issues disappeared after upgrading hardware:

Error #3: dpinger 14176 send_interval 500ms loss_interval 2000ms time_period
60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms
loss_alarm 20% alarm_hold 10000ms dest_addr 10.X00.X.1 bind_addr 10.X00.0.X identifier "NORDVPN_VPNV4 "

Just for information that isn't an error. It's dpinger restarting.

The hardware required really depends almost entirely on the bandwidth you need it to pass. An i5, even an older one like that, is pretty higher power. You should pass 1G without breaking a sweat for example!

Steve

@denitrosubmena said in What uses storage space for pfsense?:

that is enough reason to get back to zabbix again then
you prefer zabbix to nagios?

I prefer Zabbix, but for no other reason that it is the product I learned first/most about.

so will setup new zabbix instance and test out what i want and see how far i get

one other question, can one use ntop-ng with any firewall? like fortigate for example?

NtopNG is a standalone product when installed on another machine monitoring a Mirrorport in your switch. You can use it with whatever firewall product you like when setup like that.
In terms of installing it on the Firewall itself, it is not really recommended and it is only possible on pfSense/opnSense and any “selfmade” linux firewall you might setup.

What as using it? Make sure you have top showing all process, at the cli use: top -HaSP

@Gertjan thank you, they fixed it and all is working.

BIOS attacks almost always require hands on to deploy. They can also be deployed by tricking the user into using a compromised BIOS.
I would also rate the chances of a remote attack as very low. The chances of a socially engineered attack has a higher probability. Your careful actions should make you safe.

@stephenw10 Thanks Stephen! We'll give them a shot in the 8300 appliances if the cards you sell will not be on stock for the next two weeks.

Best regards,

Hagen