• web interface without pfctl-d

    webGUI web gui
    3
    0 Votes
    3 Posts
    680 Views
    jithktrJ
    @steveits Pfsense firewall configured in transparent mode. Created a bridge interface and management IP address is given to this interface by rule with allowing port 443 (HTTPS). Firewall doesn't go accessible over the management IP address if there is a shutdown/restart to the VM even though the said rule is present. Is there any configuration to retain the web interface accessible over the management IP address if the VM goes for a restart or shutdown?
  • 0 Votes
    8 Posts
    3k Views
    A
    @viragomann & @Gertjan Thanks for your help! Managed to solve it with a floating firewall rule! I only tried to block it from the interface that I thought the traffic originated from first. But now I tried to add a floating rule that blocked the traffic from all interfaces that shouldn't have access to it, and it worked!
  • 0 Votes
    2 Posts
    653 Views
    I
    UPDATE: I've been doing some tests trying to know where the problem is and it seems that finally it comes from WAN interface. I configured first WAN but until I configured the IPSEC tunnels the problem didnt appear. Today I reinstall a fresh pfsense and first of all I configured the tunnels with no problems and when I configured the WAN the problem start. If I enable WAN with DHCP or Static IP without a gateway it works everything fine, when I choose a IPv4 Upstream gatewy then return the problem. At this point this topic can be closed.
  • 0 Votes
    3 Posts
    880 Views
    S
    @gertjan I will attempt this tonight and report back. Thanks.
  • 0 Votes
    4 Posts
    1k Views
    stephenw10S
    I assume you only have one NIC in that device? You can still leave LAN assigned as the parent interface directly and assign VLAN99 as an OPT interface. Steve
  • How to set SPD's/traffic selectors in IPsec?

    webGUI web gui ipsec bgp
    1
    0 Votes
    1 Posts
    542 Views
    No one has replied
  • 0 Votes
    4 Posts
    1k Views
    bmeeksB
    @paanvaannd said in Unable to modify (i.e., install, remove, or reinstall) packages via Web interface + Snort installed but not showing up in Web GUI: Thank you for taking the time to help and explain, @bmeeks! Per your and others' comments in that linked thread, I'm not hopeful that Snort/Suricata would have much hope of working on my SG-3100 even after 2.5.2 rolls around (I'd link directly to your comment but I can't figure out how to copy a permalink on this site...) so I may just upgrade to the SG-6100 since it's Intel-based. Yes, the SG-3100 is not the best choice right now for the IDS/IPS packages. It is due to the 32-bit ARM processor chip in that box. Because of the 32-bit ARM processor and the lack of Rust support for it, it is not possible to run any version of Suricata on that hardware newer than 4.x. That is two versions behind, and no longer supported by the Suricata team.
  • Is my pfSense dying?

    webGUI web gui error fail help file system che
    1
    0 Votes
    1 Posts
    664 Views
    No one has replied
  • 0 Votes
    16 Posts
    2k Views
    stephenw10S
    Hard to see how that could be. The packet is arriving over the IPSec. TCP Syn packets are tiny anyway. But if you've seen something similar before I guess.... But that pass rule should match and clearly isn't. IP Options on it or something odd? Steve
  • 0 Votes
    10 Posts
    3k Views
    johnpozJ
    Internal scan is only if your service provider... And you sure and the hell do not need to make the web gui of pfsense available on the networks that are involved in the PCI.. For example - we are service provider, we host stuff that is PCI for customers... We don't need to scan the management vlan, only need to scan the networks that are directly involved in the processing of the payments.. We are not scanning every single network in the company... You only need to scan the network related to your pci environment.. If your switches and or routers and firewall interfaces are available on your pci networks - your doing it wrong!
  • Multiple problems with NAT rule creation UI

    webGUI nat rules web gui
    5
    0 Votes
    5 Posts
    1k Views
    johnpozJ
    @DavidGA said in Multiple problems with NAT rule creation UI: You apparently can't create NAT rules for destination port ranges Huh? Sure you can.. [image: 1563275865697-portforwards.png] But yeah concur with JeGr if you were going to do that you would just use a 1:1 nat. I don't have a mac to test with - but for sure could test it with multiple browsers on windows or linux.. Let me fire up safari on my iphone or ipad.. edit: Just fired it up on my iphone and works just fine.. When selected network as address the box did turn gray, but just clicked on it and it went white and could enter stuff..
  • pfSense Admin-GUI hinter Reverse-Proxy

    Deutsch reverse proxy admin gui web gui
    1
    0 Votes
    1 Posts
    696 Views
    No one has replied