SOLVED: after upgrading pfSense from 2.1.5 to 2.2 Lync login does not work
we upgraded our two pfSense firewalls from version 2.1.5 to version 2.2, rolled back, and then upgraded from
version 2.1.5 to version 2.2.2.
We use i386 NanoBSD (CF size 2GB) with serial console on both firewalls.
After both upgrades, we experienced the same problem. When the traffic went over the Master firewall,
all worked ok, except of the Lync login. It was just hanging on the login screen. When the traffic went over
the Standby firewall (CARP on the Master firewall was manually temporarily disabled), all including, the Lync login,
Checking the checkbox "IP Do-Not-Fragment compatibility: Clear invalid DF bits instead of dropping the packets"
in "System -> Advanced -> Firewall / NAT" made Lync to login without problems.
Interesting is, that the problem happened only on one of two firewalls.
The firewalls have different hardware, including the network cards.
The Master firewall has Intel Core Duo CPU E8400, uses em driver for LAN and ale driver for WAN.
The Standby firewall has Intel Pentium III CPU, uses em driver for LAN and WAN.
Thank you, the pfSense Team for the great job!
Interesting. So it appears the ale(4) driver was causing problems for fragmented packets.
Thanks for posting that.