What exactly is your question here?
I don't see any issue implementing this.
-lsf
On Wed, May 2, 2012 at 7:08 PM, steel max steelmax11...@gmail.com wrote:
Dear All,
I am trying to implement a wireless network on my corporate environment
using, Authentication by Domain Controller windows AD
With one exception, it seems you want to use the same vlan as both lan and
wan (Vlan 10)???
On Wed, May 2, 2012 at 8:34 PM, Espen Johansen pfse...@gmail.com wrote:
What exactly is your question here?
I don't see any issue implementing this.
-lsf
On Wed, May 2, 2012 at 7:08 PM, steel max
-in-wireshark-captures/
On Sat, Sep 14, 2013 at 1:12 PM, Espen Johansen pfse...@gmail.com wrote:
Try tcpdump + wireshark. Then read this:
http://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/
pfSense should not change sequence numbers unless you tell it to do so
What else is new with thinker as op.
25. okt. 2013 02:18 skrev Jim Thompson j...@netgate.com følgende:
The topic has wandered away from pfSense.
-- Jim
On Oct 24, 2013, at 18:48, Chris Bagnall pfse...@lists.minotaur.cc
wrote:
On 24/10/13 7:31 pm, Adam Thompson wrote:
If I upgraded to
Might be that serial redirection makes it show nothing. Bad drives might
also cause files to be corrupted. same goes for bad memory. Make sure both
are same versions.
5. feb. 2014 18:42 skrev Brian Candler b.cand...@pobox.com følgende:
This is a really strange behaviour, I wonder if anyone has
Tell your provider to do what mojo said. Or set it up yourself if you have
access to the provider routers. Third option is VPN between the pfsense
boxes so you can override the routing.
17. mai 2014 21:53 skrev Klaus Wunder kl...@net-wunder.de følgende:
Hello,
you can use pfSense as a BGP
You asked this already and it has been responded to.
Dont double post!
20. mai 2014 17:54 skrev Michael Schuh michael.sc...@gmail.com følgende:
2014-05-20 11:31 GMT+02:00 Faisal Gillani faisal.gill...@akesp.org:
Hello all
I am using Pfsense with everything, Pfsense based multi homed firewall
1kb size should clue you in. This is however completely normal.
7. juni 2014 12:45 skrev Brian Caouette bri...@dlois.com følgende:
Mounted Filesystems*Type**Partition**Percent Capacity**Free**Used**Size*
/dev/da0s1a 17%4.38 GB988.37 MB5.81 GB/dev/md0 2%3.26 MB62.00 KB3.61 MB
devfs 100%0.00
Add it to pfsense dns list. Remove it from dhcp etc. If it's used there.
12. juli 2014 01:26 skrev Brian Caouette bri...@dlois.com følgende:
So the fix to make it work the same would be to add 127.0.0.1 to
resolv.conf manually?
Sent from my iPad
On Jul 11, 2014, at 6:19 PM, Dave Warren
I get rid of it? SystemRoutingRoutes
indicates that no static routes are set up. Is there a routing
configuration file somewhere?
Best Regards,
-Stefan
On 7/11/2014 6:35 PM, Espen Johansen wrote:
Please provide a network drawing.
I suspect you have a arp leak or a switch that needs
-enabled, I would need to run a cronjob every second or so.
And even that is not a great solution -- I'd reinstall before that. I'd
really prefer a more elegant solution if possible.
Any other ideas? Am I searching for the wrong thing?
Best Regards,
-Stefan
On 7/12/2014 2:46 AM, Espen
remote as I´m on vacation with flaky 3G mobile.
On Sun, Jul 13, 2014 at 12:37 AM, Stefan Maerz
stefan.ma...@thecommunitypartnership.org wrote:
No 3rd party routing installed.
-Stefan
On 7/12/2014 5:19 PM, Espen Johansen wrote:
Only thing I can think of is that a package with a seperate
ZFS = FS+LVM. Its efficient in many ways. Its highly resillient to things
like silent data corruption ( disk FW bugs, power spikes). It has on the
fly checking and repair. Copy on write, snapshoting, NFSv4 native acls and
a few more nice things. I dont understand the bashing?
-lsf
30. juli 2014
Also remeber that pfsense has had packages like freenas (for some the
Ultimate all in one home device).
-lsf
30. juli 2014 22:24 skrev Paul Mather p...@gromit.dlib.vt.edu følgende:
On Jul 30, 2014, at 4:09 PM, Espen Johansen pfse...@gmail.com wrote:
ZFS = FS+LVM. Its efficient in many ways
If you have a vlan capable switch (most managed switches can do this) then
you can split one interface into several virtuals. Pfsense supports this.
If not, a USB ethernet interface would be an option.
16. aug. 2014 19:48 skrev Bob Gustafson bob...@rcn.com følgende:
I have a small Alix board
Not doable in a sensible way.
16. aug. 2014 20:06 skrev Bob Gustafson bob...@rcn.com følgende:
I'm interested in doing it all within the Alix using pfsense. A minimum
hardware approach.
Think of my WAN mentioned below as the LAN network created by the
modem/router furnished by the ISP and
You would have to do a major code rewrite to get this done. And it would
be insecure and it would make no pf sense :-) this is network basics. You
dont seem to understand some network fundamentals. Sorry but this is not
doable without using vlans or 2 physical interfaces.
16. aug. 2014 20:06
. Again, do not do it.
16. aug. 2014 22:13 skrev Adam Thompson athom...@athompso.net følgende:
On 14-08-16 01:13 PM, Espen Johansen wrote:
You would have to do a major code rewrite to get this done. And it would
be insecure and it would make no pf sense :-) this is network basics. You
dont seem
Export config. Edit. Then import.
18. aug. 2014 19:21 skrev Adam Williams a...@spreedly.com følgende:
Hello.
I am running 2.1-RELEASE (built on Wed Sep 11 18:16:44 EDT 2013),
which I believe includes the fix for the bug documented here
https://redmine.pfsense.org/issues/2406, according to
that simple, I can use `viconfig` to delete the `ipalias`
element, then in FreeBSD, simply remove the IP address from the WAN
interface. I just am not terribly sure of the lifecycle of the config
file.
On Mon, Aug 18, 2014 at 1:53 PM, Espen Johansen pfse...@gmail.com wrote:
Export config. Edit
I personally don't think you will have an issue with too many writes in a
normal environment. Why squid tho? if its for filtering fine. For
acceleration and 3-6 persons it will most likely not do you much good.
Also check MLC vs SLC. SLC based SSD will last longer. Approximately 10
times longer.
:
Thank you Espen,
Squid is for filtering purpose only, not to save bandwidth.
On Netgate they have only this SSD as an option. But I’ll keep
your advice in mind.
Best regards,
Sergii Cherkashyn
Date: Mon, 25 Aug 2014 20:45:46 +0200
From: Espen Johansen pfse...@gmail.com
: Espen Johansen pfse...@gmail.com
To: pfSense support and discussion list@lists.pfsense.org
Subject: Re: [pfSense] Netgate APU2 SSD module question
Message-ID:
caadq7-adzhlsv1p6rl7kwaaomaws1uqcet6fxa5ngdn8sl5...@mail.gmail.com
Content-Type: text/plain; charset=utf-8
bandwidth.
On Netgate they have only this SSD as an option. But I’ll keep your advice
in mind.
Best regards*,*
*Sergii Cherkashyn*
Date: Mon, 25 Aug 2014 20:45:46 +0200
From: Espen Johansen pfse...@gmail.com
To: pfSense support and discussion list@lists.pfsense.org
Subject: Re: [pfSense] Netgate
of the early
fracas around SSDs.)
I’m not going to depend on what someone said in the forum over 3 years
ago, since it’s unlikely to apply today.
Jim
On Aug 27, 2014, at 1:32 PM, Espen Johansen pfse...@gmail.com wrote:
For completeness sake.
Just to clarify. You can get SDHC cards that are SLC
advbase:
This optional parameter specifies how often, in seconds, to advertise that
we're a member of the redundancy group. The default is 1 second. Acceptable
values are from 1 to 255.
advskew:
This optional parameter specifies how much to skew the advbase when sending
CARP advertisements. By
This should work wothout any special magic. Can a pc on a vlan segment ping
the gateway and reach internet?
Also did you configure the ip on the vlan interface or the physical? What
does a traceroute show if you trace to an unreachable part. Does arp
register hosts on the vlan interface?
-lsf
12.
check dmesg and pciconf -lv.
If its not seen at all then try different slots and try to verify that
card/slot is working.
-lsf
On Fri, Sep 19, 2014 at 4:31 PM, Brian Caouette bri...@dlois.com wrote:
I added a dual port nic to my pfsense box and it doesn't show the
additional ports.
The new
Run pftop in interactive mode (-i) then press capital K for who is peaking.
Or capital B for byte amount sorting. Or try capital R for instant speed
rate. See man page for all options in interactive mode.
-lsf
24. sep. 2014 17:04 skrev Muhammad Yousuf Khan sir...@gmail.com
følgende:
Darkstat
Sorry. That just means you are incompetent at your job.
There is no way in h...l you can demand others to do your job. We are all
here for free. Buy a pfSens support agreement and pay for it!
People like you annoys me.
-lsf
24. sep. 2014 19:22 skrev A Mohan Rao mohanra...@gmail.com følgende:
You can install time based access control apps on most devices. Same goes
for time based rules. I use this for the kids.
26. sep. 2014 21:23 skrev Brian Caouette bri...@dlois.com følgende:
Is there a way to do a weekly report based on MAC address showing times
used, total time and date for the
If this is to be implemented it should be a tick box on each interfance.
Dropping all states if you want to move a cable/reroute it is not a good
idea.
This needs to be user controllable or only affect interface if
is_interface_type=pppoe.
Just my 2 cents.
-lsf
28. sep. 2014 19:19 skrev Hannes
You might want to use google insted og relying on others. Maybe try to do
your own homework?
Depends on what you want. A splitt design is normaly better and safer then
a all in one box. If you want suricata +snorby and barnyard its not
recommended to run it all on pfsense. There are many deps. that will cause
a security nightmare and you will probably run out of hw resources as well.
OK,
with firewall rules enabled ???
Really thanks,
Roberto
2014-09-29 16:15 GMT-03:00 Espen Johansen pfse...@gmail.com:
Depends on what you want. A splitt design is normaly better and safer
then a
all in one box. If you want suricata +snorby and barnyard its not
recommended to run it all
you recommend to setup the Pfsense WAN and LAN interfaces
in bridge mode with firewall rules enabled ???
Really thanks,
Roberto
2014-09-29 16:15 GMT-03:00 Espen Johansen pfse...@gmail.com:
Depends on what you want. A splitt design is normaly better and safer
then a
all
Bridge to LAN.
3. okt. 2014 18:05 skrev Brian Caouette bri...@dlois.com følgende:
Just wanted to thank those of you who replied. Finally got the card
noticed in pFsense. Had to use the add hardware feature on the VM. Now the
problem is getting it to route traffic. I am able to ping the two
of my issues does it solve?
On 10/3/2014 12:08 PM, Espen Johansen wrote:
Bridge to LAN.
3. okt. 2014 18:05 skrev Brian Caouette bri...@dlois.com følgende:
Just wanted to thank those of you who replied. Finally got the card
noticed in pFsense. Had to use the add hardware feature on the VM
Is this a RAID?
Seen this on dells with PERC/megaraid controllers when they run the
sceduled BBU test.
13. okt. 2014 18:44 skrev Mark Loza ml...@morphlabs.com følgende:
Hi, pfsense is running fine for now. Is there any pfsense package that I
can perform a live test on the drive?
On 10/14/14
Mark Loza ml...@morphlabs.com følgende:
Does this something have to do with faulty PERC controller?
On 10/14/14 1:29 AM, Mark Loza wrote:
Yes, a hardware raid and pfsense is physically running on a Dell PE R515
machine.
On 10/14/14 12:49 AM, Espen Johansen wrote:
Is this a RAID?
Seen
Just a hunch. Did you by any chance drop udp port 137/138 traffic between
client and dhcp server? As in, is this traffic allowed? Try tcpdump and
check for requests from a problem machine. You might block something win7
has decided it needs. MS tends to have strange/unexpected needs ;)
-lsf
Hi
Tcpdump and you will know the answer to that.
24. nov. 2014 13:35 skrev Jean-Laurent Ivars jl.iv...@ipgenius.fr
følgende:
Well thank you for your answer, this is exactly the same result that when
i set the option 252 with null parameters in the DHCP
(WindowsProxyAutodiscoveryDetection)
But
Robert - 13007 Marseille
Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30
Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo
http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr
Le 24 nov. 2014 à 13:56, Espen Johansen pfse...@gmail.com a écrit
Is should be... i also had to think twice about it.
CMB, maybe you can note that for the future?
25. nov. 2014 17:16 skrev Adam Thompson athom...@athompso.net følgende:
On 14-11-25 10:14 AM, Espen Johansen wrote:
https://blog.pfsense.org
25. nov. 2014 17:11 skrev Adam Thompson athom
It's not from list. Sender is spoofed.
-lsf
26. jan. 2015 10:28 skrev Geoff Jankowski geoff.jankow...@me.com:
Am I the only person to receive this?
It contains a .scr file which would not do anything to me but will to any
gamers out there.
I hope the lists address has not been compromised
A seperator might make sense. But grouping and hiding rules is a bad idea
based on my experience.
A tree structure that is allways collapsed is annoying when you need
overview of all rules.
And defaulting to a expanded look will just act as a seperator.
Imho interface tabs acts as grouping
My bad. The IP can be in the same subnet as well as in a different subnet.
As far as a true alias goes it is not implemented afaik. Try ifconfig in a
shell and see if your aliases are listed as ips on the interface. If they
where they would respond to ping and have a derived mac from the main
the mac/arp timeout. And if so a
reboot of pfsense and router/modem should clear that up quickly. If the
modem is a true bridge then you might have to wait for the uplink router to
update its arp table. I have had issues with that in the past.
Brgds, Espen
9. mars 2015 12:24 skrev Espen Johansen pfse
told you tho. If ifconfig shows multiple IPs it is a true alias. If not
then they are something else.
Brgds, Espen
9. mars 2015 12:51 skrev Brian Candler b.cand...@pobox.com:
On 09/03/2015 11:24, Espen Johansen wrote:
As far as a true alias goes it is not implemented afaik. Try ifconfig
Actually you cant use proxy arp as it has a limit affecting you. Proxyarp
IPs cant be in same subnet. Sorry. Carp is what you want/need. As for your
issue with not reaching the firewall when WAN is down is probably something
else.
What you really want is a alias ip on the interface and pfsense
9. mars 2015 11:52 skrev Brian Candler b.cand...@pobox.com:
On 09/03/2015 10:47, Espen Johansen wrote:
Actually you cant use proxy arp as it has a limit affecting you.
Proxyarp IPs cant be in same subnet. Sorry.
Are you sure? I have a pfsense box where it's working.
For 2.2 I'm not sure
Are you going to load a full internet BGP routing table? Is that why you do
not want a default? Remember that even if you have a default route any
route that is more specific will take preference. I dont see the problem?
And if you want to prevent any unknown IP destination being routed to your
I beleive the key to this is proxy arp.
Brgds, Espen
8. mars 2015 23:50 skrev Bryan D. pfse...@derman.com:
While we're on the topic, I have a functioning v2.2 setup that uses a /29
set of static IPs:
- 1 IP is the gateway address and 5 IPs are usable (quite common, I
believe)
- one of the
to static route the path to the monitoring ip on your front
routers so that each front router will allways send it out on the correct
wan.
Hth.
Brgds, Espen
8. mars 2015 00:06 skrev Espen Johansen pfse...@gmail.com:
Let ne see if i understand this correctly. You have 2 wans on your pfsense
box. You
Intel em is normally what I prefer. If its old or not does not matter that
much.
Just my 2 cents.
22. feb. 2015 00:17 skrev Joe Laffey j...@laffey.tv:
Hi,
Which would you favor the msk driver with some on board Marvel controllers
(P6T Deluze) or the em driver with a Legacy 10.4 Intel card?
In the past I have edited a config backup and restored it. Maybe there are
better ways, but find and replace in a editor does the trick :-)
Brgds, Espen
11. apr. 2015 20:46 skrev Martin Fuchs mar...@fuchs-kiel.de:
Hi !
Does anyone have any experience with changing WAN-interfaces ?
We
Any chance you have set something in the shaper that causes it?
fre. 5. juni 2015, 17:43 skrev Ryan Coleman ryan.cole...@cwis.biz:
On Jun 5, 2015, at 10:12 AM, Brennan H. McNenly
bmcne...@singularisit.com wrote:
And those of you with VMware experience… if I run the virtual firewall
I
Don't double post please.
Brgds, Espen
3. juni 2015 15:00 skrev Lukas Hubschmid lukas.hubsch...@pop.agri.ch:
Hello everybody,
Is there any documentation about:
* the process how pfSense firewall handles packets (lookup in firewall
rules, lookup in state table, add new state, ...) e.g.
Pfsense is based on openbsds PF (PacketFilter) and runs freebsd as base OS.
That should give you enough to google how it works. Also remeber that this
is opensource and everything is freely available. The source code tells you
everything there is to know ;-)
Good luck :-)
ons. 3. juni 2015,
Exclude varnish its primarily made for frontend LB proxy.
søn. 31. mai 2015, 15:32 skrev Adam Thompson athom...@athompso.net:
Oh, shoot, that's a good point - I probably do need SNI support for SSL.
I may be able to get a wildcard cert, but that will be an issue one way or
another.
Varnish
Actually. Are you looking for reverse proxy or a user proxy. I'm confused
after reading your mail a few times.
Brgds, Espen
31. mai 2015 15:35 skrev Espen Johansen pfse...@gmail.com:
Exclude varnish its primarily made for frontend LB proxy.
søn. 31. mai 2015, 15:32 skrev Adam Thompson athom
Focus on layer 7. Most torrent clients use dynamic ports. And disable upnp
as that will defeat the ports blocking as well.
-lsf
tir. 18. aug. 2015, 21.21 skrev A Mohan Rao mohanra...@gmail.com:
Hello pfSense experts,
I find out torrents ports like 6881-6889 etc.
And create firewall block
VLANs ? VLAN is l2 not L3. I have no idea what you are trying to do with
VLANs in the mix. Policy routing is easy and probably what you need.
-lsf
fre. 13. nov. 2015, 23.29 skrev David White :
> I have a unique scenario:
>
> The higher ups require a multi-wan high
Bsed on your need I think you should convert to l2tp.
https://doc.pfsense.org/index.php/L2TP/IPsec
-lsf
lør. 14. nov. 2015, 03.22 skrev Vick Khera :
> On Thu, Nov 12, 2015 at 5:20 AM, Marco wrote:
>
> > > Setting up BIND 9 to manage a dynamic zone is not
I think you have to set up a radius server and assign ip based on the user.
That way they will be "static" and then add DNS entries to that static IP.
My 2cents,
-lsf
ons. 11. nov. 2015, 15.47 skrev Marco :
> Hello,
>
> we use pfSense since quite a while with success and are
er running:
> systemctl stop firewalld; systemctl disable firewalld; systemctl enable
> iptables; systemctl start iptables
>
> You can manage rules the old fashioned way by either editing
> /etc/sysconfig/iptables or by running iptables directly and using
> iptables-save > /etc/s
Firewall disable = no state = asymmetric routing will not get return
packets dropped. Are your servers multihomed?
On Wed, Feb 10, 2016, 22:48 Romain Lapoux
wrote:
> I am not agree, because how do you explain that all works correctly when I
> disable only the
Do not bridge and do not use same subnet. If you want lan and wlan to talk
add rules for the subnets to talk to each other.
On Wed, Feb 24, 2016, 19:12 Sean Pohl wrote:
> The problem is an endless boot-loop on my pfSense installation after I
> made one
> change to
et it out of the endless
> boot loop? Or will my path of least resistance be to simply do a fresh
> install again? Many thanks.
> On Feb 24, 2016 12:26, "Espen Johansen" <pfse...@gmail.com> wrote:
>
> > Do not bridge and do not use same subnet. If you want lan and w
Reboots usually happen when irq is shared and/or memory.
On Wed, Feb 24, 2016, 20:17 Espen Johansen <pfse...@gmail.com> wrote:
> You might try to put the wlan card in another slot on the motherboard.
> Also use bios to disable stuff like sound card, unused usb ports, Lpt, com
You might try to put the wlan card in another slot on the motherboard. Also
use bios to disable stuff like sound card, unused usb ports, Lpt, com ports
etc.
On Wed, Feb 24, 2016, 20:15 Espen Johansen <pfse...@gmail.com> wrote:
> Remove the wlan card. Then remove config. It sounds like
t over 12Mpps
on this hardware (about 80% of line-rate on a 10g interface).
Neither pfSense or FreeBSD (nor Linux) will do 1/10th of this rate.
Jim
On Thursday, January 26, 2017, Espen Johansen <pfse...@gmail.com> wrote:
> It should autotune by default based on memory iirc.
>
> On
Are you saying worst case is 80%? Its not normal to have all minimum size
packets unless you are under ddos.
Default ethernet is 1526 (1530 with vlan) with a MTU 1500 on a layer 1
frame.
A layer 2 frame is 1518 (1522 with vlan).
If you want to include all layer headers then 1542 including vlan is
It should autotune by default based on memory iirc.
On Wed, Jan 25, 2017, 23:27 Peder Rovelstad wrote:
> FWiW - My nano (4 NICs, 1GB, Community), PuTTY says:
>
> kern.ipc.nmbufs: 131925
> kern.ipc.nmbclusters: 20612
>
> but nothing explicitly set on the tunables page,
gigabit/s if you are able yo push 1200 pps with that payload. Your
statement of 80% is just confusing, that is all.
On Fri, Jan 27, 2017, 04:02 Jim Thompson <j...@netgate.com> wrote:
> On Thursday, January 26, 2017, Espen Johansen <pfse...@gmail.com> wrote:
>
> > Are you
should
> have no problem pushing 10GE. A MTU of 600 should give you about 53
> gigabit/s if you are able yo push 1200 pps with that payload. Your
> statement of 80% is just confusing, that is all.
>
> On Fri, Jan 27, 2017, 04:02 Jim Thompson <j...@netgate.com> wrote:
>
>&g
Karl fife. Take a look at a config backup. I assume you at some point set
them manually?
On Wed, Jan 25, 2017, 21:42 Peder Rovelstad wrote:
> There were changes in the defaults from FreeBSD 9 to 10.
>
> https://pleiades.ucsc.edu/hyades/FreeBSD_Network_Tuning
>
> Could
Did you add a rule to allow ICMP on the wlan?
-lsf
On Thu, Sep 8, 2016, 15:58 Moshe Katz wrote:
> Ray,
>
> Can you clarify which IP range is assigned where?
> We can make an educated guess based on the information you provided, but
> it's always better to have confirmation.
>
Compdoc:
Your spinrite comments just show how dangerous some knowledge is without
propper understanding. Spinrite does indeed force SSDs to "fix" themselves
because it reads extensively (causes heat) and forces "half" working areas
to be marked bad. Most SSDs has minor defects from day one. Just
And you need to add a nat rule for the opt1 network as well. Either that or
turn of nat on pfsense and add routes on your router to all networks behind
your pfsense.
-lsf
On Fri, Sep 23, 2016, 21:48 Moshe Katz wrote:
> You need to add a firewall rule on the OPT1 interface to
They usually do. And with kernel updates you have to.
On Mon, Oct 10, 2016, 19:20 Morten Christensen wrote:
> You should consider to state clearly in such announcements, if the
> upgrade includes a reboot of the box.
>
>
>
> Den 06-10-2016 21:29, skrev Jim Thompson:
> > Details
Map interfaces based on mac and give them a name. Then adress the
interfaces based on that name. When it comes to reorganization of
interfaces the answer is; don't do it. Let the user remap interfaces
manually only. If the user wants to drop their DMZ to get wan back online
then it should be a
Are you sure you disabled IGMP completely?
On Wed, Jun 7, 2017, 16:44 Mark Wiater wrote:
>
>
> On 6/7/2017 10:10 AM, Daniel wrote:
> > Hi,
> >
> > the Sync interface is connected directly without a Switch.
> > But Carp is running WAN/LAB for example.
>
> Let's go back
7/Screenshot%202017-06-08%2011.19.07.png?dl=0
>
> Yes i am sure ;)
>
>
> --
> Grüsse
>
> Daniel
>
> Am 08.06.17, 01:12 schrieb "List im Auftrag von Espen Johansen" <
> list-boun...@lists.pfsense.org im Auftrag von pfse...@gmail.com>:
>
> Are
I assume you did a pfsync (HA) interface on each firewall? If so did you
connect this directly without going thru the switch? A direct connection is
prefered for the sync interface. Also make sure that if you do direct
connection then use a 6ft cable first to connect them. Some interfaces have
85 matches
Mail list logo