Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - elementalwindx

Pages: [1] 2 3 4 5 6
General Questions / User hogging internet. How to stop it?
« on: March 06, 2018, 10:12:52 am »
What is the proper way in PFSense to get a user to quit hogging 100% of the internet connection? I've tried using a traffic shaper, but it seems to have 0 effect on helping the rest of the users on the network.

I used the wizard for multi/lan/wan, using the CBQ interface & scheduler.

IPsec / Trying to hook up Sophos XG to PFSense via ipsec, need help.
« on: August 24, 2017, 02:24:30 pm »
Following this video: it doesn't explain what to do on the pfsense side. Say if I used the pfsense as the "server" and the sophos as the "remote client." What are the steps needed to take on the pfsense to set this up?

I've done many openvpn just fine, but sadly sopho's "openvpn" is proprietary and doesn't work with regular openvpn. So I'm stuck using IPSec which I never use.

Thanks everybody.

General Questions / Flash new software onto my SG-4860?
« on: August 22, 2017, 07:34:40 pm »
Does anybody here have a how-to on going about installing new software onto these netgate SG-4860's? Looking to give Sophos a try and they say it can be done but I can't find a how-to.

I know it's a pfsense forum, don't hate :) Just looking to experiment and really like their cloud and UTM features. Yes I'm sure it voids any warranty that 4860 has.

General Questions / System util 50% CPU non stop
« on: July 31, 2017, 04:33:46 pm »
How can I tell what is causing the router CPU to stay at 50% non stop all the time?

When I run top -aSH I get these results:

Code: [Select]
last pid: 50746;  load averages:  1.09,  1.05,  1.01  up 20+06:21:25    16:35:10
126 processes: 4 running, 96 sleeping, 26 waiting

Mem: 9392K Active, 99M Inact, 200M Wired, 34M Buf, 3592M Free
Swap: 8192M Total, 8192M Free

    9 root     -16 ki-1     0K    16K CPU1    1 486.3H 100.00% [idlepoll]
   11 root     155 ki31     0K    32K RUN     0 475.2H 100.00% [idle{idle: cpu0}]
75556 root      33    0   272M 39856K piperd  0   0:04   4.69% php-fpm: pool nginx (php-fpm)
   12 root     -60    -     0K   416K WAIT    0 158:36   0.00% [intr{swi4: clock}]
   11 root     155 ki31     0K    32K RUN     1  81:13   0.00% [idle{idle: cpu1}]
   15 root     -16    -     0K    16K -       0  77:23   0.00% [rand_harvestq]
38685 root      52   20 17000K  2424K wait    0   9:57   0.00% /bin/sh /var/db/rrd/
    5 root     -16    -     0K    16K pftm    0   7:33   0.00% [pf purge]
   16 root     -72    -     0K    80K -       0   3:03   0.00% [usb{usbus0}]
16720 root      20    0 19108K  2252K nanslp  0   2:53   0.00% [dpinger{dpinger}]
16134 root      20    0 19108K  2248K nanslp  0   2:32   0.00% [dpinger{dpinger}]
24897 root      20    0 30152K 17980K select  0   1:57   0.00% /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/{ntpd}
   12 root     -88    -     0K   416K WAIT    1   1:41   0.00% [intr{irq22: ehci0}]
13938 root      20    0 16676K  2216K bpf     0   1:39   0.00% /usr/local/sbin/filterlog -i pflog0 -p /var/run/
24309 root      20    0 39144K  6540K kqread  0   1:27   0.00% nginx: worker process (nginx)
23122 root      20    0 39144K  6540K kqread  0   1:26   0.00% nginx: worker process (nginx)
22837 root      20    0 39144K  7124K kqread  0   1:26   0.00% nginx: worker process (nginx)
24318 root      20    0 39144K  6540K kqread  0   1:26   0.00% nginx: worker process (nginx)

However the dashboard shows CPU at 50% all the time and status monitoring shows it as well.

I have 3 packages installed, autoconfigbackup, aws-wizard, and ipsec-profile-wizard

General Questions / Proper way to do fail over wan?
« on: June 19, 2017, 11:42:35 am »
I've got an office going with the newest pfsense released. Today their cable internet died out and some people were able to get online and some people could not. No idea why. When I changed the default gateway to the working DSL under system -> routing -> gateways, everyone was able to get online.

Here is how I have it setup:
system -> routing -> gateways
2 gateways, 1 cable, 1 dsl.
Both monitor, or
Primary is the cable because of the highest bandwidth so it's set as default (or was till it comes back up)

Under Gateway Groups:
I have 2 groups:
Failover1 (If CABLE fails go to DSL) Tier 2, Tier 1
Failover2 (If DSL fails go to CABLE) Tier 1, Tier 2

Under firewall -> rules -> lan
I have 2 rules created:

12 /7.50 MiB   IPv4 *    LAN net    *    *    *    Failover1    none         If CABLE fails go to DSL    
0 /0 B   IPv4 *    LAN net    *    *    *    Failover2    none         If DSL fails go to CABLE    

Any idea what I am doing wrong here?

Or maybe it's just that the DSL connection just doesn't have enough bandwidth to handle a server and 10 desktops. Ughhhh.

Routers are all heading towards these key components quickly. Companies like Watchguard, Fortigate, and Sonicwall have long had the jump on this.

Are there any plans fast approaching a near release on these topics?

PFSense with a bit defender AV engine and content filter with a cloud management similar to Ubiquiti Unifi's system would be ahmayzinggggg.

General Questions / AV these days?
« on: January 24, 2017, 10:42:58 am »
How's the AV system in pfsense these days? I tried using it about 5 years ago. If I recall you have to install some kind of squid proxy thing, and then some kind of clamav thing, but I had all sorts of issues when it came to downloading installer files where the files would be corrupted, and wouldn't download right, so I lost all hope on it. Now I'm revisiting the topic and wondering what you guys think about it, and what is the proper way to do it?


pfBlockerNG / How to make it stop auto-reordering my firewall rules?
« on: January 15, 2017, 09:20:20 pm »
Where in the settings can I go to get pfblocker to stop reordering my firewall rules so that it's pfblocker rules are always at the top? I have some rules I want at the top, and some I want at the bottom. Some I want pfblocker to help me block, some I do not.  :)


General Questions / Best way to route this simple setup?
« on: January 12, 2017, 11:48:50 am »
I have 5 static ips. I need to have 1 device utilize that IP in and out. What is the best way to do this? 1:1 nat? Just go in and set that 1:1 nat and done?

IE my.out.side.ip routes to (my device internal ip)


This is for a VOIP phone system that is supposed to be on the edge of the network. (Trying not to put it on the edge obviously). I need the voip phone system to be as little nat'd firewalled as possible. It needs to be able to go out that public ip, and everything come in that public ip.

Traffic Shaping / Traffic shaping with cake and pie? :)
« on: December 08, 2016, 09:04:55 pm »
Is PFSense going to use the cake/pie qos methods in near future releases?

General Questions / Odd IIS/NAT forwarding question
« on: November 18, 2016, 01:48:47 am »
Not sure if I'll find the help here but it's worth a shot.
I am using virtual ips, where a public ip is set to internal net, and I'm nating port 80 to a webserver using IIS 8. I've created a website called, and I've got proper dns at godaddy set to my public ip. When I visit the website, I get an error 500. I've tried changing the binding on the website to any, and changing it back to it's local ip. Doesn't seem to make any difference. The only thing on the website is a index.php file that says hello world inside.

Any idea if it's my pfsense causing this, or some form of misconfiguration in IIS? Anyone here an IIS expert? :)

The way it works is this (world) -> me -> pfsense -> switch -> physical vmhost -> vm web server. All running server 2016.

OpenVPN / Disconnects every 30min on the dot
« on: November 17, 2016, 09:43:17 am »
Can someone tell me why OpenVPN client disconnects me every 30min, and how do I make it stop? I want it to stay connected indefinitely. This is a client to site connection on a windows 10 desktop.

Is there some manner in which I can keep traffic graphs on my desktop 24/7? Just the graphs? :)

I just think it would make for a cool desktop background/item.

General Questions / Troubleshooting an issue every Monday
« on: August 29, 2016, 11:26:57 am »
We have a hyper-v installed pfsense on the newest version. No packages other than ntopng, and iperf installed. Simple setup of single wan, and single lan, and 1 openvpn connection going. Every Monday morning when the ladies in the office come in, they say the network doesn't work. They power cycle the machine running the pfsense and everything starts working perfectly again through the week. (Of course they do this without me at all)

Any idea where in the logs to look for in figuring this out?

Any ideas what it could possibly be?


Ok I have a pfsense setup as such:

Connected to 1 cable WAN interface with a pool of 5 static IPs. I have 2 seperate lans on my network (Lan A:, Lan B VLAN6:

Currently both LAN's go out the same public IP.

How can I get the 2nd LAN to go out the 2nd public IP address? I have another available nic port on both the cable modem and the pfsense unit if that leaves one option open.


Pages: [1] 2 3 4 5 6