pfSense

Same Problem here.
i just added new ethernet-interfaces in vmware and tried to configure them.

GUI did not save the changes!
changes via commandline are working.

Please change this back to urgent.

EDIT:
Just checked the System-Logs for this - telling send() failed!
Tried Browsers: IE11 and Firefox 46.0.1

Thank you Steve.

Problem occured after updating from 2.3u1 --> 2.3.1
May this is important to now. if i can do some debugs for you guys, just tell what is interesting for you.

Thank you Steve and Yasin ls for feedback.
Same thing here: Problem occured after updating from 2.3u1 --> 2.3.1

Same issue here:
- Basically the apply-settings does not appear.
Started from a clean install and imported parts
of the configuration. It seems to be connected with adding the rules.
- After importing firewall-Rules the editing of rules breaks.
- also: adding widgets is not possible in dashboard.

Was the old configuration you restored from 2.3.x? You cannot restore parts of an older configuration to a new system, it must be restored whole. You can only restore parts if the configuration came from the same version, otherwise upgrade code cannot run to upgrade the format when parts change, which can lead to unpredictable behavior.

just did some more tests...

i have 2 environments
a) VMware vSphere 6: Update from pfSense 2.3u1 --> 2.3.1 without problems

b) VMware vSphere 5.1:Update caused Problems.

both are amd64 architecture - until now no more similar parts..

That's not a good test. FreeBSD 10.x is not supported on ESX 5.1, only 5.5U3 or later. See http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software (pick FreeBSD 10 for the OS Family Name). So behavior on anything less than 5.5U3 is undefined/unpredictable.

Jim Pingle wrote:

That's not a good test. FreeBSD 10.x is not supported on ESX 5.1, only 5.5U3 or later. See http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software (pick FreeBSD 10 for the OS Family Name). So behavior on anything less than 5.5U3 is undefined/unpredictable.

May this is going to be the problem? ;-)
the misfunctional one is @VMware 5.1... could sb. join this?

HA-Pair, i restored parts of configuration from the active system (2.3. -> 2.3.0_1 -> 2.3.1) which does no longer allow changes of the rules. (e.g. Aliases)

I think the problem is not comming from VM, I am using two physical servers with two different hardware (amd 64 both)
After upgrade (2.3u1 to 2.3.1) both had the same issue

I found out, that i can trigger problem if i
import the system section of the active system.
- importing aliases (no effect) (cfg: 1)
- importing rules (no effect) (cfg: 2)
- importing system (+reboot) (breaks) (cfg: 3)

If i go back to cfg2, rule changing and aliases changing works fine again.

What is different in the system section between those two configuration files? Can you provide us with both system sections (or at least a diff) to see if we can replicate? I still can't replicate any problem here.

After upgrade pfsense amd64 2.3u1 to 2.3.1. I have the same problem, I using ESXI 5.5U3. For example the rules don't save.

My configuration (hope it help):

Two pfsense on physical hardware (master and backup using HA)
(since version 2.3.0, pfsync make a kernel panic on backup for me, not bug #4310, got no limiter)
If pfsync is disabled, CARP working well (backup become master if needed, but no data replication)

I tried a fresh new install (2.3.1) on my backup pfsense.
After a configuration restore (all) from xml file(with all network cable unpluged and directly plugged to LAN interface with my laptop), all was working well (saving too).
After plug the differents network cables and put backup on production (see CARP status in BACKUP instead of INIT), it has been impossible to save anything.

Since 2.3.0 I have many bug with HA (xmlrpc/pfsync). I don't know if there is a link but maybe it can help.

I think i can now clarify what causes the issue in my case:

Setup: vm (esxi-setup) with HA activated.
different users on pfsense

-  we have a usergroup which uses LDAP for authentification. This group has a set of  priviliges (no admin, but all selectable options)
   Between 2.3.0 and 2.3.1 the privilige-set has changed.

In 2.3.0 and also 2.3.0_1 the privilige-set worked fine for the ldap-authentificated user (change of rules, aliases etc.), within 2.3.1 the rule reload does no longer appear.

- if i use the local admin-user everything works fine.

So basically this problem arises with the non local admin-user.

Steps to reproduce:

Login as admin
Create a user testuser, password as you want
Add all privileges to this user, no groups
Logout
Login as testuser
Try to add rules, add aliases,add dashboard widgets. Non of this works for this user.

I will try with 2.3.0 and check back.

Ok, i solved my problem:
within every new version of priviliges
my reflex is to add them to the user/usergroup.
Now deny config-write has been introduced, which works as expected.

If this option is in place, no change made by this user is taken to config.
So all options except deny config-write works fine.

Same thing.
Admin work well but not LDAP user.
Modify group rights to resolve this issue. So no issue with HA as Jim said.

Thanks all for help !

I can confirm Ph. T's finding.

Removing deny config-write solves the problem.