Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need better outage detection than just ping

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 5 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance @grandrivers
      last edited by

      @grandrivers so why not ping outside your ISPs network….like..,google or Facebook although that’s unadvisable but will fulfill your needs.
      More advanced scnerio would be to spin up a cloud instance and install uptime kuma or Zabbix and monitor your network.
      Why is this post under this category?

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      G 1 Reply Last reply Reply Quote 0
      • G
        grandrivers @michmoor
        last edited by grandrivers

        @michmoor ping was outside of their network and still worked just couldn't surf the web or use the internet , will uptime kuma or zabix mark wan down and fail traffic over ?

        pfsense plus 25.03 super micro A1SRM-2558F
        C2558 32gig ECC  60gig SSD

        M 1 Reply Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @grandrivers
          last edited by

          @grandrivers you didn’t really describe the issue you experienced. You mentioned DNS then BGP. Then you ping something outside of your ISPs network but then state pfsense needs better monitoring. I honestly don’t know what the issue is here.

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          G 1 Reply Last reply Reply Quote 0
          • G
            grandrivers @michmoor
            last edited by

            @michmoor ping is not a dependable method alone to drive failover mechanism as it can succeed and you still don't have a functioning connection . I was trying to find feature request from years ago to tag it and bump it

            pfsense plus 25.03 super micro A1SRM-2558F
            C2558 32gig ECC  60gig SSD

            M 1 Reply Last reply Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @grandrivers
              last edited by

              @grandrivers feature request for what? What do you feel is a better method to check connectivity

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              G 1 Reply Last reply Reply Quote 0
              • G
                grandrivers @michmoor
                last edited by

                @michmoor had an xincom502 that had multiple methods multiple ways to tell if connection was down they had , traffic flow, http, and multiple pings , pings were problematic for me a couple years after i switched from it to pfsense cause isp blocked ALL ICMP traffic "For our safety" and was that way for years so I had to manually bring that gateway down when it quit working

                pfsense plus 25.03 super micro A1SRM-2558F
                C2558 32gig ECC  60gig SSD

                G 1 Reply Last reply Reply Quote 0
                • jimpJ jimp moved this topic from CE 2.7.0 Development Snapshots (Retired) on
                • G
                  grandrivers @grandrivers
                  last edited by

                  @grandrivers

                  other firewalls have more options
                  https://support.untangle.com/hc/en-us/articles/201787967-What-tests-should-I-use-for-WAN-Failover-

                  pfsense plus 25.03 super micro A1SRM-2558F
                  C2558 32gig ECC  60gig SSD

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @grandrivers
                    last edited by

                    @grandrivers said in Need better outage detection than just ping:

                    https://support.untangle.com/hc/en-us/articles/201787967-What-tests-should-I-use-for-WAN-Failover-

                    Ping Test: NG Firewall will ping the specified IP address.
                        ARP Test: NG Firewall will ARP for its gateway.
                        DNS Test: NG Firewall will make a request to the upstream DNS server.
                        HTTP Test: NG Firewall will make a connection to the specified domain name.
                    

                    Yeah, why not !
                    What about a small shell script that does just that ?
                    Host a small file somewhere, or just get the www.google.com page.
                    Do a dig / drill for "www.google.com" to get the IP, dig will bypass your local DNS, forcing a complete DNS lookup.
                    Then 'curl' the page.
                    Compare it with what you've already stored.
                    If there is a fail, you know the DNS or complete TCP path to Google is gone wrong, which might indicate a problem on yur side, or your ISP.
                    Or even the POP to Google of your ISP.
                    ( or a huge problem for Google itself )

                    But serious : a ICMP goes down the pipe and comes back, but TCP and/or UDP fails ?
                    I imagine that can happen. I never saw that myself, though.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      michmoor LAYER 8 Rebel Alliance @Gertjan
                      last edited by michmoor

                      @gertjan said in Need better outage detection than just ping:

                      But serious : a ICMP goes down the pipe and comes back, but TCP and/or UDP fails ?
                      I imagine that can happen. I never saw that myself, though.

                      Thats what has me so confused about this topic. The OP complains that pings fail to an ISP but web pages load up. So there isnt a problem then?
                      Then there was mention of BGP being a problem? Then DNS? Really confused.

                      So the conclusion im reaching then is that ICMP isnt on its own a good indicator that there is an upstream issue. Fair enough but then you want to test to see if you can reach a site. i.e. google.com. If the site doesn't load you want to trigger a failover? That's non-sensical.

                      Im all up for multiple checks. But again, uptime-kuma for example can do http/https checks or dns checks but thats independent of the firewall. Its just not clear whats being asked and what the implementation purpose is going to be/used for.

                      Firewall: NetGate,Palo Alto-VM,Juniper SRX
                      Routing: Juniper, Arista, Cisco
                      Switching: Juniper, Arista, Cisco
                      Wireless: Unifi, Aruba IAP
                      JNCIP,CCNP Enterprise

                      G 1 Reply Last reply Reply Quote 1
                      • G
                        grandrivers @michmoor
                        last edited by grandrivers

                        @michmoor first posts pings worked fine !! but isp was down couldn't surf the web

                        last line was bad attempt at humor I keep forgetting that's not allowed here lol

                        pfsense plus 25.03 super micro A1SRM-2558F
                        C2558 32gig ECC  60gig SSD

                        1 Reply Last reply Reply Quote 0
                        • S
                          slimypizza
                          last edited by

                          My solution was to set up a cron job on my hobby domain maintained at a web hosting company. The script pings my home IP address every 5 mins. I only allow pings from that specific web host company by the way. If the ping fails then it sends a text and an email to myself saying the internet is down. The cron job keeps pinging every 5 mins and when the ping is successful again I get another message saying the internet at home has been restored.

                          G 1 Reply Last reply Reply Quote 0
                          • G
                            grandrivers @slimypizza
                            last edited by grandrivers

                            @slimypizza this is on dual wan setup for failover would like to keep it automated.

                            and if pings worked i would have never got the alert in yor setup

                            pfsense plus 25.03 super micro A1SRM-2558F
                            C2558 32gig ECC  60gig SSD

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              Open a feature request: https://redmine.pfsense.org/

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.