Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need better outage detection than just ping

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 5 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grandrivers @michmoor
      last edited by grandrivers

      @michmoor ping was outside of their network and still worked just couldn't surf the web or use the internet , will uptime kuma or zabix mark wan down and fail traffic over ?

      pfsense plus 25.03 super micro A1SRM-2558F
      C2558 32gig ECC  60gig SSD

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @grandrivers
        last edited by

        @grandrivers you didn’t really describe the issue you experienced. You mentioned DNS then BGP. Then you ping something outside of your ISPs network but then state pfsense needs better monitoring. I honestly don’t know what the issue is here.

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        G 1 Reply Last reply Reply Quote 0
        • G
          grandrivers @michmoor
          last edited by

          @michmoor ping is not a dependable method alone to drive failover mechanism as it can succeed and you still don't have a functioning connection . I was trying to find feature request from years ago to tag it and bump it

          pfsense plus 25.03 super micro A1SRM-2558F
          C2558 32gig ECC  60gig SSD

          M 1 Reply Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @grandrivers
            last edited by

            @grandrivers feature request for what? What do you feel is a better method to check connectivity

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            G 1 Reply Last reply Reply Quote 0
            • G
              grandrivers @michmoor
              last edited by

              @michmoor had an xincom502 that had multiple methods multiple ways to tell if connection was down they had , traffic flow, http, and multiple pings , pings were problematic for me a couple years after i switched from it to pfsense cause isp blocked ALL ICMP traffic "For our safety" and was that way for years so I had to manually bring that gateway down when it quit working

              pfsense plus 25.03 super micro A1SRM-2558F
              C2558 32gig ECC  60gig SSD

              G 1 Reply Last reply Reply Quote 0
              • jimpJ jimp moved this topic from CE 2.7.0 Development Snapshots (Retired) on
              • G
                grandrivers @grandrivers
                last edited by

                @grandrivers

                other firewalls have more options
                https://support.untangle.com/hc/en-us/articles/201787967-What-tests-should-I-use-for-WAN-Failover-

                pfsense plus 25.03 super micro A1SRM-2558F
                C2558 32gig ECC  60gig SSD

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @grandrivers
                  last edited by

                  @grandrivers said in Need better outage detection than just ping:

                  https://support.untangle.com/hc/en-us/articles/201787967-What-tests-should-I-use-for-WAN-Failover-

                  Ping Test: NG Firewall will ping the specified IP address.
                      ARP Test: NG Firewall will ARP for its gateway.
                      DNS Test: NG Firewall will make a request to the upstream DNS server.
                      HTTP Test: NG Firewall will make a connection to the specified domain name.
                  

                  Yeah, why not !
                  What about a small shell script that does just that ?
                  Host a small file somewhere, or just get the www.google.com page.
                  Do a dig / drill for "www.google.com" to get the IP, dig will bypass your local DNS, forcing a complete DNS lookup.
                  Then 'curl' the page.
                  Compare it with what you've already stored.
                  If there is a fail, you know the DNS or complete TCP path to Google is gone wrong, which might indicate a problem on yur side, or your ISP.
                  Or even the POP to Google of your ISP.
                  ( or a huge problem for Google itself )

                  But serious : a ICMP goes down the pipe and comes back, but TCP and/or UDP fails ?
                  I imagine that can happen. I never saw that myself, though.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  M 1 Reply Last reply Reply Quote 0
                  • M
                    michmoor LAYER 8 Rebel Alliance @Gertjan
                    last edited by michmoor

                    @gertjan said in Need better outage detection than just ping:

                    But serious : a ICMP goes down the pipe and comes back, but TCP and/or UDP fails ?
                    I imagine that can happen. I never saw that myself, though.

                    Thats what has me so confused about this topic. The OP complains that pings fail to an ISP but web pages load up. So there isnt a problem then?
                    Then there was mention of BGP being a problem? Then DNS? Really confused.

                    So the conclusion im reaching then is that ICMP isnt on its own a good indicator that there is an upstream issue. Fair enough but then you want to test to see if you can reach a site. i.e. google.com. If the site doesn't load you want to trigger a failover? That's non-sensical.

                    Im all up for multiple checks. But again, uptime-kuma for example can do http/https checks or dns checks but thats independent of the firewall. Its just not clear whats being asked and what the implementation purpose is going to be/used for.

                    Firewall: NetGate,Palo Alto-VM,Juniper SRX
                    Routing: Juniper, Arista, Cisco
                    Switching: Juniper, Arista, Cisco
                    Wireless: Unifi, Aruba IAP
                    JNCIP,CCNP Enterprise

                    G 1 Reply Last reply Reply Quote 1
                    • G
                      grandrivers @michmoor
                      last edited by grandrivers

                      @michmoor first posts pings worked fine !! but isp was down couldn't surf the web

                      last line was bad attempt at humor I keep forgetting that's not allowed here lol

                      pfsense plus 25.03 super micro A1SRM-2558F
                      C2558 32gig ECC  60gig SSD

                      1 Reply Last reply Reply Quote 0
                      • S
                        slimypizza
                        last edited by

                        My solution was to set up a cron job on my hobby domain maintained at a web hosting company. The script pings my home IP address every 5 mins. I only allow pings from that specific web host company by the way. If the ping fails then it sends a text and an email to myself saying the internet is down. The cron job keeps pinging every 5 mins and when the ping is successful again I get another message saying the internet at home has been restored.

                        G 1 Reply Last reply Reply Quote 0
                        • G
                          grandrivers @slimypizza
                          last edited by grandrivers

                          @slimypizza this is on dual wan setup for failover would like to keep it automated.

                          and if pings worked i would have never got the alert in yor setup

                          pfsense plus 25.03 super micro A1SRM-2558F
                          C2558 32gig ECC  60gig SSD

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Open a feature request: https://redmine.pfsense.org/

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.