2.6.0 & 23.01 netgate and custom HW. Web UI extremely slow when no WAN present.
-
@phlmike My guess is you would not have the issue you are talking about if you did what I said above. I have not actually tested pfsense on a large network but back when I did in the old days, I used Cisco PIX back in those days when I ran a large network with all the above that I said.
Think about what I said above. All your clients would be on the other side of the L3 switch on 1 connection maybe a big lagg. Just unplug them as you upgrade the router. There can be no load just your PC you are doing the work with. I am sure you would need to unplug them but you could.
-
@phlmike This is marked resolved in 2.7 and 22.05.
https://redmine.pfsense.org/issues/12141 -
@coxhaus I run a MSP managing 700+ sites, ranging from 1 user to 2,000 users. DNS resolving has no bearing because the unit isn't connected to the network. The issue today wasn't a large network. It was a single Unifi 48-port switch, handling maybe 20 people with wired computers and voip phones. Their DNS server was over an IPSEC tunnel with a backup of the local pfSense firewall. The Internet was a single SMB/Consumer grade Verizon FiOS ONT. Single internet port with single static IP address. The current firewall was a Netgate unit that was just replaced three days ago, but had its config backed up and restored to the newer unit from the older unit that died. Today that unit started crashing, so a tech brought over a brand new netgate unit, but instead of restoring the old config, needed to recreate it himself while onsite. Local DNS would have done nothing for him. So he tool the company down, plugged in the new firewall, set up WAN and then I logged into his Surface and did the config because I am the pfSense SME. I can make a pfSense run a cappuccino machine from a magic packet. This is a long standing known issue with pfSense and it gathers up over the years until I lose it and publish a bug.
I refuse to use Cisco or Meraki anything. I run UBNT or Microtik switches or APs. In a pinch I'll run Aruba/HPE. Yes, I have all fancy networks with all the fancy buzzwords the kids learn in Network+ class but in those networks I have numerous firewalls and internet lines and the firewalls are usually virtual anyway. Pointless to have a hardware firewall. I have a few vmware stacks running a few hundred VMs on hundres or so vlans.
-
@steveits 2.7.0 isn't out yet and I can absolutely confirm it is not resolved on 23.01 as I just did today about 10 minutes before making the ticket. I can even give you the PO number when I bought the TAC Lite to get PFSense plus.
10:44am EST. I can PM you the order number if you don't believe me. That was on the Xeon Silver with 128GB of RAM.
-
@steveits 22.05 seems to be better, but its an empty config. You still have to get rid of the warranty tile for it to really speed up. I don't have a production 22.05 to test on. But 23.01 still takes a bit.
-
It's no where near as bad as it used to be but I agree it can still be frustratingly slow if no WAN is available. I may be conflating a number of bug reports in my head but I thought there was something open other than 12141.
This might be better served as a new feature request for an off-line config mode or similar.Steve
-
@stephenw10 Once you nick the warranty tile on the Dashboard in 22.05 and 23.01 on a "lite" config. Things smooth up. What happened today was the unit my tech had still had CE 2.6.0 on it which is BRUTAL and caused him to complain and then the business owner to explode on the phone at me. Hence my frustration. Poo rolls down hill. There have been from what I recall, dozens of tickets. I remember one from 2.4.5. Because 2.4.3 and 2.4.4 were beyond brutal, literally minutes. On a well-used firewall with mileage on it, 10's of minutes, not joking. 23.01 seems noticeably slower than when I reverted to 22.05, but that is a test machine which was an old 45-drives CEPH service delivery node that I had laying around. For a firewall with no real config, its a little overkill (yes that IS an understatement).
I like your idea of an Offline Config mode. I'll make one on redmine, but for pfSense+ as it would be more likely to be addressed sooner as a "premium" option.
I'll notate this post on the ticket.
-
What would probably be a relatively easy solution would be a php shell script that disables whatever is needed from the cli before you reach the login. A slightly bigger ask might be console menu option directly. The issue would probably be making sure some of those things are re-enabled again at the appropriate time. I could imagine posting an alert perhaps.
I've been there in older versions when restoring a config resulted in pkg reinstalling having to timeout for each package. It was not fun!
-
@stephenw10 I added that in as well to Feature #14387. I also decided to make another feature to search in the timezone list - but I set that as low priority for the CE base. The Offline Config I set for pfSense+ because I want to see that sooner.
I haven't been a programmer in over 20 years, otherwise I would contribute code. Maybe I'll just ask ChatGPT. ;-) (I am just joking, I'm not going to submit AI generated code).
-
@phlmike said in 2.6.0 & 23.01 netgate and custom HW. Web UI extremely slow when no WAN present.:
Maybe I'll just ask ChatGPT. ;-)
Probably better than anything I could "write".
-
@stephenw10 said in 2.6.0 & 23.01 netgate and custom HW. Web UI extremely slow when no WAN present.:
This might be better served as a new feature request for an off-line config mode or similar.
Steve
When done, send a copy to Microsoft for attention of the Windows Installation team. ๐ซ
๏ธ
-
@robbiett said in 2.6.0 & 23.01 netgate and custom HW. Web UI extremely slow when no WAN present.:
@stephenw10 said in 2.6.0 & 23.01 netgate and custom HW. Web UI extremely slow when no WAN present.:
This might be better served as a new feature request for an off-line config mode or similar.
Steve
When done, send a copy to Microsoft for attention of the Windows Installation team. ๐ซ
๏ธ
Use no@thankyou.com and it will error out and let you continue locally for home. For pro, use domain join. However the best solution is to install linux.