pfSense/Netgate Support
-
@SDGPeteBatin You can also look for a local partner on https://www.netgate.com/partner-locator.
-
@stephenw10 Hi! Yeah I suspected the same about the holiday, I jumped the gun a bit on that one lol. Just that pfSense/Netgate is new to me as a product/company and sadly for a lot of open source products the organisations behind them sometimes fade away to obscurity so I thought I'd reach out here to see if that might be the case, glad it's not!
As mentioned, we're happy to purchase services to get the product running as best as it can to give us a good foundation before we continue with migrations.
Below are some of the issues we're facing that I was enquiring to see if it's within their support remit to work on:
-
The web GUI is extremely slow to load most of the time (sometimes/occasionally it can be lightning fast), navigating from page to page can take an eternity, it makes administering the firewall very tedious and time intensive. From resource usage it doesn't appear that the VM is anywhere near at capacity.
-
So far we have two mail servers (windows based) behind it, they aren't able to resolve each other by DNS and so if an mail account on one server tries to send an email to domain mail account on the other server it's unable to connect. To get around this we've had to hardcode their respective IP's of the hostnames into the host files of each server. We're cautious about adding more VM's (web servers) that will have difficulty communicating with each other and the mail servers. Externally of the firewall all of our clients are able to connect to the servers behind the firewall with no problems.
-
The mail servers/firewall are in their own Virtual Data Center, we have another Data Center for exclusive use for one client only (both DC's are from the same cloud vendor). The web servers in that DC aren't able to connect via SMTP (or any standard mail port) to the DC that has the pfSense firewall/mail servers but they can connect to other smtp's like gmail. However, again, all of our clients (and ourselves) are able to connect to the mail servers from remote locations on all mail ports.
-
We also didn't get to implement the VPN (before cutting ties) to more connect securely to the VM's behind the firewall for remote desktop and as a work around have added one of our static IP addresses to a whitelist, but this is something we'd also like setup.
-
Lastly, we'd just like an audit (correcting where necessary) of it to make sure everything has been implemented correctly/as it should be, that we're taking advantage of features that would benefit us and using it to it's full potential.
@SteveITS thank you, I'll check that out also.
-
-
@SteveITS just having a browse now, there are 7 partners listed for the UK, 2 are Premier and the rest are Authorised. Do you know what the difference is? Would it just be the MSP's out of those that would provide the service I need (VAR and Reseller just being sales)?
-
@SDGPeteBatin re: partners, sales volume and IIRC required training.
re: DNS, sounds like you want Host Override or Domain Override in the DNS Resolver settings. Probably your mail server issue too…? Otherwise, need details on how they’re trying to connect.
Re: slow GUI, randomly slow/fast on any page?
-
If you have port forwards set there you may also need split-dns or NAT reflection if you are accessing the servers by FQDN.
https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html
-
@SteveITS slow GUI: any/all pages, sometimes 1-2 minutes per page, very rarely instant.
I'll look into the other items you mentioned.
-
Well I'm saddened to report back that I've had no response or acknowledgement to my email to sales@
I've sent it 3 times in total and kinda lost confidence in Netgate during the process. I'll reach out to one of the partners instead and hope for a better service.
-
@SDGPeteBatin said in pfSense/Netgate Support:
sometimes 1-2 minutes per page
Hmm, only time I recall seeing that is when a router uses a large alias, such as "all US" in multiple NAT forwards or rules, and the router is essentially CPU limited when generating the HTML.
A long time ago there was a bug where the GUI was slow if DNS on pfSense itself wasn't working but IIRC that was long fixed.
-
Yup some DNS issue could be a problem on some pages but not all.
Do you have any ticket numbers from those emails?
Steve
-
@stephenw10 Hi!
No ticket numbers, this was an email to sales@, was just introducing us as a company, listing the issues we face and asking if what we wanted would be covered by their support. All we wanted back was a simple, "Nice to meet you, yes we can do that, please purchase XYZ" and we would have purchased their support.
-
@SteveITS we've not really tasked it with much yet, it has a 3 dedicated external IP's that NAT forward to 3 internal IP's going to 2 different servers. As far as rules go, incoming: everything blocked apart from standard mail ports and a single external IP whitelist exception. So quite a simple setup/requirement.
As of right now, it's using 9% of 4GB RAM. 1% of CPU, 0% of 1GB SWAP and 4% of 20GB disk.
I did do some research into it and read about similar stories where the slow down was being generated by the dashboard stats so I removed all of them apart from System Information, Disks and Interfaces but that didn't make any difference.
-
@SDGPeteBatin Hmm, I would have expected an email to automatically create a ticket response. Let me me confirm that though, it's not something I ever do!