Netgate firewall ISP gateway is offline and has packet loss, how to fix it?

mhweb

Hello,
I'm currently setting up a Netgate 8200 MAX pfSense+ Security Gateway on a customer site. They currently have a 1G connection using Verizon Fios Business. The problem I'm facing is that I'm getting 100% packet loss in the WAN interface; therefore, the internet connection drops. If I reconnect the WAN cable, internet comes back, but in less than an hour, the internet drops dead again.

Previously, the site had an old router that worked, but it was time for an upgrade because it couldn't handle the 1G connection anymore. In the meantime, I switched the router back to the old one so they can have internet.

I'm also using a static WAN IP configuration because the DHCP isn't working in this connection. I called Verison for them to update the settings to use DHCP for WAN port, and they didn't even know what a router is.

So, I brought the router home, and I set it up in my home. I had it running for two days, and it's been running correctly without a glitch. The first configuration was using DHCP for WAN. Now, I set a static configuration for the WAN port in the same way I did it for work, and it's been working for a couple of hours. I'm going to keep testing this connection, but I believe it will work just fine. For clarification, I also have a FIOS residential internet connection.

So, my question is, what could be the next steps to make this router work at the location? I've been reading about changing the Monitor IP and to see if the problem could be with ICMP.

Does anyone have a similar problem with a different solution?

Also, I don't have any more specific configuration other than the initial setup because after I noticed the issue, I reset the router and configured the basic settings. I know that I'm repeating myself here, but I don't have any issues using the router at my house with any configuration and using FIOS (I know this isn't a business connection, but it is still the same company).

Thanks,

mhweb

@mhweb I want to update you that after a few hours, I'm getting the same Offline Packet loss 100% in my house with a static configuration.

viragomann

@mhweb
You must not switch between DHCP and static WAN on your own. You have to obey the guideline of the ISP.

For the monitoring, pfSense gateway monitoring use pings to determine if the gateway is alive. By default it pings the gateway IP.
If it is shown up as offline, even all settings are correct and the router is properly connected, the gateway probably doesn't respond to pings.
If this is the case you can either state a different monitoring IP or disable the monitoring in System > Routing > Gateways > Edit gateway.
Remember that the alternative monitoring IP has to be a public one like 1.1.1.1, so that the pings are routed over the gateway.

mhweb

@viragomann
Hi, thanks, but I have tried this, and after 20-30 minutes, the internet goes away again.
I'm running out of ideas because getting the internet working shouldn't take much trouble.
I have used multiple routers at this location for many years, and I've never encountered something like that. I'm even using pfsense in other networks.

NOCling

Some ISP Devices are a problem for the new 2.5G Nics.
Can you try a stupid switch between ISP Device and Firewall?
Or do you use the 1G Combo port?

mhweb

@NOCling Hi, I'm actually trying that tomorrow, and I'll update you.
I'm using the 1G Combo port with Ethernet.
Thanks,

Gertjan

@mhweb said in Netgate firewall ISP gateway is offline and has packet loss, how to fix it?:

The problem I'm facing is that I'm getting 100% packet loss in the WAN interface; therefore, the internet connection drops.

When you power up two switches, with no cables what so ever, all the port LEDS will be out on all ports on both switches.
You can actually se that their is no connection now where.
Now, hook up a network cable on one switch to the other switch.
Both ports on both switches slight up : at this moment a connection exists. A steady, but empty -no real data - carrier is maintained between these two switches.
Now you have created a typical situation that can also exist on your pfSense WAN port. The connection is UP, port LEDS are on, indicating the carrier speed) but nothing flows over it.
How does pfSense knows that the connection actually works ?
Simple, it sends every half a second :

a ping.
And if the reply comes back, the time is used to show this info :

And here it comes : what if the IP where pfSense pings to decides to stop answering to these pings ?
The "Internet" connection is still just fine, only this one and only IP stops answering you.
The reaction of pfSense will be, eventually, that it decided that the connection is 'bad' and it will reset the interface.

By default, the first upstream gateway device is chosen as a ping destination, but you can also chose another one yourself :

or you can decide not to monitor at all. After all, if your ISP is any good, why would it fail ?

and problem solved.

If, when not monitoring, the connection still doesn't seem to work : the problem is also solved.
Do your ISP shopping elsewhere. You are the customer, you decide. Many customers will make, or break, an ISP.

@mhweb said in Netgate firewall ISP gateway is offline and has packet loss, how to fix it?:

I called Verison for them to update the settings to use DHCP for WAN port, and they didn't even know what a router is.

That like buying a new car at the local BMW dealer, and you ask : what type tires does my new car has ? They say " tires " ?
Normally, in such a situation, get your money back, don't argue, don't say word, keep being friendly, and go some where else asap.