firewall going down

bigtop

any chance i can get help looking at logs to see why my firewall went down, requiring a hard reset?

Gertjan

@bigtop

Sure, put it here https://pastebin.com/, and then post the link to it in a post so we, the forum users, can see it.
Or find a local forum user and ask if he can come over.

Be aware that hardware dies, and there any many failures that do not permit the system to log a line with usefully information at all , it just 'stops / lock up'.

patient0

@bigtop and please provide some info about how the router is connected to the internet (modem, PPPoE, fiber), the hardware you use and the pfSense version. And what is how connected to the pfSsense. A simple drawing or diagram says more than 1000 words :)

If you post to pastebin, make sure you do remove or obscure public information. Like your public IP and Gateway you get from your ISP, username and password for PPPoE connections.

stephenw10

Was it completely unresponsive? Even at the console?

bigtop

@Gertjan https://pastebin.com/embed_js/aRu8TUmS

i believe it went down at 0924 on the logs, and 1540 was when i pressed the power button on the protectli

@patient0 said in firewall going down:

please provide some info about how the router is connected to the internet

i have pfsense on a protectli vault which is connected to my ISP gateway/router:

ISP --> protectli vault w/ pfsense --> router

@stephenw10 said in firewall going down:

Was it completely unresponsive? Even at the console?

i normally access my pfsense from a web browser. when this occurred, the page would not load. i had to manually power down the protectli and then power back up with the power button. i was then able to login to pfsense via browser as usual

stephenw10

OK, so it may have still been responding at the console. Do you know if it was responding to SSH or ping even?

igb1 is the LAN interface I assume? That lost link at that point which would have disconnected everything on the LAN.
What is the LAN NIC actually connected to?

The logs show it lost link twice but came back up.

Since it looks like you have a VPN gateway configured what is the default v4 gateway set to in System > Routing > Gateways?
If it's still auto it may just be switching to the VPN which is invalid.

Gertjan

@bigtop said in firewall going down:

ISP --> protectli vault w/ pfsense --> router

Your incoming ISP line is connected to your (WAN) pfSense and on one of your pfSense LAN interfaces, you have your (ISP) 'router' ?
Right so ? (possible, but very uncommon).

bigtop

@stephenw10 said in firewall going down:

OK, so it may have still been responding at the console. Do you know if it was responding to SSH or ping even?

i don't know how to check this

igb1 is the LAN interface I assume? That lost link at that point which would have disconnected everything on the LAN.
What is the LAN NIC actually connected to?

sorry i don't know what this means

The logs show it lost link twice but came back up.

Since it looks like you have a VPN gateway configured what is the default v4 gateway set to in System > Routing > Gateways?

WAN_DHCP

If it's still auto it may just be switching to the VPN which is invalid.

bigtop

@Gertjan no, sorry for the confusion. my ISP gateway/modem has a router function i don't use. it's connected to the protectli, and then the router i use is connected to the protectli

stephenw10

Mmm, OK not a default gateway problem then.

You can test if the firewall is responding at all by pinging it from a client device. The ping command sends an icmp packet to the firewall and it should ping back:

steve@steve-NUC9i9QNX:~$ ping 172.21.16.1
PING 172.21.16.1 (172.21.16.1) 56(84) bytes of data.
64 bytes from 172.21.16.1: icmp_seq=1 ttl=64 time=0.322 ms
64 bytes from 172.21.16.1: icmp_seq=2 ttl=64 time=0.549 ms
64 bytes from 172.21.16.1: icmp_seq=3 ttl=64 time=0.608 ms
^C
--- 172.21.16.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2066ms
rtt min/avg/max/mdev = 0.322/0.493/0.608/0.123 ms

It shows how long it took etc.

If the firewall still responds to ping when you cannot access the gui then it is not crashed entirely.

If you are able to you should try connecting to the console directly on the firewall. That can give you more debugging info when it has an issue.

bigtop

@stephenw10 ok i will try pinging next time it crashes and see what i get

If you are able to you should try connecting to the console directly on the firewall. That can give you more debugging info when it has an issue.

i assume by this you mean attach a monitor to the protectli when it's not accessible via GUI and see what it's showing on the monitor?

stephenw10

Yes. Unless it has a serial console which is generally preferred since you can copy/paste the output etc.