Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limiter config disappered

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance @michmoor
      last edited by

      Adding one more bit.

      When the limiter malfunctions and the network becomes unstable, CPU is through the roof.
      This is the exact same condition that happened last year when i was trying to troubleshoot this problem. I later figured out it was due to a configured limiter. Once I deleted it all my instability went away.
      Good thing i remembered because those symptoms are back...
      Solution: Delete the limiter all together. But when i went to go do that, its no longer in the GUI.

      4f4d47e2-6862-4eab-a2a7-3983094e2ab9-image.png

      3a700404-ed61-4176-90db-9f3ebf85432f-image.png

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      1 Reply Last reply Reply Quote 1
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Hmm, so the config file itself never changed?

        Do you have MIM enabled on that system?

        Do you see anything in Diag > Limiter Info?

        M 1 Reply Last reply Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @stephenw10
          last edited by

          @stephenw10
          Config file never changed.
          I do have MIM enabled.
          Diag > Limiter says i have no limiters configured. Which is crazy! Even my firewall rule using the Limiter stated it was there (gear icon denoting the advanced options being used). When i went into the firewall rule, the limiter In/Out configuration was set to None.
          Its like it never happened but for sure the limiter was what was causing my connectivity issue.

          I think i am hitting that redmine bug about the disappearing configuration but why at 50Mbps..?

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Doers it return if you reload the ruleset in Status > Filter Reload?

            Does it return if you reboot?

            M 1 Reply Last reply Reply Quote 0
            • M
              michmoor LAYER 8 Rebel Alliance @stephenw10
              last edited by

              @stephenw10

              Performing a Filter Reload

              4362e076-e480-4db4-81df-2e7d44e3706b-image.png

              Sadly, the Limiters configuration is not present in the GUI.

              I don't want to restart the firewall now that its working but i don't think it will help in this case (could be wrong tho)

              Firewall: NetGate,Palo Alto-VM,Juniper SRX
              Routing: Juniper, Arista, Cisco
              Switching: Juniper, Arista, Cisco
              Wireless: Unifi, Aruba IAP
              JNCIP,CCNP Enterprise

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Do they exist in /tmp/config.cache?

                M 1 Reply Last reply Reply Quote 0
                • M
                  michmoor LAYER 8 Rebel Alliance @stephenw10
                  last edited by

                  @stephenw10 Yes sir

                  4065e66e-23e5-4aaa-9d9d-9feada697cc7-image.png

                  Firewall: NetGate,Palo Alto-VM,Juniper SRX
                  Routing: Juniper, Arista, Cisco
                  Switching: Juniper, Arista, Cisco
                  Wireless: Unifi, Aruba IAP
                  JNCIP,CCNP Enterprise

                  1 Reply Last reply Reply Quote 0
                  • provelsP
                    provels
                    last edited by

                    Just spitballing, but could it be a browser/browser cache issue? Try another browser, another machine? 🤷

                    Peder

                    MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                    BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      michmoor LAYER 8 Rebel Alliance @provels
                      last edited by

                      @provels nothing is off the table.

                      I just tried FF and the problem is still there.

                      Hate to say it again but this looks like that redmine bug i noted above. Limiter just disappears after a reboot. The only difference is that the OP was setting a high limit (~4Gbps) while i am using 50Mbps

                      Firewall: NetGate,Palo Alto-VM,Juniper SRX
                      Routing: Juniper, Arista, Cisco
                      Switching: Juniper, Arista, Cisco
                      Wireless: Unifi, Aruba IAP
                      JNCIP,CCNP Enterprise

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        I would think that rebooting to make sure the Limiters are loaded from the config as expected should be the next step if you can.

                        1 Reply Last reply Reply Quote 0
                        • M
                          marcosm Netgate
                          last edited by

                          Thanks for the report. I've opened a redmine for this here https://redmine.pfsense.org/issues/16051 and will post a workaround there later.

                          M 1 Reply Last reply Reply Quote 0
                          • M
                            michmoor LAYER 8 Rebel Alliance @marcosm
                            last edited by michmoor

                            @marcosm dont think that redmine is relevant here, no?

                            edit:
                            You mean this one. https://redmine.pfsense.org/issues/16051

                            So its something to do with MIM enabled. Very interesting. Is there a commitID i can try to test?

                            Firewall: NetGate,Palo Alto-VM,Juniper SRX
                            Routing: Juniper, Arista, Cisco
                            Switching: Juniper, Arista, Cisco
                            Wireless: Unifi, Aruba IAP
                            JNCIP,CCNP Enterprise

                            M 1 Reply Last reply Reply Quote 0
                            • M
                              marcosm Netgate @michmoor
                              last edited by

                              @michmoor Not yet - I need to work on it further on Monday.

                              M 1 Reply Last reply Reply Quote 1
                              • M
                                michmoor LAYER 8 Rebel Alliance @marcosm
                                last edited by

                                @marcosm no problem. Enjoy the weekend.

                                Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                Routing: Juniper, Arista, Cisco
                                Switching: Juniper, Arista, Cisco
                                Wireless: Unifi, Aruba IAP
                                JNCIP,CCNP Enterprise

                                1 Reply Last reply Reply Quote 0
                                • M
                                  marcosm Netgate
                                  last edited by

                                  I've updated the redmine with additional info that you can test out if you'd like.

                                  M 1 Reply Last reply Reply Quote 0
                                  • M
                                    michmoor LAYER 8 Rebel Alliance @marcosm
                                    last edited by michmoor

                                    @marcosm

                                    Confirmed that once i applied the PHP code the limiters came back (no reboot needed) and can be applied.

                                    Got this notice as well.

                                    86c83bca-e246-448e-a044-a49f9b496681-image.png

                                    If i reboot my firewall again, do i have to re-apply this PHP code?

                                    25.03 i take it has the perm fix.

                                    Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                    Routing: Juniper, Arista, Cisco
                                    Switching: Juniper, Arista, Cisco
                                    Wireless: Unifi, Aruba IAP
                                    JNCIP,CCNP Enterprise

                                    1 Reply Last reply Reply Quote 1
                                    • stephenw10S
                                      stephenw10 Netgate Administrator
                                      last edited by stephenw10

                                      No, patches survive a reboot. They may not survive an update but, yes, this would be in 25.03 anyway so you shouldn't need to do anything.

                                      1 Reply Last reply Reply Quote 1
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.