PFSense doesn't answer while transferring large data between LAN and DMZ
-
Hello everyone,
my company has a PFSense appliance (OpenAliance) and 2 networks LAN+DMZ.
A backup server is available on the LAN zone where a server on the DMZ transfer a large backup file (zip) through SSH.
As the transfer takes the whole bandwidth the PFSense doesn't deserve any request during the transfer, this is very annoying because we can't use internet anymore.
With the traffic shaping, am I capable to limit de bandwidth between those 2 zones ? Or any other solution ?
Thank you for you help
Phil.
-
You could look into the shaper to limit the bandwidth or try NIC polling or both maybe.
-
There could be other things going on that just using up all of the bandwidth there.
If your LAN<->DMZ transfers are pushing more traffic than your hardware is capable of moving, then other things (like the GUI, DNS forwarder, etc) won't have any spare CPU cycles on the router to work properly.
-
There could be other things going on that just using up all of the bandwidth there.
If your LAN<->DMZ transfers are pushing more traffic than your hardware is capable of moving, then other things (like the GUI, DNS forwarder, etc) won't have any spare CPU cycles on the router to work properly.
I think this is the problemā¦ how can I avoid this issue?
Thank you
-
I would first make sure what the problem is (look at the RRD graphs for CPU and traffic for example).
You might just need more powerful hardware, or disable some CPU consuming packages/settings?
Is pfSense also doing VPN crypto?Traffic shaping is going to take more CPU than just routing the packets, so if the problem is CPU, shaping probably won't help that much (transfer is still taking 100% CPU, transfer will be slower).
-
Hi SeventhSon,
As the graphs describe, it reach 99% while huge transfer :-(
I'm going to see if I can build a second firewall on a VM or upgrading this oneā¦
Thank you for your help
-
So it reaches 100% CPU?Ā ???
If so, polling might help:
http://blog.pfsense.org/?p=115
