Hamakua Locking Up
-
I have a Hamakua Firewall Appliance http://store.netgate.com/Netgate-Hamakua-DT-P230.aspx
It came with a cf card with 1.2.3 installed. Within a week, I installed a hard drive, a full install of pfSense 2.0 rc3, and restored my config file. Then I updated to pfSense 2.0 Release via the web interface. Randomly the device completely locks up since going the full install route on rc3. All traffic comes to a stand still, the serial console is unresponsive, the web interface is unresponsive and my kiwi syslog server has nothing to say about it, it doesn't receive anything when it crashes. I have fully tested the hard-drive and memory to make sure they were not the culprits.
Features used: Gateway load balancing, port forwarding, firewall rules. No external packages, no qos.
The lockups are random and have taken anywhere from 2 days to three weeks to occur. Has anyone experienced an issue like this before?
Any tips on what else I could try?
-
I had/have the same problem.
Had a Hamakua that would go completely unresponsive like you're talking about.
Netgate wouldn't help after 30 days, so I had to go back to the manufacturer, which meant talk for 3 weeks, get an RMA number, wait 6 weeks without hearing anything, then receive it back with a note that says something like "happened to us too, so we swapped the motherboard."
So now I've got a Hamakua that STILL locks up randomly every 20-30 days. Of course, I bought a second as a backup, and pfSense's CARP is good enough that I don't notice the failover, and the second Hamakua seems to be working fine, so I'm not seeing outages as a result, but it's annoying.
Overall I like the concept, but the product quality and level of service I've seen would make it difficult to recommend. Especially at the price.
-
Exact same issue here, but I was fortunate that I noticed it within the first 30 days. It was locking up completely 2 or 3 times per day randomly. I raised enough of a stink that they just replaced it and I haven't had issues yet.
-
I saw this issue, same symptoms, 18 days after upgrading to 2.0-RELEASE (i386). It did cause a CARP fail-over. When I looked at the non-responsive device, I saw activity lights flashing on all interfaces except for the dedicated PFSYNC interface. I have been up 5 days since the issue last occurred.
More info: Dual Hamakua's in a HA config. SSD Intel hard drive. I ran an early August 2.0 i386 version in production for 60+ days with no issues. I also upgraded to 2.0-RELEASE (i386) via the web-interface. Hardware is < 6 months old. No packages installed. I am installed in a highly controlled data center environment.
I am also looking for suggestions… perhaps some logs I can look at that might help diagnose. If this issue happens again I will be contacting Netgate. Thanks.
I have a Hamakua Firewall Appliance http://store.netgate.com/Netgate-Hamakua-DT-P230.aspx
It came with a cf card with 1.2.3 installed. Within a week, I installed a hard drive, a full install of pfSense 2.0 rc3, and restored my config file. Then I updated to pfSense 2.0 Release via the web interface. Randomly the device completely locks up since going the full install route on rc3. All traffic comes to a stand still, the serial console is unresponsive, the web interface is unresponsive
-
Have you tried a NanoBSD install (CFCard) with an additional Disk (HDD/SDD)?
Ex.: Base Install in CFCard / var and other volatile dirs in HDD/SSD?
We are running some appliances this way without major problems!
-
I bought the Hamakua on the recommendation of Chris Buechler. He said something to the tune of he put it in a box and blasted it with VPN traffic to max it out and he could never get it to crash. I want to see these results. I also bought it because I have installed 6 m1n1walls in the last few months and have had 0 issues. I was hoping the Hamakua would be the same.
I completely clean installed 2.0 and am waiting patiently. It has been 10 days and no lockup yet. I will keep everyone informed. I really would hate for a $600 appliance to have a faulty motherboard that would require me shipping it out for weeks… But if it comes down to that, I will do it. I bought this to replace a failing Cisco ASA that would randomly lock every few days. So the company thinks 3ish weeks without a restart is a god send because they were dealing with the ASA issues for YEARS before I showed up. I may just start building my own 1u appliances for clients. At leased then, if there was a problem, I'd have affordable parts on hand for whatever may die.
-
Just crashed tonight, setting the tally at 19 days. This is becoming a huge problem… I think I am going to replace it with a home made appliance then contact Netgate for a replacement. So pissed right now, especially because I had to fix this issue at 10:30 at night (this is a 24/7 company).
-
So pissed right now, especially because I had to fix this issue at 10:30 at night (this is a 24/7 company).
I understand. I couldn't return mine because I was running the RC and couldn't isolate whether it was the RC or the unit itself. It was the unit itself. :(
Odds are I'll throw a spare PC up there in its place, provided I can find a multi-port NIC at a reasonable price.
I'll throw this comment in though: I know what it is to start with little cash and bootstrap, but it's hard to overvalue redundancy if you're looking for maximal uptime. CARP works well, and I'd suggest throwing two boxes up rather than just one once you replace this thing. Even an old, otherwise obsolete pentium 3 rackmount box can work fine as a firewall for most workloads…
-
Just spoke with Netgate; apparently some folks get better results after replacing the SODIMM it originally shipped with. They're going to ship a replacement and I'll see if that helps, but it'll be nearly Christmas before I can get back to the data center, plus another month to see if that resolves the issue.
-
I also received word from Jamie over at Netgate. Really nice person. I too was offered a sodimm replacement but I opted for a complete replacement. If this proves stable, I will be purchasing another one (the new atom version) for carp and 6 others for a coming upgrade to branch offices. I really want this to work, it it a great little unit. Fingers crossed.
-
I got a new unit, clean installed pfSense 2.0, redid my config, and within 8 hours it locked up. I am going to pick up the new atom version and hope all my problems go away.
-
It turns out there is some incompatibility with a full install of pfSense 2.0 on the Celeron version of the Hamakua. A unit that was rock solid on 1.2.3 turned to mush when 2.0 was installed. Netgate was absolutely fantastic. They shipped me a replacement immediately and when that failed, they shipped me the atom version which has resolved my problems. It has been up and running for 33 days without a crash. I am going to call this issue resolved although I still would like to know if someone finds out the reason why the full version of 2.0 crashed so much on the Celeron version.
-
I know a lot of people are running the Celeron Hamakuas with 2.0.x, including myself. Never had a single issue with it, nor heard of others outside of this thread having issues. Not very helpful for resolving whatever the issue was, but glad it's not an issue on the Atom version.
-
If so inclined, I would contact Netgate for a problematic unit. They have had more than a few returns concerning this issue of the Celeron unit. The atom unit has now been up for 4 months with the exact same configuration without crashing. I stressed the old unit, ran memtest for a day, maxed out traffic on all the ports, I couldn't get it to choke. It was random after 2-4 weeks. The replacement unit actually crashed 5 times in the same day.