Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Rules Reload dumps user connections (RDP)

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 848 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      son4r
      last edited by

      We have a pfsense firewall with about 15 vlans and about a half dozen ipsec tunnels from various clients connecting to services we provide. It would appear that when reloading the firewall rules after adding a simple rule or a nat item that all of the users connected to devices on the inside of the firewall from external networks appear to get kicked or bumped.

      While I could likely schedule the addition of firewall rules so that they get automatically loaded off hours, I'm wondering if anyone has come across this issue before and has a fix or any advice.

      I do also notice that while the rules are applied and the pfsense box is refreshing that my ability to connect to it and load other pages in the pfsense menu system are affected as well.

      Is this a lacking of resources in the hardware that causes it or is there another cause for these issues?

      Version 2.0.1-RELEASE (i386)
      built on Mon Dec 12 17:53:52 EST 2011
      FreeBSD 8.1-RELEASE-p6

      Update available. Click Here to view update.
      Platform pfSense
      CPU Type Intel(R) Xeon(TM) CPU 2.80GHz

      The system has about 3gb of ram.

      Apologies if this is covered elsewhere.

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        There were some issues with states being cleared when you have a gateway marked down on that version.

        Check Status > Gateways โ€“ if you have a gateway down, fix it or disable gateway monitoring.

        Alternately, go to System > Advanced, Misc. tab, and disable state killing for down gateways.

        Upgrading to 2.1 is the best move, though.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S Offline
          son4r
          last edited by

          Thanks.

          2.1 upgrade is in the works, but I have to make sure it's not going to affect our production network adversely. Realistically we are just going to duplicate our config to a 2.1 install on newer hardware. I'll try disabling the state killing. As far as I can tell it is detecting the GW and I'm not seeing anything being marked as "down".

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.