Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Some blocked access between internal networks following 2.0.2 to 2.1.5 upgrade

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 4 Posters 858 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeremy9484
      last edited by

      Hi there,

      We have inherited a pfSense configuration at work that is still a bit beyond me.

      We carried out an upgrade recently to find that internal users were no longer able to access a website in the DMZ network. We added a new HTTPS firewall rule which got the thing to work, but internal users report that access to this website is much slower than prior to the upgrade. I checked the old config and there were no additional rules to allow this access - as far as I can tell it should not have worked in the first place.

      Is there any relevant capability that might have been in place in 2.0.2 that has been tightened up in more recent versions?

      Here is some background of the pfSense networks.

      pfSense
        - LAN  - internal users - reporting slow connection to the website in DMZ
        - WAN - external users - not reporting any change to performance
        - DMZ - Linux website
        - APP - app server and SQL server (both Windows)

      Any help will be very much appreciated.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        The difference between 2.0.2 and 2.1.5 was mostly the IPv6 stuff that went in for 2.1 though the base FreeBSD version also changed from 8.1 to 8.3. The change to 2.2 was much bigger.
        There were obviously many small changes and bug fixes that went in.

        Do you have separate subnets on each interface? No bridges? Running a proxy?

        Nothing obvious comes to mind.

        Steve

        1 Reply Last reply Reply Quote 0
        • D
          divsys
          last edited by

          Further thought, have you looked to see if any packages are installed?

          Look under "System->Packages".

          Addon packages can be a great resource or a large headache, depending on your POV…....

          -jfp

          1 Reply Last reply Reply Quote 0
          • J
            jeremy9484
            last edited by

            Thanks for the replies, and sorry for the late response.

            I can confirm the following

            • Using separate subnets on each interface
            • No bridges
            • Not using a proxy
            • No packages are configured

            Some additional info. The issue was resolved after shutting down pfSense then restarting. It was fine for a few weeks, then pfSense was restarted and the issue has returned.

            Any suggestions will be very much appreciated.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              Figure out what it is about those sites that's much slower - is DNS slow/timing out? are you losing connectivity in general between those networks (does ping stay responsive)? What does a packet capture from an affected client show?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.