Watchguard Firebox x550e - LAN Interface goes down, WAN + Serial both still fine
-
Hi,
I have recently obtained a near-new Watchguard Firebox x550e and put pfSense on it. I have been noticing some very strange behaviour that is quite frustrating and difficult for me to troubleshoot.
My configuration is fairly simple:
sk0 = LAN
sk3 = WAN (PPPoE)I have 9 VLAN interfaces hanging off sk0.
I'm running 2.3.3-p1.
pfSense boots fine, however once it boots and any amount of load is placed on the LAN interface it will go offline (and all associated VLAN interfaces), staying offline until I physically remove and reconnect the cable into the LAN interface, restoring connectivity for a short amount of time before flipping again.
The following log entries are present:
Apr 25 21:25:35 pfSense check_reload_status: Linkup starting sk0 Apr 25 21:25:35 pfSense kernel: done. Apr 25 21:25:35 pfSense kernel: sk0: link state changed to DOWN Apr 25 21:25:36 pfSense kernel: vlan0: changing name to 'sk0_vlan50' Apr 25 21:25:36 pfSense kernel: vlan1: changing name to 'sk0_vlan1000' Apr 25 21:25:36 pfSense kernel: vlan2: changing name to 'sk0_vlan100' Apr 25 21:25:36 pfSense kernel: vlan3: changing name to 'sk0_vlan200' Apr 25 21:25:36 pfSense kernel: vlan4: changing name to 'sk0_vlan300' Apr 25 21:25:36 pfSense kernel: vlan5: changing name to 'sk0_vlan400' Apr 25 21:25:36 pfSense kernel: vlan6: changing name to 'sk0_vlan500' Apr 25 21:25:36 pfSense kernel: vlan7: changing name to 'sk0_vlan600' Apr 25 21:25:36 pfSense kernel: vlan8: changing name to 'sk0_vlan900'
I have an OpenVPN server running on the firebox, and while I'm out on other networks (mobile, work, etc) I am still able to connect to the OpenVPN server no worries and query the firebox, just don't have any connectivity to the LAN network (192.168.1.0/24).
I have connected via serial and can confirm that everything is still responding fine as well, can ping out to the internet.
I'm hoping someone can help resolve this frustrating issue. I can provide any logs/troubleshooting information you need.
Thanks,
Kane. -
Not much to work with if you're not seeing any logged warnings from the sk driver.
There's not much by way of tuning options for it either.
You could try diabling msi/msix globally using the following loader variables added to /boot/loader.conf.local:
hw.pci.enable_msix=0 hw.pci.enable_msi=0
One or both of those may help.
Steve