pfSense web GUI very slow load on home page
-
Just to confirm (graphically) your settings:
Did you disable the DNS forwarder via this checkbox at the bottom? In my config, I use internal DNS that then uses pfSense for DNS which ultimately queries the root servers. I can block outgoing DNS queries from the LAN and force all devices to use internal DNS by doing this.
In Services/DNS Forwarder, that checkbox is unchecked.
In Services/DNS Resolver, that checkbox is unchecked? Mine is checked for the reasons mentioned above.
You could also do the same. Have AD use pfSense as it's DNS resolver. Since you're in an enterprise environment, I would assume that you too have blocked DNS queries to the Internet, as it's a common enterprise config (essentially block everything from leaving the enterprise network except for common ports like 80, 443, etc.--good egress management).
Just wanted to verify your configs. I assume in the General tab your DNS is pointed to your internal AD servers and the other DNS services are disabled. You also need to check the box in the General settings so pfSense doesn't use 127.0.0.1 for DNS lookups.
-
@tantan5e said in pfSense web GUI very slow load on home page:
we have a Windows AD environment/DNS server that handles all of the resolution. The AD DNS servers are what I have in the pfsense box.
If your an AD shop your clients should be pointing to your AD, they should get their dns from that, and this should be your dhcp as well.
If you want to point your AD dns to pfsense so it can resolve that works, or you can just forward or resolve from your AD dns as well.. Pointing clients to pfsense for dns, just so it can go ask your AD dns doesn't make a lot of sense.
Just let pfsense resolve!! out of the box for the stuff it needs too.. And if you want it to be able to resolve IPs in your network, then create a domain override pointing to your AD dns so you ca do the PTRs, etc..
Your gui is prob slow because to pfsense dns is not working - or is very slow!!!
-
@johnpoz is correct. The slow GUI is most likely caused by DNS resolution difficulties on the firewall. For what it's worth, when testing things in virtual machines in the past (like switching from Forwarder to Resolver or back and forth) I've had to reboot the firewall to get things working well. Granted that was with some older pfSense versions, but if you have not rebooted the firewall it would not hurt to try that.
-
So her is what my config looks like, I have the DNS blocked out but what I have in there is my AD DNS servers
DNS Forwarding is unchecked
Thank you for the reply and the help but it looks like based off your feed back everything seems to be set correctly for my AD environment.
-
@bmeeks Ok thank you for that, I am pretty sure I have done a reboot on it since the issue started but I am not sure, I will try to do that at the end of the day. Thank you.
-
@tantan5e said in pfSense web GUI very slow load on home page:
Thank you for the reply and the help but it looks like based off your feed back everything seems to be set correctly for my AD environment.
Not exactly. pfSense is still resolving DNS since you have the resolver running. Disable it and see if it makes a difference.
Also, the way you have the resolver set up, it's listening for DNS queries on all interfaces, including your WAN. You'll notice in my screen shots that I only resolve DNS internally.
-
OK I will uncheck the enable DNS resolver here and see if that helps.
-
You do not want to check the box that says Disable DNS Forwarder on the GENERAL SETUP screen. Since you are running DNS Resolver, you may as well let pfSense use it to perform external lookups for the firewall itself.
It may be that your internal AD servers are having issues resolving the pfSense update services. Unusual if that is the case. Try unchecking that checkbox I mentioned, save and apply the changes and then reboot the firewall for good measure.
-
One last question that may seem obvious, but I have to ask it. Your FQDN in your DNS server for your pfSense installation is: pfSense.ad.purgrips.com
Is that the correct FQDN entry in your DNS server?
-
@bmeeks That is what it is, thank you very much for your help there, I was wondering about that but I was a little nervous to uncheck that but that fixed it. Thank you for your help.
-
@tantan5e said in pfSense web GUI very slow load on home page:
@bmeeks That is what it is, thank you very much for your help there, I was wondering about that but I was a little nervous to uncheck that but that fixed it. Thank you for your help.
Glad it's fixed for you. That box tells pfSense whether or not it should use its own internal DNS server for lookups or if it should only forward everything to the server (or servers) configured in the DNS box. In your case, with the box checked, pfSense would be trying to get your internal DNS servers to do all the lookups instead of using the DNS Resolver built into pfSense. For some reason forwarding is not working correctly. Your internal DNS servers should be able to resolve the pfSense update services if they can resolve other external web sites. You may still want to investigate why that is.
-
I'm very sorry for resurrecting this thread - but this thread is mostly the first hit you find if you google for something like "pfsense slow login" or "slow dashboard" and for me it initially did not help, checking my DNS-settings.
after hours looking for a solution I stumbled over this reddit post - https://www.reddit.com/r/PFSENSE/comments/lmubku/comment/gtj41yl/?utm_source=share&utm_medium=web2x&context=3
disabled "firewall logs" widget - and dashboard now loads fast and login is also fast. The strange thing is, that I have another machine with a virtual pfsense installed (pretty much same hardware - cpu, ram, disk) and had the dashboard equally configured (and mostly all other settings are equal too) where this long loading issue did not happen.
