Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Applying Changes

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 453 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jgray
      last edited by

      Sorry if this has been answered before but I haven't found it specifically. I have worked with several firewall models/brands but this is the first I have worked with pfSense and want to be sure before potentially causing problem at a remote site. Do existing connections (VOIP, site-to-site VPN, etc) drop when applying changes?

      Thanks,
      James

      1 Reply Last reply Reply Quote 0
      • JeGrJ Offline
        JeGr LAYER 8 Moderator
        last edited by

        @jgray said in Applying Changes:

        Do existing connections (VOIP, site-to-site VPN, etc) drop when applying changes?

        Could you be a bit more specific? What changes exactly?
        If you do e.g. configuration of an interface and apply those changes, yes it's very possible that routes, gateways etc. will be reloaded and thus VPNs will re-connect to be safe.
        But if you e.g. do work in the Firewall category (rules, NAT, aliases etc.) that would do nothing to VPNs or connections that have their state already established.

        So the answer is "depends on what" :)

        Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 1
        • J Offline
          jgray
          last edited by

          Good point. Certainly changing interfaces or routes could cause drops. Right now I am setting up VPNs and adding VPN-related firewall rules. Would this cause VOiP, streaming, etc. connections to break?

          Thanks for your time,
          James

          1 Reply Last reply Reply Quote 1
          • JeGrJ Offline
            JeGr LAYER 8 Moderator
            last edited by JeGr

            Hey James,

            if you add/modify other (e.g.) OpenVPN servers, the others are left safe. Only the one you're working on will be modified. Same should go for IPsec, we never had a drop on our DC cluster when I add another customer VPN location either OVPN or IPsec. So that's pretty safe.
            Also changing/inserting rules don't interfere with states (connections) already established. The only thing that would get e.g. your VoIP or streaming kicked is if you'd modify that rule or kill its states manually. Otherwise even if you'd change the pass rule to a block, as long as there's an established state for the rule that one still has precedence over the new block. That's what few users find irritating if they change a rule from pass to block. The client doesn't instantly loose connections as established states will be helt. If they timeout or get closed later they can't be re-established and the client will be blocked than. Or you serach for all its states and kill them manually.

            So no, if you're editing rules you shouldn't have problems with streaming or VoIP connectivity unless you hit something that would trigger a state reset/loss or a complete interface refresh/restart that would reset all states. Otherwise you should be fine :)

            Cheers
            \jens

            Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

            1 Reply Last reply Reply Quote 1
            • J Offline
              jgray
              last edited by

              That's exactly what I needed to know. Thanks!

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.