Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Short lockdowns of pfSense protected servers

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 378 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      steffen-enavn
      last edited by

      Dear pfSense community,

      We are happily using pfSense version 2.2.6 with Snort installed to protect a few DNS, web and mail servers. This whole environment is located on a vmware esxi server, meaning that pfSense is running as a virtual machine along with the other servers. Overall it works as intended.

      We have a minor challenge which i believe is located in Snort. The challenge is that servers behind our pfSense server is kind of locked down for a short period of time - like 1-2 minutes - meaning that nobody can reach that server aswel as itself probably can't reach anything outside the pfSense server (the wan). The virtual machines that are getting locked down are registrered as offline at our external monitors but not with the internal (behind pfSense) monitor - often the lock down is so short, that we can't confirm it ourselves. Moving the servers outside the proctection if the pfSense server "solves" the problem, but we are not interested in doing so.

      The problem is usually happening with our two DNS servers which randomly are offline at different times a day. The period between the lock downs can be everything from a few minutes to several hours, which makes me suspect that some kind of limit is reached within Snort/pfSense in regards to the incoming traffic at that given moment.

      Does some kind of lock down function exist? - I know Snort will block attackers, but it is currently set to 3 hours of ban time, which is not the case here.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.