Packet drop and general unusability when firewall is turned on

  • Hi,

    I have an SG-1000 firewall which is an IPSEC VPN to a Juniper firewall at our main site.  The VPN is up and works fine (its a NAT-T aggressive VPN).

    The problem is that when a PC behind the firewall pings over the VPN it drops a ping every 10 attempts or so and services like RDP just freeze almost constantly (connect then freeze).  IP phones drop out etc… Just completely unusable.

    I have turned off NAT all together (don't need it) and that hasn't helped.

    I set the firewall to conservative and that doesnt resolved it either.

    If I turn off the firewall packet filtering all together, then hey presto it works like a charm and everything (RDP, VOIP etc) works seamless.

    This device is a VPN endpoint so not a huge drama but has really put me off using pfsense for any real firewalling.

    Any ideas?

    The firewall rules are just IPSEC any to lan and LAN lan to any.

  • Any ideas, its really annoying!

  • I'd get a packet capture and analyze it with Wireshark.

  • Rebel Alliance Developer Netgate

    How much traffic is it pushing at the time?

    What is the CPU usage like?

    Are there any interface errors showing on the GUI (Status > Interfaces) or in sysctl (sysctl -a | grep cpsw)?