Packet drop and general unusability when firewall is turned on
I have an SG-1000 firewall which is an IPSEC VPN to a Juniper firewall at our main site. The VPN is up and works fine (its a NAT-T aggressive VPN).
The problem is that when a PC behind the firewall pings over the VPN it drops a ping every 10 attempts or so and services like RDP just freeze almost constantly (connect then freeze). IP phones drop out etc… Just completely unusable.
I have turned off NAT all together (don't need it) and that hasn't helped.
I set the firewall to conservative and that doesnt resolved it either.
If I turn off the firewall packet filtering all together, then hey presto it works like a charm and everything (RDP, VOIP etc) works seamless.
This device is a VPN endpoint so not a huge drama but has really put me off using pfsense for any real firewalling.
The firewall rules are just IPSEC any to lan and LAN lan to any.
Any ideas, its really annoying!
I'd get a packet capture and analyze it with Wireshark.
How much traffic is it pushing at the time?
What is the CPU usage like?
Are there any interface errors showing on the GUI (Status > Interfaces) or in sysctl (sysctl -a | grep cpsw)?