Packet drop and general unusability when firewall is turned on
-
Hi,
I have an SG-1000 firewall which is an IPSEC VPN to a Juniper firewall at our main site. The VPN is up and works fine (its a NAT-T aggressive VPN).
The problem is that when a PC behind the firewall pings over the VPN it drops a ping every 10 attempts or so and services like RDP just freeze almost constantly (connect then freeze). IP phones drop out etc… Just completely unusable.
I have turned off NAT all together (don't need it) and that hasn't helped.
I set the firewall to conservative and that doesnt resolved it either.
If I turn off the firewall packet filtering all together, then hey presto it works like a charm and everything (RDP, VOIP etc) works seamless.
This device is a VPN endpoint so not a huge drama but has really put me off using pfsense for any real firewalling.
Any ideas?
The firewall rules are just IPSEC any to lan and LAN lan to any.
-
Any ideas, its really annoying!
-
I'd get a packet capture and analyze it with Wireshark.
-
How much traffic is it pushing at the time?
What is the CPU usage like?
Are there any interface errors showing on the GUI (Status > Interfaces) or in sysctl (sysctl -a | grep cpsw)?
