Random sites timing out after 2.3.4_1 update?
-
I'm not sure what could be causing this or how to go about troubleshooting this more thoroughly. I stopped snort as a service and this issue continues. If I restart the router the issue is temporarily resolved. If I connect directly to the modem to bypass pfsense the issue is resolved. Any ideas since I don't recall changing anything other than updating.
I believe my backup has already changed to 2.3.4_1 since it took me awhile to notice this. Can I use my 2.3.4_1 backup to restore 2.3.4?
-
Is this a DNS or traffic issue? (is DNS maybe not running on your router?)
I've never had an issue restoring backups to different versions or even different hardware.
-
Generally speaking you should not restore config files into an older pfSense version than the one they were taken from.
That's because there is code to upgrade older configs to match newer versions but that cannot happen the other way around. However in this case the config file version did not change between 2.3.4 and 2.3.4_1 so it should be safe to do so.
https://doc.pfsense.org/index.php/Versions_of_pfSense_and_FreeBSDDid you clear the Snort block list? Disabling the service will not clear IPs that are already blocked.
Steve
-
Just to update it did end up being Snort blocking. It apparently isn't enough to disable the service. Do most people leave that feature off and still use Snort?
-
It depends what you're using Snort for. If you use it to collect data on traffic and aggregate that somewhere centrally you might not need to block that.
Most people would have it in blocking mode though. Once you have the ruleset tuned you should not see many false positives. I usually recommend you run it in non-blocking mode for a week or so and review the logs. Whitelist or disable the rule on anything that shouldn't be alerting. Then go to blocking mode.
You can also set the block time to something low enough that it will restore in a reasonable time.Steve
