SG-1000 not functionnaly responding on web interface and console interface
-
Hi
It's been two/three times that the SG-1000 is irresponsive on the web interface and irresponsive on the console interface (console opened on virtual serial interface from USB cable plugged in the console USB port). Ssh is also not working.
Traffic is still getting through, the device is pingable.
The web interface actually does respond in a way, after a while it reports:
504 Gateway Time-out
nginx
I went through the logs last time but I could not see hints as to what was happening.
Suggestions?
-
You should probably post this on the official hardware board.
-
Hi
It's been two/three times that the SG-1000 is irresponsive on the web interface and irresponsive on the console interface (console opened on virtual serial interface from USB cable plugged in the console USB port). Ssh is also not working.
Traffic is still getting through, the device is pingable.
The web interface actually does respond in a way, after a while it reports:
504 Gateway Time-out
nginx
I went through the logs last time but I could not see hints as to what was happening.
Suggestions?
Are you running the latest pfSense 2.4 snap on your SG-1000?
-
Yes, I update regularly. Last update was a few days ago :
2.4.0-BETA (arm)
built on Sat Jul 29 03:10:09 CDT 2017
FreeBSD 11.0-RELEASE-p11I powercycled the device to regain access.
-
Yes, I update regularly. Last update was a few days ago :
2.4.0-BETA (arm)
built on Sat Jul 29 03:10:09 CDT 2017
FreeBSD 11.0-RELEASE-p11I powercycled the device to regain access.
Okay, lets have our support have a look at the device and figure out whats wrong. The issues you are experiencing should not happen! Please submit a ticket at the following link and reference this thread:
-
That is also potentially a sign that something has consumed all RAM on the device and is not freeing it up, so be sure to tell the support crew which services you have enabled and which packages you have installed.
-
@jimp:
The ticket with the support crew is just more or less closed.I must say, when a ticket is opened, the reactivity from the support is very high.
I gave access to my system and support suggested to disable the pfBlocker temporarily and to reduce the update rate of the pfBlocker.
I have remove a big list from the pfBlocker and moved it to a DNS check (before calling support as suggested by ivor).
Still my opinion is that:
- Netgate should be more clear about what the device can do "at most";
- There should be monitoring of critical services that should be restarted when they fail and kill processes that use too many resources for too much time (I have monitoring on my systems for that).
I am under the impression that no extra services other than the defaults should be activated and only very simple blocking / nat rules should be added. I am not sure how that adds more functionnality than a router (TP-link, etc.) other than having a dedicated appliance focused on securing a network.
As the cryptomodule is not active, it is stated here and there that VPN does not have a lot of performance - I have not been down that road yet, and given my experience with the SG-1000 that I will continue to work with my NAS for that.
I am aware that it is a lightweight device, but I expected the hardware to be capable of the performance needed to secure from a 3.4Mbit up/700kbit incoming ADSL network, with traffic shaping and reasonable list blocking capabilities.
The nominal RAM usage is at about 30%. If 512MB is not enough, then it should have been raised to 1GB. I am sure that it would not have increased the cost that much, but it would have reduced support requirements and increased customer experience.
Anyway: thumbs up for the responsive support team for official tickets.
