2.0.1 - HUGE session usage?
I have three sites, three PFSense firewalls, 3 Draytek routers.
The PFSense firewall provides guest WiFi on the three sites.
All have been running fine for years.
One site now is running slow, both on the PFSense network and the other network fed from the router.
On looking in the router stats, 150,000 sessions in use out of an available 50,000! Rebooting cures it for a few hours.
The 150,000 sessions are from the PFSenses WAN IP.
The Captive Portal only has around 15-20 users concurrently.
How do I go about narrowing this problem down?
I am not sure on the best course of action to trace this massive usage?
First thing I would suggest is move your pfsense to currently support version.. 2.0.1 is from 2011-12-20
Once your on a current support version 2.2 or higher.. I would highly suggest current which is 2.3.4p1
Then you can look into what is eating up your states, and then either allow for more or fix whatever it is creating them.
I know I need to upgrade, but had modded the original installs to include captive portal pages which take username, email, postcode and write these into a database. I need to find time to add these mods to a more recent version.
Is there anything I can do to search for the session hungry resource?
Well what IP is creating the states? What does your state table look like?
Have not used 2.0.1 in 6 some years. But in current you can dump the state table from diagnostic menu..
One thing that can help is setting the "max src. states" in your LAN-side allow rule(s) to max out at something (even something huge - I use 8192 on my campus firewalls) will limit the ability of a user or malware-infected machine to use up states. On top of that, you should start getting firewall log messages about the device(s) trying to use all those states so you can narrow down your search quickly.
Turns out the router in front of the PFSense box wasn't clearing down sessions. This is why I couldn't see loads of sessions in PFSense. The router had a non released version of firmware on it (Draytek) to try to stabilise the VDSL BT Infinity line, but seems this caused issues with sessions. Putting the current firmware on it has sorted the problem.