Wan Out Traffic graph
-
2.4.2-RELEASE-p1
I recently noticed that the WAN traffic graph is displaying no Out traffic on that interface at all. The interface is definitely working and all the stats and interface info show everything is normal. I wouldn't be writing this now if it wasn't. The only thing I can think of that changed recently was the switch over from Suricata legacy mode to inline mode. Inline mode is working well so I rather not do trial and error with changing that back since the office is running on this network. The WAN out graph being blank is a minor issue, especially since everything else seems to be working perfectly and the WAN out nearly mimics the LAN in graph anyway.I didn't see anyone else mention this in my searching so I wanted to post my feedback here. I have tried rebooting already.
Thanks,
Raffi -
Try a different browser, or clear its cache?
-
Hi Kom,
That's a good idea. I tried originally in Chrome. I then tried it in Edge but had the same graph issue. I cleared the cache in Edge and that made no difference either.
Thanks,
Raffi -
With a stock browser like FF and clean pfSense (no packages that interact with NIC's) it should work.
So, you're in for the nasty question : what did you change where to break something ?
-
Thanks for the response Gertjan. I have tried FF, Chrome, and Edge. They all have the same result. FF was a fresh install and I cleared all cache in Edge. The only thing I could think of that broke this is the recent change from Suricata Legacy mode to Inline mode. I don't know if this happened right after I made that change or not because I never really paid much attention to that graph. I have read about some different complaints about Suricata in Inline mode, so that may or not be the issue for me. I don't want to experiment with going back to legacy mode since everything else is working smoothly and I have the office running through this system. This issue doesn't really bother me. It would be nice if it was working in case it could clue me in on an actual issue down the road. I just wanted to post here to see if I was the only one seeing something like this.
Raffi
-
Alright! It is officially confirmed that Suricata inline mode was causing this. I recently had to switch back to Legacy mode due to another odd issue which was impacting my day-to-day. I found it impossible to manage false positives that were not showing up highlighted in the alerts log. How to you create an exception to a blocked IP which you can't even see? Maybe I was doing something wrong? In any case, I switched back to legacy mode with all the same categories and rules selected. Now the legitimate site that was blocked before is not blocked and my WAN out graph is working too. Magic! In the meantime, I'm staying away from inline mode until I grow enough courage to give it another try. I'm pretty sure it's likely a netmap issue. At one point, I couldn't even get Suricata to restart because of some netmap error. I know netmap is not a pfSense or Suricata issue in particular. I believe that's a FreeBSD thing and/or netmap being too young.
