WebUI Unresponsive
-
Hello,
Currently we are running pFsense 2.4.3 on a VM machine trying to move old nat entries over to aliases.
We are using the aliases and nat rules from our production appliance and importing them into the VM.
We are experiencing a very slow WebUI now once the nat rules get loaded in. Implementing a new rule or changing an option and saving becomes heavy on the WebUI. php-fpm will use 100% cpu during this time and maintain that load for a few minutes after the page has refreshed.
At times we get a "504 Gateway Time-out" which requires another refresh of the page for it to show up, at times, we've had to explicitly kill php-fpm to get access to the WebUI.
As well, during this time, trying to ssh into the VM also hangs until php-fpm is done it's work, trying to add/remove widgets will also make the UI hang.
There appears to be no issues with traffic being passed that I have been able to detect thus far...Any insight would be greatly appreciated.
-
Resolved
Moving from the 2.4.3 Kernel to the 2.4.4 kernel made a tremendous change in the response time. Rules apply almost instantly now, loading nat rules is slow, but takes 1/10 the time and no timeouts, loading aliases is very quick now as well.
If you are having similar issues, I would recommend trying the snapshot.
Cheers!!
-
How many rules and aliases do you have? I can't say that I've ever heard of rules overloading the GUI in that way, but I suppose if you had thousands of them, maybe.
-
6700 rules in total. It has to be an issue kernel wise though, as the upgrade with the exact same rules, has repaired the issue.
Emulated this issue 2 more times yesterday all with the same outcome, moving to the new kernel resolved the problem.
About to thrown another 2 IP's into the mix, let you know the outcome.
-
That is a very large amount of rules. It is entirely possible something in the switch to 2.4.4 helped -- the PHP differences are major, especially moving to PHP 7.2 may be related.
You could undoubtedly drastically reduce the number of NAT rules with aliases though. I'm having trouble imagining any scenario that could possibly justify even a fraction of that amount.
