webGUI log in extremely slow



  • Hello,

    Version 2.4.4 on brand new SG-3100.
    Not much set up on it yet and almost no traffic.
    I'm accessing through http port 78 directly connected to the firewall with Ethernet cable.

    Log in (local database authentication) takes me between 60 and 90 seconds but I've never seen it timing out.
    Once logged in many pages open fast but sometimes long wait happens again when I save changes on pages.

    E.g. /diag_arp.php takes 10-15 seconds to open with only 3 entries.
    The same page containing tens of entries opens in 2-3 seconds on another 2.4.4/SG-3100 which has gone live already.

    Memory, disk and CPU usage on the fw remain low.
    I've tried accesing from Safari, Chrome and Firefox on MAC OS as well as IE, Chrome and Firefox on Win7 and the behaviour has been the same.

    What is it and how to fix it?

    Regards,
    Adam


  • Rebel Alliance Global Moderator

    you prob have something wrong with dns.. If dns is not working you can have delays doing stuff in the gui..



  • That would make sense as the fw is offline.
    Is there an easy way to prove this point in offline mode?
    I'm forced to keep at least one DNS server entry under System -> General Setup.


  • Rebel Alliance Global Moderator

    Why are you forced to keep 1 dns in system? Out of the box pfsense resolves there need be no servers there.

    0_1543404263961_generalsetupdns.png

    I don't have enough time currently to play with how to validate the delays when no dns.. You could try turning off the automatic update check.. But I know when I was recently setting up a 3100 was seeing delays and soon as fixed dns issue problem went away..

    Under the update settings.

    Dashboard check
    Disable the Dashboard auto-update check

    edit: Really should spend some time investigating this.. I kept meaning too when I noticed it a couple of weeks back on the 3100 on my bench.. Maybe I can spend some time on it today at work.. Have a 2440 on my desk currently we had replaced a location with that 3100, and now going to leverage that 2440 at a different location but have not completed its config yet..



  • Trying to reply but getting:

    ERROR
    Post content was flagged as spam by Akismet.com
    

    For whatever reason it's over sensitive as I'm not doing anything dodgy at all.

    Can you please white list me?



  • @adamw said in webGUI log in extremely slow:

    I'm forced to keep at least one DNS server entry under System -> General Setup.

    No way !

    When you install pfSense : there are no DNS servers listed on System / General setup..
    When you install pfSense : the build in DNS is unbound or the Resolver. It will listen on all interfaces (including pfSense itself ;) ) for DNS requests, and ask the build in DNS servers (aha !!!!) for an answer.

    So, when you install pfSense, DNS works fine.

    The build in DNS servers are actually the 13 "root DNS servers" : if these servers go down all of them, or you can't reach then, yes ... thing will go bad for the entire planet earth. Their addresses (IPv4 and IPv6) are hard coded and known for life.

    This means : by default, if your ISP handed over some ISP servers : they will not be used by pfSEnse.
    This means that your DNS requests are not handed over to info harvest companies like "8.8.8.8" neither.

    Up to you to change what whatever you want, and in that case : don't leave home without testing your settings.

    @adamw said in webGUI log in extremely slow:

    Can you please white list me?

    That's another issue : see here for more info :
    https://forum.netgate.com/category/20/forum-feedback
    Are one of the mentioned situations (posts) familiar to you ? ((VPN) IP with bad reputation, etc ?)



  • Hmm, why would it be my IP if I can post this?
    It's fussy about some content of my post (which is very typical).



  • To cut it short: I've added 2 DNS servers and after I remove one the other bin icon disappears (bug?).
    After removing DNS servers and references from config.xml manually logging in and browsing is fast.


  • Rebel Alliance Global Moderator

    What are you trying to post a link or an image? Users get whitelisted for such attachments if the system thinks it might be spam after enough rep points.. 3 or 5... one of the admins could look up the specific points needed. As just mod do not have access to the backend to see.

    Help out, post some good stuff and people will give you a thumbs up and you will auto get whitelisted...

    As to your bug about removal of dns? yeah it will go down to just single listing you just remove the entry "make it blank" And make sure your system is not set to allow pulling dns from dhcp.

    Pfsense has zero use of any dns settings other than pointing to itself since out of the box as mentioned it resolves. Only if you are in some need of wanting to forward would you ever need to put dns servers in.. To be honest unless your isp is blocking dns, or your on a high latency sort of connection - think sat where its best to use the isp dns.. The typical user should just resolve..

    Sure there have been posts and even a guide on how to use tls in forwarding - NOT A FAN is what I will say about that ;) Its nice to have it as a feature sure - but its use case is limited if you ask me.. Some ISP injecting shit into your dns queries.. Choice in such a case would be change ISPs.. But yeah that is not always an option, but if users don't bitch with their dollars ISP not going to change their ways..

    Glad you got your slowness worked out..



  • @johnpoz said in webGUI log in extremely slow:

    What are you trying to post a link or an image?

    He probably doesn't know that this works :

    First : hit the

    0_1543413380979_a6657b14-3cae-4dd0-b454-d06d3bbf1c80-image.png

    Then, while your typing your post : hit Ctrl-V - also know as "paste".

    0_1543413459806_47c9c845-9be1-48e6-925c-4a7f5eddb8f5-image.png

    It's advisable to shrink wrap your image after a print screen, or, if you use Windows, use the build-in "Capture Tool".

    These image are stored on the pfSense / Netgate's web server (means : no upload problems), so the never get lost (or replaced by other images, or make forum browser a crawl when the image host server goes off line.


  • Rebel Alliance Global Moderator

    @gertjan said in webGUI log in extremely slow:

    so the never get lost

    I would agree with you - unless they change forum software ;) And the images don't come over correctly... Still have hope that they will at some point fix that. From my understanding their are still there just not displaying..



  • I didn't try to attach any images, just several lines of text, quotes and code.
    Anyway - my problem was down to DNS and is now solved.
    Thank you!


  • Rebel Alliance Global Moderator

    Kind of side track - but software that I have been using for years and just love... Best few bucks ever spent on software ;) I use it pretty much every single day.

    http://www.faststone.org/FSCaptureDetail.htm

    They still update it and it has all kinds of bells and whistles for taking screenshots.. It well worth the $20 that is for damn sure.