HA: Slow web interface on backup node

  • Hey Forum,

    We're running a HA cluster of two XG-7100, pfsense version 2.4.4-RELEASE-p3, everything is working fine from a networking perspective - but I'm having an issue with the web interface and ssh connection.

    The connection via web-interface to the master-firewall works fine. But the backup-node has some issues:

    • Login-page loads well, login works

    • After login, everything is slow as hell. Opening pages (either by menue or with a link) takes minutes and fails often, it just stops loading. Today, I updated the pfblocker package. The package updated fine, but the webinterface stopped responding after a few seconds and never recovered.

    • Another time, i needed about 40 minutes for the simple task of downloading the current configuration. I think you get how slow it is.

    • Sometimes, I am able to restore responsiveness by connecting via http://xxx.xxx.xxx.xxx:80 (which redirects to https). But this does just help for a minute or so.

    • Disabling HTTPS and enabling http only makes the problems even worse.

    • When accessing the Firewall via SSH the same pattern is observable. Login works fine, but then it get's slow. It'll run into an connection loss after a very short time - i never managed to run more than one command.

    • When changing the active firewall (e.g. by temporarily disabling CARP) the issues are transferred as well. The former master has the issues and on the former backup node the problems are gone.

    Has anyone a idea what could cause these issues or where i have to search for the cause?

    Thanks in advance for your replies. If you need more details, just ask.
    Kind regards, Al

  • Are you using vlan?
    If so, than try to login through vlan ip of slave node.

  • Thanks for your reply!

    We are using mutliple VLANS and the access of the Firewall was only allowed via their management VLAN. As soon as i created a rule to allow access via the IP of the Interface of the VLAN I'm connected to it worked fine.

Log in to reply