Gateway Overload
-
Hi,
I have just implemented my network and pfsense is used for some local services (DNS, DHCP, Firewall, Gateway for Internet)
My topology is attached here
pfsense server is Virtual Machine with 32Gb RAM and 4 vcpu
I have 8 VLANs in my local network, with 320 PCs totally.
In pfsense server, I created VLAN interfaces for each VLAN in LAN and used DHCP service for all VLANs and PC's gateway is VLAN Interface's ip-addressI created some rules in pfsense-firewall for accessing local web server or Internet.
My problem occurred whenever PCs connected to local web server through pfsense-server, the connections are too slow and pfsense-server seems to be overload.
PS: Before I used pfsense server, all my PCs connected directly to local web server and everything was fine.
-
How slow?
Just a single PC connecting to it is slow? Or is becomes slower when many are connected?
What does the CPU loading look like in pfSense when this slowness happens?
What hypervisor are you using? Did you follow the guides to create the VM as expected for that? NIC types CPU types etc. Disabling hardware offloading.
Steve
-
Thanks Steve,
Actually when many PCs connected to the local web server, it was slower and after several minutes, it was connection time out from PCs.I'm using KVM, installed on CentOS 8 hosting. I created a vm on kvm hosting, then install pfsense from the latest version of pfsense iso file.
The hardware is on attachment image below.
-
Ok the first thing I would do there is switch to VirtIO NICs in KVM unless you are doing so9me sort of hardware pass-through. That will mean re-assigning the interfaces in pfSense when it boots back up as they will appear as vtnetX.
I would also try setting the CPU type as host which I have seen improve things there.
You almost certainly don't need anywhere near 32GB RAM.Steve