Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense becomes unresponsive

    Scheduled Pinned Locked Moved General pfSense Questions
    24 Posts 6 Posters 2.9k Views 6 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      AmaanX5A @Gertjan
      last edited by

      @gertjan

      Yes this is me from WAN 443, and there is only one rule in my Firewall>Rules that I added using this post:

      https://www.joe0.com/2019/11/11/how-to-implement-remote-management-in-pfsense-2-4-4-by-using-a-duckdns-dynamic-dns-domain/

      Other then that, my pfSense system is totally stock and I guess there is no SSH remote enabled on pfSense out of the box

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @AmaanX5A
        last edited by Gertjan

        @amaanx5a said in pfSense becomes unresponsive:

        https://www.joe0.com/2019/11/11/how-to-implement-remote-management-in-pfsense-2-4-4-by-using-a-duckdns-dynamic-dns-domain/

        This :

        STEP 3 โ€“ Allow remote access to WAN port 443

        combined with this :

        Source: Any (or restrict by IP/subnet)

        is exactly the reason why you should never do that.
        The pfSense WebGUI isn't meant to be "open and visible" to the entire Internet. Its a major security flaw.

        Use OpenVPN for that.

        (edit : same thing for the SSH port)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator @AmaanX5A
          last edited by

          @amaanx5a said in pfSense becomes unresponsive:

          The firewall still has to read that traffic, process it and send it back out on all the interfaces. All of that requires CPU cycles.

          Even if I use a switch?

          No, if you use a bridge as a switch.
          There is a common misconception that bridging somehow requires less CPU cycles and won't affect firewall performance for some reason. Not really sure where that comes from but just to be clear it does. ๐Ÿ˜‰

          If you use a switch the traffic never goes through the firewall and it can happily use all it's CPU cycles for more important things like VPNs.

          And, yes, use OpenVPN for remote access if you can. It the very least move your webgui to a different port to reduce the drive-by connection attempts.
          https://docs.netgate.com/pfsense/en/latest/recipes/remote-firewall-administration.html

          Steve

          1 Reply Last reply Reply Quote 0
          • brandcraft digitalB Offline
            brandcraft digital Banned
            last edited by brandcraft digital

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.