Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Zone : Pf frag entries] PF frag entries limit reached

    General pfSense Questions
    4
    4
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sparktcs
      last edited by sparktcs

      Dear team,

      We have been getting the [Zone : Pf frag entries] PF frag entries limit reached error in the server and the same time internet also going down !! .. What would be the reason and could you helps us to solve the issue permanently ?

      Really appreciated to get proper response from team members at the earliest.!
      Error.jpg

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @sparktcs
        last edited by

        @sparktcs the reason is your creating a lot of fragments. Why is the question, mtu mismatch?

        In the system advanced firewall&nat you can up the fragment entries number. But would prob look to why your creating so many?

        Are you using vpn? You can view number of fragments in the diag menu, pfinfo

        But if you have stuff sending large packets that need to be fragmented, you may need to just up the entry limit.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Yeah, you can increase that limit in Sys > Adv > Firewall&NAT but that's a symptom of something else in your network. Increasing it will likely only delay the onset of issues slightly.

          Steve

          DerelictD 1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate @stephenw10
            last edited by

            It not only indicates lots of fragments it indicates lots of fragments that were not fully reassembled and disposed of in a timely manner so they continued to occupy a fragmentation entry slot until there were no more available.

            As has been said the best course of action is to find the reason for the excessive/faulty fragmentation and fix it.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.