Random disconnect
-
@bmeeks said in Random disconnect:
The fact you saw gateway monitoring alerts in your pfSense logs indicates that something happened between your firewall and the rest of the world. That loss of connectivity would result in the "restart all packages" command getting issued automatically by pfSense.
Interesting. Is there a way to check if my WAN interface went down? Some kind of status that says "up for x amount of time"?
Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
Yep...Interface status change.
Nov 13 01:16:20 GAFW kernel: ix3: link state changed to DOWN
Nov 13 01:16:20 GAFW check_reload_status[2674]: Linkup starting ix3
Nov 13 01:16:30 GAFW check_reload_status[2674]: Linkup starting ix3
Nov 13 01:16:30 GAFW kernel: ix3: link state changed to UPIs there a place to see this in the GUI ?
Firewall: NetGate,Palo Alto-VM,Juniper SRX
Routing: Juniper, Arista, Cisco
Switching: Juniper, Arista, Cisco
Wireless: Unifi, Aruba IAP
JNCIP,CCNP Enterprise -
@michmoor said in Random disconnect:
Is there a way to check if my WAN interface went down? Some kind of status that says "up for x amount of time"?
The only way I know of is to check the system log. The gateway alarms will be logged there. You can also seem them with details under the Gateways tab of the STATUS > SYSTEM LOGS page.
-
@michmoor said in Random disconnect:
Is there a place to see this in the GUI ?
There is a GUI page with several tabs to view system logs. So "yeah", there is a way to see this in the GUI the way I would interpret it.
-
@bmeeks
I see it now.
Thanks Bill. Also i didnt know about the packages tied to interface status part so thats really good to know.
-
@michmoor said in Random disconnect:
i didnt know about the packages tied to interface status
Think about it logically -- many services (packages) need to know about active interfaces and what their status and IP settings are. So, there has to be a mechanism to let packages know something has changed with interfaces. pfSense uses a sort of big hammer here -- simply restart all the packages when an interface changes. That causes them to behave like an initial boot-up and they all read the information they need/require again and configure themselves accordingly.
-
Yup there could be more finesse there. But most pfSense installs rarely see an interface link status change so not often a big issue.
-
You can also see a series of "restarting packages" commands over time if your
dpinger-monitored interface is down for an extended period. The interface will be cycled, but ifdpingerstill sees no connectivity to the monitored IP, then it will restart the interface again. This will continue until the interface's connectivity to the monitor IP is restored, or you telldpingerand pfSense to always consider the gateway as "up". -
@stephenw10 @bmeeks
Is that with ANY interface state change or only when an interface is a wan-type?A flapping interface is not uncommon. So if i have a DMZ leg that is flapping does that mean my LAN -> WAN flows will be impacted? Essentially 2x interfaces that have nothing to do with DMZ will see an outage?
-
@michmoor said in Random disconnect:
@stephenw10 @bmeeks
Is that with ANY interface state change or only when an interface is a wan-type?A flapping interface is not uncommon. So if i have a DMZ leg that is flapping does that mean my LAN -> WAN flows will be impacted? Essentially 2x interfaces that have nothing to do with DMZ will see an outage?
I believe it is either a physical link status change or the execution of
ifconfig uporifconfig downthat triggers the restart all packages command. And I thinkdpingerwill trigger thatifconfig up/downcommand when it fails to reach the monitored IP within the configured time window. I have never examined all the PHP and shell script code for this in pfSense to find every possible trigger.
