pfSense/Netgate Support
-
Hi all,
First time poster here.
We had pfSense installed on a VM by a third party that acts as a firewall to our solution that we're having some issues with. We reached out by email on the 3rd July to enquire about support services as we'd really like it looked over by a professional and someone who knows the product inside out but we've yet to hear anything back. pfSense and Netgate is new to us a product/company, this delay normal for Netgate?
TIA,
Pete
-
I guess you can't contact the original third party?
Which version of pfSense are you running? My guess is a severely outdated version of pfSense CE.
Do you have an active TAC support license? My guess is no since you are running it as a VM.
https://shop.netgate.com/collections/tac-support
pfSense is not a Ron Popeil "set it and forget it" device. You really need to be paying somebody for support for regular updates, patches, upgrades, maintenance, backups, etc. Or hire someone knowledgeable directly to provide that support.
-
Why should you wait to get info ?
Or do you use the CE version (2.7.2) ? (see info at the bottom).
Or contact ... let me get one for you (one of many ...) : https://lawrencesystems.com/ or any local avaible company.
-
@elvisimprsntr thanks for the reply!
Hopefully not outdated, it's a fairly recent install and says there are no updates available. 2.7.2-RELEASE CE
We don't have a support license yet, that was why I was reaching out with them, listing the issues I have and asking if that's something they can undertake if we purchase their services. It wasn't a "help me now!" sort of email, just introductory explaining our scenario.
I'm the somebody that supports it, traditionally we've had dedicated servers and hardware Cisco firewalls. We're transitioning to cloud and VM. pfSense is new to me (selected and installed by the third party) who we would have reached out to for support but after migrating only two of our servers to the cloud we had to cut ties due with them for quality reasons. So I'll be picking up the ball with pfSense and learning the product but I want to eliminate the issues we have and ensure it's been installed/configured correctly to start with while I embrace the learning curve lol
Also just realised that yesterday was 4th of July and due to time differences on the 3rd (UK here) today may be the first time they get an opportunity to read my email.
-
Yes, if you emailed sales you will likely see a reply on Monday because of the holiday in the US.
Support is only available for Plus but purchasing it will make the upgrade available and we can assist with the upgrade process.
Is there something specific you're seeing issues with?
Steve
-
@SDGPeteBatin You can also look for a local partner on https://www.netgate.com/partner-locator.
-
@stephenw10 Hi! Yeah I suspected the same about the holiday, I jumped the gun a bit on that one lol. Just that pfSense/Netgate is new to me as a product/company and sadly for a lot of open source products the organisations behind them sometimes fade away to obscurity so I thought I'd reach out here to see if that might be the case, glad it's not!
As mentioned, we're happy to purchase services to get the product running as best as it can to give us a good foundation before we continue with migrations.
Below are some of the issues we're facing that I was enquiring to see if it's within their support remit to work on:
-
The web GUI is extremely slow to load most of the time (sometimes/occasionally it can be lightning fast), navigating from page to page can take an eternity, it makes administering the firewall very tedious and time intensive. From resource usage it doesn't appear that the VM is anywhere near at capacity.
-
So far we have two mail servers (windows based) behind it, they aren't able to resolve each other by DNS and so if an mail account on one server tries to send an email to domain mail account on the other server it's unable to connect. To get around this we've had to hardcode their respective IP's of the hostnames into the host files of each server. We're cautious about adding more VM's (web servers) that will have difficulty communicating with each other and the mail servers. Externally of the firewall all of our clients are able to connect to the servers behind the firewall with no problems.
-
The mail servers/firewall are in their own Virtual Data Center, we have another Data Center for exclusive use for one client only (both DC's are from the same cloud vendor). The web servers in that DC aren't able to connect via SMTP (or any standard mail port) to the DC that has the pfSense firewall/mail servers but they can connect to other smtp's like gmail. However, again, all of our clients (and ourselves) are able to connect to the mail servers from remote locations on all mail ports.
-
We also didn't get to implement the VPN (before cutting ties) to more connect securely to the VM's behind the firewall for remote desktop and as a work around have added one of our static IP addresses to a whitelist, but this is something we'd also like setup.
-
Lastly, we'd just like an audit (correcting where necessary) of it to make sure everything has been implemented correctly/as it should be, that we're taking advantage of features that would benefit us and using it to it's full potential.
@SteveITS thank you, I'll check that out also.
-
-
@SteveITS just having a browse now, there are 7 partners listed for the UK, 2 are Premier and the rest are Authorised. Do you know what the difference is? Would it just be the MSP's out of those that would provide the service I need (VAR and Reseller just being sales)?
-
@SDGPeteBatin re: partners, sales volume and IIRC required training.
re: DNS, sounds like you want Host Override or Domain Override in the DNS Resolver settings. Probably your mail server issue tooโฆ? Otherwise, need details on how theyโre trying to connect.
Re: slow GUI, randomly slow/fast on any page?
-
If you have port forwards set there you may also need split-dns or NAT reflection if you are accessing the servers by FQDN.
https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html
-
@SteveITS slow GUI: any/all pages, sometimes 1-2 minutes per page, very rarely instant.
I'll look into the other items you mentioned.
-
Well I'm saddened to report back that I've had no response or acknowledgement to my email to sales@
I've sent it 3 times in total and kinda lost confidence in Netgate during the process. I'll reach out to one of the partners instead and hope for a better service.
-
@SDGPeteBatin said in pfSense/Netgate Support:
sometimes 1-2 minutes per page
Hmm, only time I recall seeing that is when a router uses a large alias, such as "all US" in multiple NAT forwards or rules, and the router is essentially CPU limited when generating the HTML.
A long time ago there was a bug where the GUI was slow if DNS on pfSense itself wasn't working but IIRC that was long fixed.
-
Yup some DNS issue could be a problem on some pages but not all.
Do you have any ticket numbers from those emails?
Steve
-
@stephenw10 Hi!
No ticket numbers, this was an email to sales@, was just introducing us as a company, listing the issues we face and asking if what we wanted would be covered by their support. All we wanted back was a simple, "Nice to meet you, yes we can do that, please purchase XYZ" and we would have purchased their support.
-
@SteveITS we've not really tasked it with much yet, it has a 3 dedicated external IP's that NAT forward to 3 internal IP's going to 2 different servers. As far as rules go, incoming: everything blocked apart from standard mail ports and a single external IP whitelist exception. So quite a simple setup/requirement.
As of right now, it's using 9% of 4GB RAM. 1% of CPU, 0% of 1GB SWAP and 4% of 20GB disk.
I did do some research into it and read about similar stories where the slow down was being generated by the dashboard stats so I removed all of them apart from System Information, Disks and Interfaces but that didn't make any difference.
-
@SDGPeteBatin Hmm, I would have expected an email to automatically create a ticket response. Let me me confirm that though, it's not something I ever do!