Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netgate firewall ISP gateway is offline and has packet loss, how to fix it?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 4 Posters 775 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mhweb
      last edited by

      Hello,
      I'm currently setting up a Netgate 8200 MAX pfSense+ Security Gateway on a customer site. They currently have a 1G connection using Verizon Fios Business. The problem I'm facing is that I'm getting 100% packet loss in the WAN interface; therefore, the internet connection drops. If I reconnect the WAN cable, internet comes back, but in less than an hour, the internet drops dead again.

      Previously, the site had an old router that worked, but it was time for an upgrade because it couldn't handle the 1G connection anymore. In the meantime, I switched the router back to the old one so they can have internet.

      I'm also using a static WAN IP configuration because the DHCP isn't working in this connection. I called Verison for them to update the settings to use DHCP for WAN port, and they didn't even know what a router is.

      So, I brought the router home, and I set it up in my home. I had it running for two days, and it's been running correctly without a glitch. The first configuration was using DHCP for WAN. Now, I set a static configuration for the WAN port in the same way I did it for work, and it's been working for a couple of hours. I'm going to keep testing this connection, but I believe it will work just fine. For clarification, I also have a FIOS residential internet connection.

      So, my question is, what could be the next steps to make this router work at the location? I've been reading about changing the Monitor IP and to see if the problem could be with ICMP.

      Does anyone have a similar problem with a different solution?

      Also, I don't have any more specific configuration other than the initial setup because after I noticed the issue, I reset the router and configured the basic settings. I know that I'm repeating myself here, but I don't have any issues using the router at my house with any configuration and using FIOS (I know this isn't a business connection, but it is still the same company).

      Thanks,

      M V GertjanG 3 Replies Last reply Reply Quote 0
      • M Offline
        mhweb @mhweb
        last edited by

        @mhweb I want to update you that after a few hours, I'm getting the same Offline Packet loss 100% in my house with a static configuration.

        1 Reply Last reply Reply Quote 0
        • V Offline
          viragomann @mhweb
          last edited by

          @mhweb
          You must not switch between DHCP and static WAN on your own. You have to obey the guideline of the ISP.

          For the monitoring, pfSense gateway monitoring use pings to determine if the gateway is alive. By default it pings the gateway IP.
          If it is shown up as offline, even all settings are correct and the router is properly connected, the gateway probably doesn't respond to pings.
          If this is the case you can either state a different monitoring IP or disable the monitoring in System > Routing > Gateways > Edit gateway.
          Remember that the alternative monitoring IP has to be a public one like 1.1.1.1, so that the pings are routed over the gateway.

          M 1 Reply Last reply Reply Quote 0
          • M Offline
            mhweb @viragomann
            last edited by

            @viragomann
            Hi, thanks, but I have tried this, and after 20-30 minutes, the internet goes away again.
            I'm running out of ideas because getting the internet working shouldn't take much trouble.
            I have used multiple routers at this location for many years, and I've never encountered something like that. I'm even using pfsense in other networks.

            1 Reply Last reply Reply Quote 0
            • N Offline
              NOCling
              last edited by NOCling

              Some ISP Devices are a problem for the new 2.5G Nics.
              Can you try a stupid switch between ISP Device and Firewall?
              Or do you use the 1G Combo port?

              Netgate 6100 & Netgate 2100

              M 1 Reply Last reply Reply Quote 0
              • M Offline
                mhweb @NOCling
                last edited by

                @NOCling Hi, I'm actually trying that tomorrow, and I'll update you.
                I'm using the 1G Combo port with Ethernet.
                Thanks,

                1 Reply Last reply Reply Quote 0
                • GertjanG Offline
                  Gertjan @mhweb
                  last edited by

                  @mhweb said in Netgate firewall ISP gateway is offline and has packet loss, how to fix it?:

                  The problem I'm facing is that I'm getting 100% packet loss in the WAN interface; therefore, the internet connection drops.

                  When you power up two switches, with no cables what so ever, all the port LEDS will be out on all ports on both switches.
                  You can actually se that their is no connection now where.
                  Now, hook up a network cable on one switch to the other switch.
                  Both ports on both switches slight up : at this moment a connection exists. A steady, but empty -no real data - carrier is maintained between these two switches.
                  Now you have created a typical situation that can also exist on your pfSense WAN port. The connection is UP, port LEDS are on, indicating the carrier speed) but nothing flows over it.
                  How does pfSense knows that the connection actually works ?
                  Simple, it sends every half a second :

                  0b5249e5-4371-4d52-9e4a-7c2606d34932-image.png
                  a ping.
                  And if the reply comes back, the time is used to show this info :

                  39f9cbdb-f90b-4e4d-a0b7-87e2609fca6b-image.png

                  And here it comes : what if the IP where pfSense pings to decides to stop answering to these pings ?
                  The "Internet" connection is still just fine, only this one and only IP stops answering you.
                  The reaction of pfSense will be, eventually, that it decided that the connection is 'bad' and it will reset the interface.

                  By default, the first upstream gateway device is chosen as a ping destination, but you can also chose another one yourself :

                  07457f15-4630-4112-8868-0156dab94486-image.png

                  or you can decide not to monitor at all. After all, if your ISP is any good, why would it fail ? 😊

                  2d8ce795-8536-44a1-8e2b-946b0def10b4-image.png

                  and problem solved.

                  If, when not monitoring, the connection still doesn't seem to work : the problem is also solved.
                  Do your ISP shopping elsewhere. You are the customer, you decide. Many customers will make, or break, an ISP.

                  @mhweb said in Netgate firewall ISP gateway is offline and has packet loss, how to fix it?:

                  I called Verison for them to update the settings to use DHCP for WAN port, and they didn't even know what a router is.

                  That like buying a new car at the local BMW dealer, and you ask : what type tires does my new car has ? They say " tires " ?
                  Normally, in such a situation, get your money back, don't argue, don't say word, keep being friendly, and go some where else asap.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.