Firewall Stops Passing traffic between subnets

  • I have two pfsense boxes 2.0-RC1 build on March 3 in a CARP failover cluster with 2 VIP addresses. This is being used as firewall router appliance between 2 internal subnets to provide a restricted set of rules to access equipment behind the secure side. One VIP on each side of the firewall.

    These boxes have been running great for about a month now and all of a sudden I am having a strange issue where the firewall will suddenly stop passing traffic between the two subnets. It actually just starts dropping packets which are intended to be routed through the firewall. A simple ping test showed that ICMP would pass for 5 or 6 times then timeout for 2 or 3 then respond and so on it will repeat this over and over. What is weird is pinging the two separate interface from the respective sides of the firewall showed now drop in packets. However when i created a failover situation from the primary to the secondary the problem went away instantly for about 2 days then all of a sudden the "secondary" firewall started having the same issues. After the bringing the primary back online again the problem disappeared. During an outage window Friday night i rebooted all the switches and the two pfsesne boxes again as a precaution but am unsure if the problem will return.

    Does anyone have any ideas why this might be happening?

    Thank you!

  • Are you doing any traffic shaping?

