Production system: RC or 1.2.3?

  • I have a web site that sees ~ 1.5 million visitors per month, and I'm moving to a new datacenter.  I've been using a Sonicwall in the old datacenter, but I'm comfortable with pfSense and opted to use that instead in the new datacenter.

    So, I purchased a Netgate Hamakua (no moving parts is a good thing, right?), installed 2.0RC-1 as the pfsense web page recommended, and all was fine for 2 weeks (with zero load).  Then the firewall stopped routing traffic (or at least was no longer accessible from the WAN) and I had to have someone reboot it.  I installed the latest firmware at that point hoping it was a firmware issue, and the machine went down again ~ 22 hours after the first outage.  Now, 29 hours after the last outage, it's gone out again.

    OK, so I've ordered a new Hamakua, and I've got Zabbix monitoring the existing firewall so I hope I'll see some data there, and looking at a serial console will certainly help though I can't do that until ~ Tuesday night.  But I don't know whether I'm seeing reliability issues with the firewall itself, or with the RC version of pfSense.

    So, is running the RC a reasonable choice, or should I be on 1.2.3 until pfSense 2 goes "gold?"

    Or, should I throw a reliable switch on the WAN (so it becomes a single point of failure) and configure both netgates as a failover pair instead?

    More details: it's not working that hard – I installed SNORT (again) this morning, but it's hardly seeing any traffic at all.  Of course, it's not seeing any traffic because my rsync/sftp connections aren't starting for some weird, undiagnosable reason that could be tied to bad firewall hardware in some way...

  • I'm not expert but in my opinion is to do test under heavy load both versions of pfSense.
    Just let them working, but not shared for users.
    Also check if Your hadware is well supported on FreeBSD page.
    I have similar problems with the latest snapshots (hangs), right now using 2.0-RC1 (i386) built on Thu Apr 14 18:50:50 EDT 2011 in VM and it is ok.
    You should always have secondary gateway/machine as remote administrator backup connection..

  • All the Hamakua boxes I manage, for us and our customers, have been running 2.0 for months with no issue. Start with no packages and see if your issues continue, if not add them individually and see which is the culprit. Need to get a console on it too to see what's happening.

  • cmb: what was the procedure you used to get 2.0 onto the hamakua? mind sharing that?  thanks  :)

  • This thread is still running?  ;)

    I bought a second hamakua and set them up as a failover pair.  The original continued to fail, failover happened, but load balancing did NOT fail over as expected, FWIW.  Can't diagnose that further as I shipped the original machine back (to Lanner, not Netgate unfortunately) for replacement.

    When I moved to v2, I just uploaded the RC1 image, and on reboot had to delete the old RRD graphs to get things running cleanly, BTW.

  • @luckman212:

    cmb: what was the procedure you used to get 2.0 onto the hamakua? mind sharing that?  thanks  :)

    Same as 1.2.3.

Log in to reply