Layer7 performances



  • Hi,
      I am trying to block the P2P traffic from my LAN to the rest of the world, so I was creating a Layer7 Container.

    In the Container there are the rules for:

    • bittorrent

    • gnutella

    • edonkey

    • soribada

    • napster

    • fasttrack

    • directconnect

    everything works fine until I don't enable a rule on my LAN interface with:
    Action=Pass
    Interface=Lan
    Protocol=TCP/UDP
    Source=Lan subnet
    Log=Disabled
    Layer7=The above container

    at this point the firewall becomes kind of slow, expecially in resolving the names when browsing on a website.

    Is it a common issue or am I making something wrong or asking too much to my firewall (a Pentium Dual 3.4Ghz with 4Gb of RAM), or there is some other misconfiguration I could check?

    Thanks a lot,
    Michele



  • I think the QOS feature in pfsense is broken. I tried for too long trying to get it to work. I gave up and went back to my dlink.



  • @Gitsum:

    I think the QOS feature in pfsense is broken. I tried for too long trying to get it to work. I gave up and went back to my dlink.

    well… it's for sure not easy, the first time I needed support to let it work, and before 2.0 RELEASE I think was not also so stable, but it is working very well on my firewalls now.
    I had the same doubt that I am missing or mistaking something...


Log in to reply