Connections Drop When I Make Changes To pfsense



  • Hi,

    I am currently running pfsense 2.0.3-RELEASE (i386). I have noticed this issue for a while now and have gotten to the point that I should ask if anyone knows what is going on or has seen this. I don't make changes in my pfsense box very often, but when I do I notice all connections to the Internet will drop immediately for a brief moment. It is like the states all get killed at once. This only happens when I make a change to the system such as a package update, adding a firewall rule or removing a firewall rule or disabling a VPN. Basically when I click apply or save is when it happens. I have experienced this on new installations as well. Does anyone have an idea of what is causing that to happen?

    Thanks,

    MDP



  • This link is all I can find in a possible issue to what I am seeing. It is very similar to what I get when making changes. But, I don't use Squid.

    http://forum.pfsense.org/index.php/topic,51555.0.html


  • Rebel Alliance Developer Netgate

    By default, pfSense kills states to gateways that are down when a filter reload happens. This is useful in Multi-WAN to make connections use the other WAN when one fails. However, if you only have one WAN, or if you have internal gateways that are failing to ping, they can also trigger this behavior when you don't want it to happen.

    Check Status > Gateways. See which gateways are down, and either disable monitoring for those gateways, or set their monitor IPs to IPs that actually respond to ping.

    You can also go to System > Advanced, on the Miscellaneous tab and check the "States" box near the bottom that changes this behavior so it does not kill the states for a gateway failure.



  • jimp,

    I have other gateways for internal static routes. I did your suggestion by going to System/Advanced/Miscellaneous and checked the states box under Gateway Monitoring, and that seemed to fixed the issue. I have been using pfsense for years and never had to do this. Will there be any issues with this setting be checked to on? Can it cause any undesirable issues?

    Thanks for all your help.

    MDP


  • Rebel Alliance Developer Netgate

    Only if you have Multi-WAN. I mentioned the caveats in my previous message already.

    If you only have one WAN, it doesn't matter if it's on or off.



  • No I only have 1 WAN uplink. I appreciate you pointing this out. I would imagine in most cases the general user would only have 1 WAN unless they had more than 1 ISP for failover, so with that being said; I would think that the setting would be disabled automatically unless the user wanted to have a multi-WAN setup. pfsense has so many abilities and features I will never use, not to say that others wouldn't use those features. I would of had a hard time finding the fix to my issue because the setting was in such an odd place, so again thank you.

    MDP


Log in to reply