1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. PfSense gateway monitoring

PfSense gateway monitoring

  • R

    Hello,

    I would like to know how the "Monitor IP" option under SYSTEM > GATEWAYS > EDIT GATEWAY menu works.

    From what I understand, if nothing is defined in the "Monitor IP" input field, then pfSense will monitor the gateway IP address by sending out pings.

    According to the description on that options, "Enter an alternative address here to be used to monitor the link. This is used for the quality RRD graphs as well as the load balancer entries. Use this if the gateway does not respond to ICMP echo requests (pings)."

    If I enter an alternative address, does it still use ICMP (pings) for that address or does it use some other monitoring method?

    I'm asking because in some cases the gateway IP address is not a valid method to check whether there is actually a valid internet connection on the other side of it. (Think WAN port connected to another NAT device.) I need to be able to see if a certain IP address out there is reachable through this gateway. Such as a DNS like Google's 8.8.8.8. But in SOME cases I have put 8.8.8.8 to be monitored but pfSense main screen shows that the gateway is down, even though it is working. Perhaps ICMPs are blocked beyond the gateway here, but sometimes it works, sometimes it thinks its down but really it isn't down. Traffic still flows through that gateway that pfSense thinks is "down'.

    Thank you,

    Rizwan

    0
  • N

    Yes, it is using pings. Using googl's DNS if you have a double NAT device is working. I am doing that, too.

    And yes, you are right. I sometimes have a WAN which is down even if everything is ok. This could be perhaps something is blocking or not responding to the pings. So there are suggestions on the forum to add the possibility to have two or more monitor IPs for one gateway to make sure that the gateway is really down and not just blocking the pings.

    0
  • R

    It would be nice to have another option such as verifying http service on a hostname/ip instead of just pings. Some networks don't allow pings at all.

    @Nachtfalke:

    Yes, it is using pings. Using googl's DNS if you have a double NAT device is working. I am doing that, too.

    And yes, you are right. I sometimes have a WAN which is down even if everything is ok. This could be perhaps something is blocking or not responding to the pings. So there are suggestions on the forum to add the possibility to have two or more monitor IPs for one gateway to make sure that the gateway is really down and not just blocking the pings.

    0
  • N

    make your suggestion on:
    http://redmine.pfsense.org/

    0
  • G

    yes more monitoring options would be fantastic had a xincom 502 that had lots of options for monitoring. I had one of my isp block icmp for the protection of its users?? but seem to allow it now

    0
  • stephenw10
    Netgate Administrator

    Apinger, used for monitoring, doesn't currently support anything other than pings.
    To do this I guess you would need to replace apinger with something more flexible. Any suggestions?

    Steve

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy