Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense gateway monitoring

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 10.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rizwan602
      last edited by

      Hello,

      I would like to know how the "Monitor IP" option under SYSTEM > GATEWAYS > EDIT GATEWAY menu works.

      From what I understand, if nothing is defined in the "Monitor IP" input field, then pfSense will monitor the gateway IP address by sending out pings.

      According to the description on that options, "Enter an alternative address here to be used to monitor the link. This is used for the quality RRD graphs as well as the load balancer entries. Use this if the gateway does not respond to ICMP echo requests (pings)."

      If I enter an alternative address, does it still use ICMP (pings) for that address or does it use some other monitoring method?

      I'm asking because in some cases the gateway IP address is not a valid method to check whether there is actually a valid internet connection on the other side of it. (Think WAN port connected to another NAT device.) I need to be able to see if a certain IP address out there is reachable through this gateway. Such as a DNS like Google's 8.8.8.8. But in SOME cases I have put 8.8.8.8 to be monitored but pfSense main screen shows that the gateway is down, even though it is working. Perhaps ICMPs are blocked beyond the gateway here, but sometimes it works, sometimes it thinks its down but really it isn't down. Traffic still flows through that gateway that pfSense thinks is "down'.

      Thank you,

      Rizwan

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        Yes, it is using pings. Using googl's DNS if you have a double NAT device is working. I am doing that, too.

        And yes, you are right. I sometimes have a WAN which is down even if everything is ok. This could be perhaps something is blocking or not responding to the pings. So there are suggestions on the forum to add the possibility to have two or more monitor IPs for one gateway to make sure that the gateway is really down and not just blocking the pings.

        1 Reply Last reply Reply Quote 0
        • R
          rizwan602
          last edited by

          It would be nice to have another option such as verifying http service on a hostname/ip instead of just pings. Some networks don't allow pings at all.

          @Nachtfalke:

          Yes, it is using pings. Using googl's DNS if you have a double NAT device is working. I am doing that, too.

          And yes, you are right. I sometimes have a WAN which is down even if everything is ok. This could be perhaps something is blocking or not responding to the pings. So there are suggestions on the forum to add the possibility to have two or more monitor IPs for one gateway to make sure that the gateway is really down and not just blocking the pings.

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            make your suggestion on:
            http://redmine.pfsense.org/

            1 Reply Last reply Reply Quote 0
            • G
              grandrivers
              last edited by

              yes more monitoring options would be fantastic had a xincom 502 that had lots of options for monitoring. I had one of my isp block icmp for the protection of its users?? but seem to allow it now

              pfsense plus 25.03 super micro A1SRM-2558F
              C2558 32gig ECC  60gig SSD

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Apinger, used for monitoring, doesn't currently support anything other than pings.
                To do this I guess you would need to replace apinger with something more flexible. Any suggestions?

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.