PfSense gateway monitoring
-
Hello,
I would like to know how the "Monitor IP" option under SYSTEM > GATEWAYS > EDIT GATEWAY menu works.
From what I understand, if nothing is defined in the "Monitor IP" input field, then pfSense will monitor the gateway IP address by sending out pings.
According to the description on that options, "Enter an alternative address here to be used to monitor the link. This is used for the quality RRD graphs as well as the load balancer entries. Use this if the gateway does not respond to ICMP echo requests (pings)."
If I enter an alternative address, does it still use ICMP (pings) for that address or does it use some other monitoring method?
I'm asking because in some cases the gateway IP address is not a valid method to check whether there is actually a valid internet connection on the other side of it. (Think WAN port connected to another NAT device.) I need to be able to see if a certain IP address out there is reachable through this gateway. Such as a DNS like Google's 8.8.8.8. But in SOME cases I have put 8.8.8.8 to be monitored but pfSense main screen shows that the gateway is down, even though it is working. Perhaps ICMPs are blocked beyond the gateway here, but sometimes it works, sometimes it thinks its down but really it isn't down. Traffic still flows through that gateway that pfSense thinks is "down'.
Thank you,
Rizwan
-
Yes, it is using pings. Using googl's DNS if you have a double NAT device is working. I am doing that, too.
And yes, you are right. I sometimes have a WAN which is down even if everything is ok. This could be perhaps something is blocking or not responding to the pings. So there are suggestions on the forum to add the possibility to have two or more monitor IPs for one gateway to make sure that the gateway is really down and not just blocking the pings.
-
It would be nice to have another option such as verifying http service on a hostname/ip instead of just pings. Some networks don't allow pings at all.
Yes, it is using pings. Using googl's DNS if you have a double NAT device is working. I am doing that, too.
And yes, you are right. I sometimes have a WAN which is down even if everything is ok. This could be perhaps something is blocking or not responding to the pings. So there are suggestions on the forum to add the possibility to have two or more monitor IPs for one gateway to make sure that the gateway is really down and not just blocking the pings.
-
make your suggestion on:
http://redmine.pfsense.org/ -
yes more monitoring options would be fantastic had a xincom 502 that had lots of options for monitoring. I had one of my isp block icmp for the protection of its users?? but seem to allow it now
-
Apinger, used for monitoring, doesn't currently support anything other than pings.
To do this I guess you would need to replace apinger with something more flexible. Any suggestions?Steve
