Strange 15-20 seconds Lag

  • Hello everyone,
    I'm using pfSense for almost a year, after having replaced an old Fortigate 110C. Unfortunately I have a problem I can not solve in any way. The company I work for uses an application that resides in the Spanish headquarters . This application uses the Citrix Metaframe to be used on our Clients. The application does not have connection problems or malfunctions except for an annoying lag of about 20 seconds after a few minutes of use. In fact, the application hangs for 20 seconds after which resumes normal operation as if it had buffered all the commands received at the time of the block. During this freeze there are no peaks on CPU , memory or network on pfSense , and no logs anywhere. This kinds of lags are not only Citrix related but even if I use a DTS to populate a SQL Server's table. I can't notice any lag on the WAN side. The Spanish network access is done through a Cisco 1800 router which traffic to the destination network is routed directly from the pfSense . If I add a static route on my client to reach the Spanish network bypassing the firewall, I don't have any lag problem. Same positive result even if I use other firewall ( Fortigate, Endian , etc. ) . What I could check / change to solve this problem ? My network configuration is the following:

    Italian LAN : /24
    PfSense :

    Router to Spain :
    Spanish LAN : /16

    Do not hesitate to ask me if additional information were necessary to identify or solve the problem.

    Thanks in advance to anyone who can give me a hand.

  • It's a bit hard to understand your setup. A picture would help. Also, how often do these lags happen? Are they regular, or do they happen any time? It sounds like something is timing out. Are you doing egress filtering? Does the problem still happen if you turn the egress filtering off? Maybe your firewall rules should be set to do logging so you can see what is happening. Might be a good idea to see the rules. You might also try turning the rules off, one at a time, to see if the lag still happens. Are you using VPN?

    I'm not an expert; I'm just throwing out any questions or ideas that occur to me.

  • Hi Paul,
    thanx for the answer. The lags seem to be randomic but I can say almost for sure that at least one each five minutes appears. I use egress filtering but only towards WAN interface. LAN to LAN traffic is not filtered in any way. No logs can be found when I have a lag cause nothing is filtered. No I'm not using a VPN. Tomorrow I will install a clean PFSense without any rules at all and I try to see if the lag happens.

  • I've finally found the problem! It happens when I route traffic on the same interface using Firewall rules with the State Type (Advanced Features) set on Keep State. Setting it to None solve any kind of lag.


