Firewall Rules Reload dumps user connections (RDP)
We have a pfsense firewall with about 15 vlans and about a half dozen ipsec tunnels from various clients connecting to services we provide. It would appear that when reloading the firewall rules after adding a simple rule or a nat item that all of the users connected to devices on the inside of the firewall from external networks appear to get kicked or bumped.
While I could likely schedule the addition of firewall rules so that they get automatically loaded off hours, I'm wondering if anyone has come across this issue before and has a fix or any advice.
I do also notice that while the rules are applied and the pfsense box is refreshing that my ability to connect to it and load other pages in the pfsense menu system are affected as well.
Is this a lacking of resources in the hardware that causes it or is there another cause for these issues?
Version 2.0.1-RELEASE (i386)
built on Mon Dec 12 17:53:52 EST 2011
Update available. Click Here to view update.
CPU Type Intel(R) Xeon(TM) CPU 2.80GHz
The system has about 3gb of ram.
Apologies if this is covered elsewhere.
There were some issues with states being cleared when you have a gateway marked down on that version.
Check Status > Gateways – if you have a gateway down, fix it or disable gateway monitoring.
Alternately, go to System > Advanced, Misc. tab, and disable state killing for down gateways.
Upgrading to 2.1 is the best move, though.
2.1 upgrade is in the works, but I have to make sure it's not going to affect our production network adversely. Realistically we are just going to duplicate our config to a 2.1 install on newer hardware. I'll try disabling the state killing. As far as I can tell it is detecting the GW and I'm not seeing anything being marked as "down".