PfSense interfaces go down continuously



  • All,
    I have noticed the pfSense interfaces go down continuously, also 10 times each day. I'm a new sysadmin in this company and the pfSense installed is this one:

    2.0.1-RELEASE (amd64)
    built on Mon Dec 12 18:16:13 EST 2011
    FreeBSD 8.1-RELEASE-p6

    I can't upgrade the system because the hardware machine is very old and there is a plan of total datacenter renew for next month. But now this is a big problem. As I said above, each day the system logs show this issue many times:


    Jul 17 10:01:07 php: : Gateways status could not be determined, considering all as up/active.
    Jul 17 10:01:07 php: : MONITOR: FibraFWGW is down, removing from routing group
    Jul 17 10:01:07 php: : MONITOR: WelcomeGW is down, removing from routing group
    Jul 17 10:01:06 apinger: alarm canceled: FibraFWGW(8.8.8.8) *** down ***
    Jul 17 10:01:06 apinger: ALARM: FibraFWGW(8.8.8.8) *** down ***
    Jul 17 10:00:49 php: : MONITOR: WelcomeGW is down, removing from routing group
    Jul 17 10:00:47 check_reload_status: Reloading filter
    Jul 17 10:00:44 check_reload_status: Reloading filter
    Jul 17 10:00:37 php: : Gateways status could not be determined, considering all as up/active.
    Jul 17 10:00:37 php: : MONITOR: FibraFWGW is down, removing from routing group
    Jul 17 10:00:37 php: : MONITOR: WelcomeGW is down, removing from routing group
    Jul 17 10:00:37 apinger: alarm canceled: FibraFWGW(8.8.8.8) *** down ***
    Jul 17 10:00:14 php: : MONITOR: WelcomeGW is down, removing from routing group
    Jul 17 10:00:09 check_reload_status: Reloading filter
    Jul 17 10:00:09 check_reload_status: Reloading filter
    Jul 17 10:00:02 php: : Gateways status could not be determined, considering all as up/active.
    Jul 17 10:00:02 php: : MONITOR: FibraFWGW is down, removing from routing group
    Jul 17 10:00:02 php: : MONITOR: WelcomeGW is down, removing from routing group
    Jul 17 09:59:59 php: : Gateways status could not be determined, considering all as up/active.
    Jul 17 09:59:59 php: : MONITOR: FibraFWGW is down, removing from routing group
    Jul 17 09:59:59 php: : MONITOR: WelcomeGW is down, removing from routing group
    Jul 17 09:59:59 apinger: alarm canceled: FibraFWGW(8.8.8.8) *** down ***
    Jul 17 09:59:58 apinger: ALARM: FibraFWGW(8.8.8.8) *** down ***
    ...

    We have 2 different routers and providers (Welcome and Fastweb with fiber connectivity), and so it's impossible both providers have issues at same time.
    I noticed that when these errors appear the Internet connectivity is always up (I can perform a continuous ping without problem and no packet is lost!), but other connections are interrupted (remote desktop, teamviewer, vpn connections). I didn't find any solution  :(. Where is the problem? Have you any idea?

    Thanks to those who will help me  :)!



  • It may be that the gateway monitor, apinger, is too sensitive on your link and is resetting the states when it thinks there is a problem.  You can change this by going to System - Advanced - Miscellaneous - Gateway Monitoring - State Killing on Gateway Failure.



  • @KOM:

    It may be that the gateway monitor, apinger, is too sensitive on your link and is resetting the states when it thinks there is a problem.  You can change this by going to System - Advanced - Miscellaneous - Gateway Monitoring - State Killing on Gateway Failure.

    This option is not present in my pfSense version (2.0.1) as you can see in the attached picture (screen1).
    I tried to modify the apinger frequency probe in System -> Routing -> Gateways -> Edit. I set the values that you can see in the other attached file (screen2). If I understand well, the apinger module tries to ping an interface at certain time (the frequency probe value), but if it thinks there is a problem, it proceeds by resetting the states (and so I see the interface down).

    Is it right?






  • Yes, I believe that is correct.  Are you able to upgrade to current or is that a non-starter?



  • Ok, many thanks KOM!

    I can't perform an upgrade of pfSense to current version since the hardware machine is very old, and the next month all datacenter will be renewed  :). So, I don't want to risk an upgrade now  :-\ and simply I want to maintain the situation as it is…