Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Extreme Latency Resetting States Fixes Happening Every 30-90 Minutes

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      esoteric
      last edited by

      I have been just recently (last 24 hours) been having issues with my internet connection. I rebooted my firewall after upgrading and noticed that my connection improved. It was taking minutes for websites to load back to the few seconds it normally takes. After the firewall had been up for a few hours I noticed the problem happening again. I looked at my state table I only had about 80-90 of 10000, I decided to reset the state table and viola, my connection improved again. So I waited, and again my connection dropped to a crawl, I started another trace route to www.google.com for testing, each hop was taking about 1400-3300 ms, in the middle of the traceroute I reset the state table again, and the rest of the hops took only 10-20 ms. Just to be on the safe side, I waited until my connection slowed again and tested this theory again and it is the same behavoir each time.

      I am not sure what is going on here, this just started this morning (at least today is the first I have noticed it). I am pretty sure this hasn't been a problem for long, but nothing has changed. I upgraded pfsense today only after I originally saw this problem thinking it might help, but it hasn't. This is becoming a serious problem and I could use all the help I could get.

      I have noticed also that the state count doesn't necessary stay the same.

      Thank you for your time.

      -Erik

      Erik Kristensen (pfS Dev)
      –---------------------
      Programmer, Interface Design, Network Security, Computer Forensics
      Certs: GCFA, Sec+, SFCP, RHCT, CEH

      1 Reply Last reply Reply Quote 0
      • F
        foomanjee
        last edited by

        Try changing your Firewall Optimization to 'aggressive'.  This will expire states faster naturally.  Using aggressive does carry the chance of the firewall expiring states that are still in use, however the chances of this actually happening are slim to none.

        System > Advanced > Traffic Shaper and Firewall Advanced

        1 Reply Last reply Reply Quote 0
        • R
          rsw686
          last edited by

          Have a look at the states table and see if they are all originating from one LAN IP. I had an issue with some sort of DoS program on a machine that one morning started sending out thousands of requests to weather.com. Tied up the entire state table. I pulled that machine and all was back to normal.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.