Issue with pfsense and juniper
-
I am having a very odd issue
for about a year, we had a pfsense box connected to a switch that was trunked to a distribution switch connected to a cisco router (in bridge mode)
For devices connected to a private vlan (shared across all of the switches), the connectivity worked as desired, i.e
device <- private vlan -> some switch <- trunked -> some switch <-> pfsense and outbound similar.
A couple of weeks ago, we got a juniper router instead of the cisco and from pfsense, I can ping the devices on each end, but my bridge no longer connects the devices, I can "ping" through pfsense to devices on the same network, but I can not get to the juniper gateway when traversing through more than the initial switch on either side (I can ping the gateway from pfsense). Yes, if I am at a device on the first switch (that pfsense is connected to, it works, if I move to another trunked switch with the same vlans, it fails).
Any ideas?
Thanks much!
edit to add: we have a sonicwall in the exact same configuration for a different network that continues to work, only the pfsense box "broke".
-
Sounds like there could be a packet size MTU problem on one of the VLANed connections.
Try ping to each device on the way out with bigger and bigger lengths up to and over 1500 to make sure large packets and fragmented packets can get out and back. -
Tried that. Changed the MTU on the wan interface (as well, didn't take immediately in the gui either, had to force it from the shell).
Frustrated that the (older) sonicwall works fine in similar setup but pfsense fails. This leads me to believe (hope?) that a setting needs changed.
Still looking for suggestions!
Thanks all.