Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Telnet timeout

    Firewalling
    2
    2
    698
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hoodgardner
      last edited by

      Hi,

      I am running version 2.2.5-RELEASE on a NetGate C2758.

      My original gateway is a Cisco 3660 with a 3Mbps MPLS connection to our other offices and 3Mbps (2xT1) to the Internet behind a PIX 515e and public router.

      The pfSense box is connected to the LAN and 3x 100 Mbps Cable GWs.

      I switched everyone's default GW to the pfsense box (DHCP change), but was forced to add a static route to all of the hosts, so they could reach the networks past the Cisco (critical that that works). This was due to the fact that we have a telnet-based application everyone must reach via a network connected to the Cisco. However telnet connections dropped very quickly when just pfsense was passing the traffic. I had reports of anywhere from a few seconds to a max of 10 minutes, even during activity (not just idle sessions).

      When the static route is applied directly on the Windows PCs there is NO issue. Unfortunately, that is not a viable solution as there are other network devices not capable of using static routes that also must reach the 192.168.20.0 network reliably. Regardless, I'd like it to work as expected on the pfsense side versus a per-host workaround.

      I have read posts on this issue on this forum and while Googling. The only recommendation I have seen is to set the advanced firewall setting optimization to "conservative". I tried this. NO change.

      Also, in the advanced options of the firewall rule that is permitting the LAN traffic to reach the Cisco, I changed the State Timeout to 14400 seconds (2 hours). NO change.

      Any suggestions would be appreciated.

      As a side note, I believe this is also causing internal problems with access to our company FTP site. Our Product Technical Support team reports FTP connectivity problems when the static route isn't present. They are getting a control connection on port 21, but no PASV port traffic will flow.

      I have attached a simplified diagram of the network layout for reference.

      If any additional information would be of use, please let me know and I will add it to the this post.

      Thanks.

      ![Basic diagram_001.png](/public/imported_attachments/1/Basic diagram_001.png)
      ![Basic diagram_001.png_thumb](/public/imported_attachments/1/Basic diagram_001.png_thumb)

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        So you have the old gateway (PIX) still attached? Judging from your network diagram, I assume your Cisco has been configured to use VLANs. Have you checked the routing table on the Cisco to see if it's set to route your default traffic through the new gateway?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.