Ive been using pfsense for a while now and my 2.6.0-RELEASE (amd64) running on a pc I built (originally for mining) which has 32GB of ram and 1 TB m.2 drive loses the internet about every 8 days. The only thing that seems to make it work again is to release and renew its outside IP address with Verizon FIOS. Which i find to be odd because when I get into pfsense, it still has its ip from VZ. When I hit renew it gets the same IP Address and the internet is happy for another 8 days.
I have the monitor set to 220.127.116.11 and I originally thought it was snort blocking traffic so I turned it off.
I recently saw someone on another forum do this, so I just set pfsense up with these settings:
System / Routing / Gateways / Edit (WAN_DHCP) Expand Advanced I doubled any default they had in there. Example: Latency thresholds: Default is 200/500, mine is now 500/1000 Packet Loss Thresholds: Default 10/20, mine is even a bit higher 50/100 Loss Interval: Default is 2000, mine is 4000 Time Period: Default is 60000, mine is 12000 Alert interval: Default is 1000, mine is 2000
Oddly enough, I am in IT and I am a Network Engineer and this is quite baffling.
Im using a combination of 2 nics, one is on the motherboard and the other is a Intel 82575/82576 Two Ports LAN NIC Card. I have gigabit from VZ, and I have set the nic port on the wan connection to Gig full.
Any ideas? I wont know if these threshold settings will take care of this for another 7 days or so.
I’m curious if the expanded latency thresholds have any effect, do let us know.
Unfortunately, I have a feeling this is just a Verizon issue. I have Comcast and occasionally have latency issues, but they rarely cause me to lose connectivity. Also, every once in a while Comcast will push a firmware update to the cable modem or make a local network config change which requires a modem reboot or DHCP renewal request from pfsense.
As a hack you could set up a cron job in pfsense to send a DHCP renewal request every week or so. But the most robust solution (if money were no object) might be to upgrade to business class internet service, where minimal downtime is guaranteed.
Ive both disabled and re-enabled gateway monitoring. I just re-enabled it after changing the thresholds.
As far as a cron job is concerned, Im ok with that but at the same time a firewall shouldnt ranomly lose its wan connection. I got rid of my Ubiquiti USG for pfsense as Im also on the security team and wanted to play with snort and pfblocker, which I dumped Pi-hole for.
My firewall does not lose connection like this, yours should be rock solid too. I would look at the hardware. Even my old HP T620+ with an old intel card is solid, or was until we switched to T Mobile, I need to get back after it and fix things (dropped packets and latency marks it down).
What manufacturer and model NIC is being used?
Are you going through the VZ gateway or an SFP directly in a NIC card?
I bought a new NIC, I upgraded from an intel 82575 to an Intel i350.
I created an untagged vlan on my switch consisting of 2 ports, one from the ONT and one from the wan port on the pfsense. Im plugged directly into the ONT via Ethernet.
I went through the bios to make sure things that should be off are.
I upgraded to 2.7.
I turned off/on snort.
I just checked the box for disable gateway monitoring.
I used to have this problem and traced it to IPv6. The IPv6 Prefix Delegation lease expires and isn’t refreshed. End devices seem to lose connectivity when this happens … every week. Not saying this is the case for you, but I had that experience with PFsense and IPv6 DHCP6 PD.