Pfsense Router Issues Cause Internet Outage

John Scanlan

•Jun 13, 2018

IPVM • IPVMU Certified

The router for one of our test networks is a small Protecli FW108120 / pfSense.

The setup and configuration are pretty simple:

WAN port set to DHCP & connected to ISP's modem
1 LAN port connected to a PoE switch
~10 devices connected via the PoE switch
pfSense is the DHCP server
VPN is setup for remote access / management
~10 port forwarding rules for the devices on the network

After adding a port forwarding rule for a new vulnerable camera, we noticed immediate intermittent connectivity issues with the router, then no WAN connectivity at all.

I quickly found that others online reported that the default state table (which records activity of current incoming/outcoming traffic) is too low causing, causing the router to lock up. Changing the max table to 500,000 fixed things, after more than an hour of outage.

Has anyone else seen similar issues with pfSense or other routers using overly conservative values which do more harm than good? Is anyone using pfSense in surveillance and have other issues/pitfalls/tips?

Reactions:

Walter Holm

•Jun 14, 2018

IPVMU Certified

I run these in virtual all the time, increasing the connection count should only affect the memory usage if the connections are actually in use. I have heard some issues with the smaller devices but you can check that out in the pfSense community.

It's a great device though for running two for redundancy. You can run them in more complex environments as well. They are easy to backup, rebuild and restore and the nice thing about them is you can make them for free (software-wise) and then escalate to a support model if you need to.

Reactions:

(1)

(3)

Undisclosed

•Jun 14, 2018

I would have said you're not supposed to have zillions of connections requiring a state table that large. Doesn't that imply you have thousands of incoming tcp connections to that device? How's that ok?

Reactions: