Messages

Hi,

I work in a school, and we have ~700 iPad and ~300 computers in the network. The Firewall specs are:

Intel Xeon E5-2620 v2
16 GB RAM
Dual Nic Intel Gigabit IT-350-T2
Samsung SSD 750 EVO 250GB

The Internet line is a 300/300MB FTTH and the net schema is:

ISP router ------ OPNSense Firewall ------- LAN Network

Since a while, I've having a lot of performance troubles in specific moments of the day. 95% of time everything works great but sometimes is like the network is overloaded and the web navigation become really slow. For example, everday at 9:15 (when the classes start and everybody begin to work) it happens. Sometimes for a few minutes, sometimes for an entire hour, and is impossible to work in that condition.

As I said, I've been months with this troubles and I tested some things I thought were the cause of the problem. I finally discard this (maybe I'm wrong):

1) Is not a proxy performance problem. I have it in transparanent mode with NO SSL. If I disable it, the problem continues.
2) Is not a DNS problem. I tried with DNS Resolver, DNS Forwarder, with default config, the problem continues.
3) Is not an ISP problem. When the network is "overloaded", if I conect my computer directly to the ISP router, the navigation speed is great while in the LAN network is really crappy.
4) Is not coming from a particular area of the school. I try to unplug every single cable in the main switch and anything change. (If I unplug all of them at the same time, the navigation in my computer is great).
5) Is not a ISP throughput problem. The FTTH line is 300/300. When the network is "overloaded", the traffic graph usually shows no more 50-100MB. In other moments, when the network works fine, I can reach 300MB without any issues.

Last thing I did is replace in the firewall the HDD by an SSD, and install the last version of OPNSense from scratch, and nothing change.

I'm very lost and I don't know how to debug the problem. I don't know what to look and how to do it to find the cause of the problem. How can I discard that is a Firewall related problem?

Thanks in advance.

P.S: Sorry for my english, I need the help of Google Translator many times.

Apparently was a server issue, now works perfectly.

Thanks for the support!

Can you check the settings for managing the limits (bandwidth, max upload limit etc.)

Hi,

The limits are disabled. I tried with proxy in transparent and no transparent (manual configuration) mode with same result.

EDIT: The error is 500 "Internal Server Error". As I said, if I disable the proxy server, there is no error.

Hi, I'm using the web proxy to content filter in my school and it works fine, but now I have a problem.

We use Joomla for the centre website. When the proxy is on, I can access to the website normally and to the administrator backpanel BUT I can't upload images or modify/add any articles. When I press the send button, the page start to wait and ends with a timeout. If I turn off the proxy, everythings works ok. I don't see nothing in the OPNSense proxy menu, tried to add the domain to the whitelist section but nothing change. Also, I don't see any related block in access.log.

Thanks in advance.

Your best bet is Intrusion Detection with a bespoke rule. Documentation for Suricata rules is here: http://suricata.readthedocs.io/en/latest/rules/intro.html

Bart...

Hi, thanks for the help. I've never used IDS and i'm quite  lost. How can I made the rule for blocking Betternet App, and, specifically, how can I do that on OPNSense?

Hi,

How can I block the traffic for apps that can't be blocked by destination IP (because are unknown and too many) or port (they use standard ports)? For example, my clients are using the Betternet VPN app wich make the bypass of the OPNSense proxy extremly easily.

Thanks

Maybe you are using a cache on a really slow HDD which can cause this issue. Try to use only the RAM for the proxy. That's the only idea I have for now. SSL-Intercept costs a lot of CPU power but I am not sure if you have it enabled.

Kind regards

Fabian

Thanks for the reply.

SSL is not enabled and the HDD is a WD Red. In pfSense I had Cache Size value in 0 to disable the caching function and it didn't solve the performance problem. I'll try the RAM option in OPNSense as soon I can (I thought about replacing the HDD with an SSD but the server is in production and is not easy to performing tests on it).

The strange thing when the problem appears is that the server does not seems specially overloaded. The load of the system is not high(<1.00), the CPU usage is really low, there is a lot of free RAM and the throughtput is low too. The only reason I'm sure it's a network load problem related to the proxy is because the navigation become really slow when the classes starts in the morning (and the students begin to use their iPads) and remain unstable along the day. I talk about 10 seconds to load any website, timeouts erros, many refresh attempts... When the students finish the school (and only a part of computers and iPads still working), the navigation speed come back to normal. And if I disable the proxy, there is no problem at all in any moment.

In any case, How can I disable cache function in OPNSense, since I only want it as a web content filter? And if anyone know how tuning the system for increase the Squid performance in a network with a lot of concurrent users, please tell me! :D

Hi,

I have a big network in a school with ~1000 devices (iPads and computers). The gateway is a Xeon E5-2620v2 with 16gb RAM and Intel PRO/1000 PT Dual Nic. I think the hardware is ok for that network.

The OS is OPNSense 16.7.6 and we use it as a Firewall, DHCP for VLANs and DNS Resolver (to force Google Safesearch only). With that configuration, everything works fine.

The problem comes when I activate the proxy module (I tried with and without transparent mode, only need content filter function): the navigation speed turns very slow in some moments of the day (depending of the load of the network) and I have to turn it off because its impossible to work. Months ago I had the same problem with pfSense, so I think is a Squid related problem. There is any advanced tunning for a big network with lots connections in Squid to solve this performance problems?

Thanks in advance.