OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of jzt308 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - jzt308

Pages: [1]
1
20.7 Legacy Series / Re: MultiWan and VLAN Firewall Rules
« on: November 24, 2020, 12:03:46 pm »
Hi,

I have the same issue (see my post: https://forum.opnsense.org/index.php?topic=20132.msg93151#msg93151). I now confirmed the issue is with enabling sticky sessions.
After a couple of  sessions (the amount seems to differ) using any connection to WAN/Internet is impossible. (until  you reset the source tracking table).
For now I disabled the sticky session tracking and all is working fine. I'm using some fw rules for sites that don't like the effect but this is not ideal.

2
20.7 Legacy Series / Timeouts on Opnsense 20.7.4 Hyper V 2016 Guest
« on: November 19, 2020, 07:02:39 pm »
Hi,

I've got the following setup. Hyper V 2016 Datacenter with a OPNsense 20.7.4 VM (gen2) running on it. It has 4 CPU and 6 GB ram, 120 GB disk.
5 Interfaces connected to 3 different Vswitches
- 2 WAN (to different internet providers)
- 1 DMZ (to  a virtual DMZ network)
- 1 Lan interface
- 2 Vlan interfaces (I map the interface to the VM  with the VLAN ID, so to OPNsense its just a different network no VLAN mapping is done inside OPNsense)

In my DMZ there is 1 Pihole DNS that does the resolving using Quad Nine DNS servers.

It's a locked down network with a couple of rules and IDS active and configured. I have no problems using the interner/routing the traffic. However after a while (the times differ) I receive timeouts connecting to the internet.

The OPNsense shows no issues with the gateway availability. And while unable to browse  the internet I am able to resolve DNS (so from Vlan > OPNsense > DMZ/Pihole > Opnsense > LB WAN) and run a successful tracert and ping. However opening the site returns a ERR_CONNECTION_TIMED_OUT (doesn't matter what site it is).

CPU load on the OPNsense box doesn't exceed  50% under load and consumed memory is usually  at 18% with IPS  loaded,  when loading rules tot memory it might hit 60%).

I have had this issue on different devices on different networks (so on the VLANS as well as on the native LAN). I already did several installs of OPNsense. On gen 2 VMs as well as on Gen 1 but I always run into this problem at some point.

I really like to migrate away from my  current sophos XG firewall (same setup on network adapter side) but this prevents me. The Sophos firewall (also running on the same Hyper V host) doesn't have this problem.

I already tried resetting the states but this doesn't help. However I noticed when resetting the source tracking table that seems to help.

I checked all the OPNsense logs on my machine but see no errors. Only a couple of messages on  the console (see attachment). I also attached a printscreen of how I created my rules. What am I missing/did I misconfigure?

thnx.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2