Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - jzt308

Pages1
#1
20.7 Legacy Series / Re: MultiWan and VLAN Firewall Rules
November 24, 2020, 12:03:46 PM
Hi,

I have the same issue (see my post: https://forum.opnsense.org/index.php?topic=20132.msg93151#msg93151). I now confirmed the issue is with enabling sticky sessions.
After a couple of  sessions (the amount seems to differ) using any connection to WAN/Internet is impossible. (until  you reset the source tracking table).
For now I disabled the sticky session tracking and all is working fine. I'm using some fw rules for sites that don't like the effect but this is not ideal.
#2
20.7 Legacy Series / Timeouts on Opnsense 20.7.4 Hyper V 2016 Guest
November 19, 2020, 07:02:39 PM
Hi,

I've got the following setup. Hyper V 2016 Datacenter with a OPNsense 20.7.4 VM (gen2) running on it. It has 4 CPU and 6 GB ram, 120 GB disk.
5 Interfaces connected to 3 different Vswitches
- 2 WAN (to different internet providers)
- 1 DMZ (to  a virtual DMZ network)
- 1 Lan interface
- 2 Vlan interfaces (I map the interface to the VM  with the VLAN ID, so to OPNsense its just a different network no VLAN mapping is done inside OPNsense)

In my DMZ there is 1 Pihole DNS that does the resolving using Quad Nine DNS servers.

It's a locked down network with a couple of rules and IDS active and configured. I have no problems using the interner/routing the traffic. However after a while (the times differ) I receive timeouts connecting to the internet.

The OPNsense shows no issues with the gateway availability. And while unable to browse  the internet I am able to resolve DNS (so from Vlan > OPNsense > DMZ/Pihole > Opnsense > LB WAN) and run a successful tracert and ping. However opening the site returns a ERR_CONNECTION_TIMED_OUT (doesn't matter what site it is).

CPU load on the OPNsense box doesn't exceed  50% under load and consumed memory is usually  at 18% with IPS  loaded,  when loading rules tot memory it might hit 60%).

I have had this issue on different devices on different networks (so on the VLANS as well as on the native LAN). I already did several installs of OPNsense. On gen 2 VMs as well as on Gen 1 but I always run into this problem at some point.

I really like to migrate away from my  current sophos XG firewall (same setup on network adapter side) but this prevents me. The Sophos firewall (also running on the same Hyper V host) doesn't have this problem.

I already tried resetting the states but this doesn't help. However I noticed when resetting the source tracking table that seems to help.

I checked all the OPNsense logs on my machine but see no errors. Only a couple of messages on  the console (see attachment). I also attached a printscreen of how I created my rules. What am I missing/did I misconfigure?

thnx.
Pages1