New Rules Performance

Started by Nephiria, March 24, 2026, 10:27:46 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 24, 2026, 10:27:46 AM Last Edit: March 24, 2026, 10:30:35 AM by Nephiria
Hi everyone,

Since I now have to adjust a lot of rules after migrating the firewall rules,
I've noticed that with the new rules, it always takes a very long time for the settings to be applied to the system. After making a change, I always have to wait about 10+ seconds per rule before I can make any further changes.
I didn't have this problem with the old rules; if I changed something, it was more or less immediately possible to edit another rule, etc.
Will anything be done to improve the performance? Because as it is, it's very unsatisfactory in that regard.
My OPNsense is running on the following hardware, which is actually more or less underutilized; on the contrary, I don't have a heavy load on it.

Intel(R) Celeron(R) N5105 @ 2.00GHz (4 cores, 4 threads) (approx. 2-5% usage, occasionally a short-term 30% spike)
16 GB RAM: 10% usage
SSD Disk: 3% usage

Many thanks and for your feedback
March 24, 2026, 03:59:14 PM #1
Quote from: Nephiria on March 24, 2026, 10:27:46 AMAfter making a change, I always have to wait about 10+ seconds per rule before I can make any further changes.

Also N5105 here.  The new UI is definitely slower to load (especially on first landing due to the default 'any' view), but making rule changes is fine.  I haven't noticed this extreme of a slow down.

How many rules are we talking about?  I'm only sitting at 87 according to the UI.
N5105 | 8/250GB | 4xi226-V | Community

https://www.youtube.com/watch?v=XI9NG068TwI
March 25, 2026, 10:43:17 AM #2 Last Edit: March 25, 2026, 10:50:14 AM by Nephiria
I have around 200 rules configured.
I have several services running.
But CPU or RAM usage isn't the problem.

As mentioned, the CPU is mostly idle until the occasional 30% spike occurs.
The issue with the waiting time arises after editing each rule.

I find the performance very poor in this regard; it definitely needs improvement. The number of rules hasn't changed significantly compared to my old firewall rule system, at least not for me.

Update: Okay, I found the problem on my end, even though I hadn't changed anything. If I connect directly via IP without going through DNS and reverse proxy, then it seems to run smoothly. Although, it wasn't a problem before with the reverse proxy configuration, which is really strange. I'll experiment a bit with the reverse proxy settings on the Opnsense site.
March 25, 2026, 10:45:27 AM #3
Not sure what the goalpost is here without reliable metrics regarding API calls... we have customers with thousands of rules in the new GUI because they couldn't use the old GUI due to taking minutes to load and here we talk about 200 rules and unbearable delays?


Cheers,
Franco
Print
Go Up Pages1
User actions