Lorenz Helleis wrote:
> Do the machines generating the traffic have multiple
paths?
>
> The only time I've really seen pf have problems with
sessions is when
> the devices send and receive traffic via different
paths or multiple
> paths (i.e. traffic comes in via firewall01 but goes
out firewall02 and
> firewall01 and firewall02 do not implement pfsync).
>
> Regards,
>
> Chris
>
>
> I have 2 firewalls , and they were working very good
until yesterday... I implemente pfsync in the firewalls...
>
> I think i need to optimize the rules , like increase
the tables.. or something like this....
>
> did you increase this values on your firewall ?
>
> Tell me about your firewall...
>
> Lorenz.
>
Please correct me if I'm reading this incorrectly. But it
sounds like
you're saying the firewalls worked fine until you
implemented pfsync, is
this correct?
If so try backing out of that to isolate that change and
confirm this.
I've seen pfsync packets either by lost of "slow"
in synchronizing with
the other firewall and as a result state mismatching
occurring on the
secondary firewall (if both are active - i.e. arp balance).
If you're
using that try disabling it and see if there is an
improvement.
Also, have you made any modifications to sysctl.conf and
loader.conf? If
so please post them here.
Regards,
Chris
_______________________________________________
freebsd-pf freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
