Netgate SG-1000 microFirewall

Author Topic: Config validation very slow with 7000+ NATs  (Read 87 times)

0 Members and 1 Guest are viewing this topic.

Offline slatt

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Config validation very slow with 7000+ NATs
« on: February 27, 2018, 10:04:05 am »
I have a pfSense VM (2.4.2) running on 4 Xeon E5-2630 cores and 6 GiB of RAM. The firewall works well most of the time, config changes take 1 or 2 seconds.
However, when I add 7000 NATs, the Web UI becomes really slow every time I change something. php-fpm is using 100% CPU for about a minute and the Web UI is unresponsive, even though I increased the max number of processes.

I understand that this is due to the config being validated or cached and my CPU may not have amazing performance in single threaded mode but still, can't we do anything about this?
It would still be acceptable if the problem occured only when I edit NATs but editing any part of the config takes at least one minute.

Please let me know if I should open an issue in the tracker.
« Last Edit: February 28, 2018, 04:48:23 am by slatt »

Offline KOM

  • Hero Member
  • *****
  • Posts: 5674
  • Karma: +696/-23
    • View Profile
Re: Config validation very slow with 7000+ NATs
« Reply #1 on: February 28, 2018, 08:01:18 am »
Open a ticket.  I don't know if anyone outside of Netgate would have experience with that many NATs.