Netgate SG-1000 microFirewall

Author Topic: Suricata ~ Updates Killing Network Connections  (Read 622 times)

0 Members and 1 Guest are viewing this topic.

Offline Teken

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +0/-0
    • View Profile
Re: Suricata ~ Updates Killing Network Connections
« Reply #15 on: January 22, 2018, 11:05:38 am »
Hello Bill,

When the system is updating all networking is halted specifically anything to do with WiFi. If I'm watching Netflix on my LG smart TV the only way to restore the connection is to cycle power to the TV. This same behavior is seen on two smart weather stations I am beta testing.

On those specific devices I can see the hubs showing a red LED.

A red LED indicates on those specific pieces of hardware that the hub is not able to connect to the WiFi network / communicate to the weather servers.

The only remedy is to cycle power to those two hubs to establish a WiFi connection. Since I started this thread this problem has not reappeared due to the fact I have pushed the Suricata update to 29 days etc.

Any further insight is greatly appreciated!

Offline bmeeks

  • Hero Member
  • *****
  • Posts: 3295
  • Karma: +862/-0
    • View Profile
Re: Suricata ~ Updates Killing Network Connections
« Reply #16 on: January 22, 2018, 11:15:47 am »
More insight is going to take some additional info from logs and recreating the event more often than every 29 days.

If you are game, change the interval back to every 6 or 12 hours and change the time for the update to coincide with a period when you are available to login to the firewall and see what's happening and grab some log info during the issue.  Specifically I need to see the system log entries during the time the loss of connectivity is happening along with your suricata.log file for the interface.

The system log for pfSense is under STATUS >> SYSTEM LOGS.  You can find the Suricata log I need under the LOGS VIEW tab and then select the suricata.log file in the drop-down selector.  The system log will likely contain the most relevant info.  Just remember to capture the info during the time the connectivity problem is happening.  Feel free to obfuscate IP addresses if you want to.

Bill

Offline Teken

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +0/-0
    • View Profile
Re: Suricata ~ Updates Killing Network Connections
« Reply #17 on: February 10, 2018, 05:18:05 pm »
More insight is going to take some additional info from logs and recreating the event more often than every 29 days.

If you are game, change the interval back to every 6 or 12 hours and change the time for the update to coincide with a period when you are available to login to the firewall and see what's happening and grab some log info during the issue.  Specifically I need to see the system log entries during the time the loss of connectivity is happening along with your suricata.log file for the interface.

The system log for pfSense is under STATUS >> SYSTEM LOGS.  You can find the Suricata log I need under the LOGS VIEW tab and then select the suricata.log file in the drop-down selector.  The system log will likely contain the most relevant info.  Just remember to capture the info during the time the connectivity problem is happening.  Feel free to obfuscate IP addresses if you want to.

Bill

Hi Bill,

Apologies for the tardy reply I've been on the road for work for several weeks. Upon my return I shall follow your suggestions and it should be noted since moving the update interval to 29 days. Nothing bad has happen to any network appliance in the home. Since my last reply that very much affirms this issue is directly related to the update.

Thank You!