pfSense is probably the best open source firewall/router software package I have ever used. It’s packed full of professional feature sets and has a very polished and clean user interface (web based GUI). And its FREE. That’s right. It’s 100% free (you can buy a support agreement if you want to). pfSense will run on pretty much any hardware you like. An old PC or laptop, a data center class server, or even a purpose built appliance you can get from Amazon.

There’s a big support community and a very active forum that you can follow to get all kinds of useful tips and tricks, or troubleshoot a problem with your installation.  Which brings me to mine: pfSense not recovering after a WAN failure.

pfSense not Recovering after WAN failure

I’m running pfSense on a purpose built appliance I sell, available Amazon. It has a 2 Ghz J1900 (4 core) processor, 32GB mSATA drive, 4 GigE WAN/LAN ports. I upgraded mine to 8GB of RAM in order to run an in memory Squid cache, which seems to work really well.

I’ve been running this box on the latest version of pfSense for a few weeks now and I have to say I am very impressed. I have 3 VLANs all trunked on the LAN port (home network, guest network, and video surveillance network). I tested the throughput to a sustained 940Mb/s with full firewall in place using a network speed test tool (with all caching off).

There is one problem that has plagued me with this pfSense setup since day one. pfSense is not recovering from a failure of the WAN link. If my ONT (Frontier FiOS) goes off line, the router will drop packets like crazy until its rebooted. This is especially troublesome if it happens while I am not home, because remoting in to the router in this state is almost impossible (due to how slow it is). Unfortunately this is an occurrence that will happen all to regularly. Where I live it is common to lose power for a few minutes almost weekly. When this happens, the ONT drops WAN link, because its UPS will only keep phone service active (which we don’t even have).

When the power recovers the ONT brings Ethernet back on-line, but pfSense seems to get confused.  Packets will drop like crazy (roughly 50% packet loss) until I reboot the router.  This has been talked about in the forums on many posts, but no one seems to be able to find a fix for it.

The pfSense WAN Recovery Workaround

The good news is there is a workaround for pfSense not recovering from a WAN link failure that I can attest to works. The solution also comes with some additional benefits, which sort of makes is less frustrating that it does’t just work right. The workaround is to place a switch between the pfSense box and the FiOS ONT (follow link for a full article). You can either do this with a desktop class switch, or you can carve out a “WAN VLAN” if you have a managed switch.

This works, because the switch is also on the UPS with the pfSense box.  When the ONT goes off-line during a power outage the pfSense box will not lose link because it is plugged in to a the switch. The switch port the ONT is on will lose link, but your pfSense box will be completely unaware of this.  When the ONT comes back on line everything will continue working as normal!

Looking for an Awesome Firewall Appliance?

Check out the WANBOX! It’s a custom built appliance designed specifically for running pfSense, OpenSense, Untangle, and other open source firewall packages!

The WANBOX is available on Amazon Prime.  You can learn more about it on the WANBOX page.