Tuesday, October 15, 2013

Gateway Status Monitoring on a pfSense

pfSense is an excellent router/gateway/proxy/content filter.  It's not so hot at proactively alerting you if there is a problem.  Nobody has time to stand over their pfSense Webmin Interface and monitor gateway statuses, but it is important to know if a member is down.  An online uptime monitor can solve the problem.

The pfSense is capable of emailing you with notifications of a failed WAN connection, but that presents a chicken and egg problem - how is it supposed to notify you with email if the Internet connection has failed?  The solution that I am currently trying is using uptimerobot.com to ping the public IP of each WAN interface and send me an email if it is down and another once the service is reestablished.

Here are my settings if you want to try it:

  1. Create an account at http://www.uptimerobot.com and set up your notification options.
  2. Log into your pfSense and create a pass rule for each WAN (or Internet-facing Opt) interface for protocol ICMP, source any, destination "WAN IP Address" / "OPT1-IP-Adress" then apply those changes.  See the image that accompanies this post for more details.
  3. Using an Internet-connected remote host ping each of your public IP's and verify that they are visible to the outside world.
  4. Add your public IP's to uptimerobot.com using the +Add Monitor dialog
If anybody knows of a better way I'm all ears - this is a feature that has been requested repeatedly but hasn't ever been implemented.  The hot setup would be an audible alarm upon link failure as well as internal Growl notifications of gateway up/gateway down.


Anonymous said...

step 1 for PFSense box setup mail notifications to a gmail address
step 2 download mail report pkg

step 3 setup email reports to send emails with a simple trace route command

traceroute -m3


Justin said...

This runs face first into the chicken and egg problem of notification via the Internet: if your pfSense isn't connected to the Internet, how will it notify you? This seems like a solution to a different problem.

Anonymous said...

I like the answer Anonymous gave. It helps me, because I have more than one internet connection.