Firewalla Blue needs reboot regularly

Comments

32 comments

  • Avatar
    Firewalla

    When the devices stopped working, does it happen for a short duration? say 5 min? then come back? if it is, then your blue is rebooting;

    If the duration is forever (or looks like it).  Try to do this on a PC/MAC

    1. ping [your gateway]

    2. ping firewalla.com

    3. nslookup firewalla.com

    4. dig @1.1.1.1 firewalla.com

    See which one is blocking.  Usually what we see is (3) DNS lookup fails is your default DNS server.  

    0
    Comment actions Permalink
  • Avatar
    Steve M

    I've had the very same problem with my Firewalla Blue but I do not have the DNS mode activated.  It is causing complete loss of internet access for all networked devices.  This happens once a day at least and sometimes several times a day.  It's causing havoc with my entire office operations cutting me off from my VOIP service and cloud based office collaboration tools.  I've had to reboot the Firewalla and Verizon FiOS router which resolves the issue temporarily but it reoccurs within a day or so.  When the problem happens pings to outside our network fail.  I finally unplugged the Firewalla and stopped using.  If you have a fix in mind, I might consider plugging it back in.     

    2
    Comment actions Permalink
  • Avatar
    Mark Harbord

    Interesting! I've been having the same problem with my Blue too. It will work fine for a few days, then internet connectivity drops and it requires a reboot (of the Firewalla) to get everything back up and running.

    Yesterday, the wifi devices were still connected to wifi, but couldn't get to the internet. The wired devices still functioned as normal though. (also the android app couldn't contact the Firewalla to force a reboot).

    Next time it happens i'll see if i have time to run through the ping tests above before I pull the power and then report back.

    Otherwise i'm going to have to schedule a reboot overnight every couple of days!

    (Blue, simple mode, BT hub 5)

    EDIT: Looking at the graphs, it appears mine works for 6 days each time, then requires a reboot. I'll update next week!

     

    1
    Comment actions Permalink
  • Avatar
    Steve M

    I finally unplugged mine and have stopped using it.  I cannot run my business on a network that looses internet access intermittently with no warning.  Rebooting daily is an unacceptable solution for us.  Its a shame.  The device was / is very attractive with a remarkably simply GUI and rich features were are easy to navigate.  I'm wondering if the issue is the inexpensive infrastructure (HW) or a coding problem. Either way, we don't have time to wait around to find out.  :(

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    Hi Steve

    Sorry about the bad experience, I have created a ticket and see if we can help you by looking at the unit remotely.  

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Mark @Steve.  and if others run into the issue, it's best to do the following

    1. ping 1.1.1.1

    2. nslookup firewalla.com

    3. ping [your gateway]

    This will tell if the internet is down, DNS is down, or your router is down.   It will help us to find the problems.

    0
    Comment actions Permalink
  • Avatar
    Pedro Gelabert

    I've experienced the same issue Steve and Mark describe. I, too, have Verizon, using their G1100 router. It was worse when I first started using Firewalla Blue. It was so bad I disconnected Firewalla and put it away in a drawer for about 6 months. I then limited the monitoring to our personal devices (12) since I have 70 devices connected to our network. After I did that, Firewalla started behaving a little better, but I experience dropouts from certain devices throughout the day, devices that are not even monitored. Often our monitored devices will lose their internet connection and sometimes the WiFi gets cut off completely. I have to disconnect Firewalla and reboot the router to return everything to normal. I figured this was part of the beta firmware and beta app, so I dropped out of the beta program from both and it is getting better. Disconnects from time to time are still being experienced, though. This behavior is what prevented me from getting the gold box.

    0
    Comment actions Permalink
  • Avatar
    Pedro Gelabert

    In a period of less than 12 hours I've had to disconnect Firewalla and reboot the router to get my WifFi back on. Unacceptable. Sich a shame since I will lose all the protection Firewalla affords, but not have internet at all?? I switched to Experimental Simple Mode to see if it would alleviate the problem.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    The best way to resolve this is to send help@firewalla.com an email, but before that here are some general tips that may help

    Basic Checks

    1. Check the physical connections.  This includes cable and also ports on the router.  We have seen cases when bad ethernet cable, bad power cables, loose connections, or bad ports ...   Make sure you use the right power supply. 

    2. Update your router's firmware.   We have seen this as well.  This is true if you use customized *WRT routers ...

    3. If you have networking devices such as "satellites", or "extenders", or routers behind your main router, make sure they are not monitored.

    4. If you have virtual devices created from the router (example, ATT 5268 will create a virtual device 5268, and netgear will create a device to do file sharing), make sure these devices are not getting monitored. 

    Diagnostics when network is down

    Try to execute these commands on a PC/MAC

    ping 1.1.1.1  (if this fails, it means your network/layer 3 is down)

    nslookup firewalla.com  (if this fails, it means the DNS server is down somewhere)

    ping <gateway>. (if this fails, it means the router is dead)

     

    Reboots or intermittent problems

    Double-check if you are using P2P software.  If you do, and using the red/blue, make sure you put a limit on the number of flows in the p2p software.  Otherwise, firewalla may reboot to protect itself from overload.

     

    0
    Comment actions Permalink
  • Avatar
    Pedro Gelabert

    I had to indefinitely shut down my Firewalla. Thanks for the tips. Experimental Simple Mode didn't work either. In less than 9 hours my network was completely strangled again. No WiFi, no way to get a hold of Firewalla or my router.

    1. All the physical connections work great. Without Firewalla my network operates without hitches.
    2. My Verizon Router's firmware is up to date
    3. I have two routers serving as bridges but they are not being monitored
    4. No virtual devices being monitored, only personal devices

    I will be putting my Firewalla in my drawner until the software/firmware gets better. I am sad I will have to go on with the protection it supposedly offers.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @pedro, were you able to see if the problem when your network is dead, was it problem with internet connection, DNS or the router?

    "

    Diagnostics when network is down

    Try to execute these commands on a PC/MAC

    ping 1.1.1.1  (if this fails, it means your network/layer 3 is down)

    nslookup firewalla.com  (if this fails, it means the DNS server is down somewhere)

    ping <gateway>. (if this fails, it means the router is dead)"

     

     

    0
    Comment actions Permalink
  • Avatar
    Pedro Gelabert

    @Firewalla

    I didn't try your suggested methods. If I plug in Firewalla again I will keep that in mind. All I can say is that I wasn't able to reach my router or Firewalla connected to my WiFi. However, I was able to reach Firewalla through my cellular network connection and shut it down, and reach my router through my cellular connection and also reboot it that way. 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    If you can reach the router and firewalla remotely, it means your WIFI is gone for some reason.  (Firewalla uses Ethernet)

    0
    Comment actions Permalink
  • Avatar
    Pedro Gelabert

    @Firewalla

    Yes, the WiFi gets completely cut off. It has happened though, where my ethernet has been cut off too. I have two computers connected via ethernet and sometimes they have lost their connection and can only connect via WiFi. Ever since I unplugged Firewalla my network has not had any issues. 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Do test out the diagnostics steps from the previous post.  It will tell if the problem is DNS, your router or the internet/WAN.

    0
    Comment actions Permalink
  • Avatar
    Mark Harbord

    Hi all.

    Just thought i would update this thread as it's been a couple of months now.

    My Blue has been totally stable for a while now. I did 2 things:

    Firstly I downloaded and flashed the latest build onto it. Not sure if there was something with the existing installed build, but I figured it wouldn't hurt.

    Secondly, I replaced the power supply with the beefiest one I had lying around - I used an iPad charger.

    Between these two changes it's really made the Blue a solid and useful device now. The only downtime i've had was due to a failed ISP router (i've also gone from a BT Homehub 5 to a BT Smarthub, but the Firewalla was solid before that - still working in simple mode).

    All in all it's become a fit and forget device now, and i only ever look at it when I get an alert.

    Hope this helps those who were/are having troubles.

    M

    0
    Comment actions Permalink
  • Avatar
    Blake Mead

    I'm currently having the same issue I've had the Blue installed for about 2 months now and it just started with the exact same issue where all the devices are simultaneously taken offline but as soon as the blue is removed from the equation they system works fine? Currently running Box Version 1.97 and am using the Beta version of the app. Any help would be greatly appreciated!  

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Blake

    When the problems happen, does it happen to all devices? or certain pages?  If it is just certain sites, please see this https://help.firewalla.com/hc/en-us/articles/360050255274-Can-t-Access-Certain-Site-Find-out-Why-and-What-to-Do 

    If all the traffic are blocked, does it happen immediately? or after a while?  did anything change on your network recently?  If you are using a mesh, you need to turn off monitoring on the satellites. 

    0
    Comment actions Permalink
  • Avatar
    Blake Mead

    @Firewalla when the issue arises it happens to the entire network and inbound or outbound traffic. That being said it will come back after a minute or so but with it being used for business any downtime is a detriment. I will try Marks' fix of trying to download the latest build to the microSD and upgrading the adapter but if that doesn't fix it I don't know what else to do other than remove it from the system until a fix has been implemented.   

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @blake, I just created a ticket for you.  We will to look.  If you are running in DHCP or Simple mode (more on the DHCP side), if the box reboots, you may be a temporary outage.  Need to see if it is the case.  

    Also, make sure you are powering the unit with our adapter or other adapters that can do 2AMP. 

    0
    Comment actions Permalink
  • Avatar
    Adrian De Luca

    I'm having a similar issue running Blue FW in Simple Mode with the latest firmware.  Router is CradlePoint AER1600 with Netgear Orbi for APs which have been excluded from monitoring.  Network regularly slows to a crawl.  Speedtests show high latency, zero download bandwidth, but normal upload speeds.  Will try the troubleshooting steps mentioned above, but if this doesn't get fixed soon then I'll have to put the FW back in the junk drawer.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Adrian, feel free to contact us help@firewalla.com

     

    0
    Comment actions Permalink
  • Avatar
    Ron Stams

    I have been having this very same issue for months now. Every day, I rebooted the Firewalla which allowed me to get through the day. Next day: rinse and repeat.

    Until 2 days ago. After a reboot of my CPE (Ziggo box, in bridge mode) reboots no longer helped. Physical link was ok, and also layer 2/3 seemed to work. Also, using the exact same devices on a different VLAN with the EXACT same settings (well, other than IP settings obviously, but same DNS and other settings) worked fine. One difference: that VLAN was not monitored by Firewalla...

    After an evening of mind-numbing testing and frustrations, I finally found what the problem is.... It's the monitoring feature of Firewalla. It's in Simple Mode and apparently this does not go well with my Ubiquiti setup. Which is weird as I didn't have compatibility issues in the beginning (Ubiquiti setup has not changed).

    I also tried the Expirimental Simple Mode, which immediately resulted in the same thing: complete loss of connectivity due to DNS resolving loss. Yes, DNS server is still reachable. Yes DNS server can still resolve, but only local devices. It does not even matter if I use Firewalla as DNS Server or my router, or even set DNS manually on my PC (a public DNS Server).

    If I can send any logs or otherwise aid in getting this issue resolved, I am more than happy to!

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Ron, did you try to see what is happening to your network when the problem occurs?  We have indicate these as a quick testing steps 

    1. ping 1.1.1.1

    2. nslookup firewalla.com

    3. ping [your gateway]

    This will tell if the internet is down, DNS is down, or your router is down.   It will help us to find the problems.

    --

    If you can also share how to network is laid out would be good.  What is is the main router, do you have access points or bridging devices ... 

    0
    Comment actions Permalink
  • Avatar
    Ron Stams

    Hi,

    Did all the tests, everything came back ok back then, except for the remote DNS. Internal DNS went fine, as long as I didn't use the firewalla DNS.

    I can now replicate the issue easily by switching monitoring on/off; the effect is instant. That is a change of behaviour, compared to the last couple of months; it then took +/- 24 hours for this issue to introduce itself.

    My setup:

    Ubiquiti USG router. Set up with 1 Internet (cable) 3 VLAN's:

    - Main VLAN

    - VLAN for Smart TV/Audio (with bandwidth limitation on it)

    - Guest VLAN

    Testing was easily done because I could switch to the TV VLAN constantly. This VLAN worked always. Setup between the Main and the TV VLAN is the Firewalla.

    Behind the USG, I have:

    - 2 Ubiquiti Access Points, serving all VLAN's

    - 2 Ubiquiti Managed Switches, serving all VLAN's

    - Firewalla Blue (main VLAN)

    This is all connected to the Ziggo box, which on itself is a router put in bridge mode. I don't use it; it is only used for bridging Copper to Cable (Coax). You could call it an NTU, if you like.

    Firewalla was in Simple Mode, currently in Experimental Simple Mode and running Pi-Hole.

    The issue always seemed DNS related; that's why I always thought it was due to the Pi-Hole install. I can remember the required reboots became necessary around the same time I installed Pi-Hole for the first time - I'm not 100% sure if it immediately started after the PH installation, though.

    The USG is configured (via the Cloudkey, locally installed as well) to forward DNS requests to Firewalla, DHCP ensures DNS is configured on the clients to point to the router - and only the router, to eliminate any DNS requests being successful because of the secondary DNS.

    Does this help?

    PS: Just woke up; did not need to restart Firewalla.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Are you monitoring pi-hole using Firewalla? What if you temporarily take pi-hole out of the picture?  This should make things simpler. 

    0
    Comment actions Permalink
  • Avatar
    BenS

    Very similar symptoms have started happening with my FW Blue since around the end of April.

    This will happen to any device (seems to be multiple devices connected, possibly all though I haven't verified that) several times a day, where when FWB has monitoring turned on (Simple Mode or Experimental Simple Mode), the outside internet connection seems to have broken for a period of between 5 and 30 seconds, but will then just come back on as if nothing happened.  It can happen fairly close together, say a few minutes apart, and then maybe a couple of hours later.

    It's been happening to machines connected directly by ethernet to the router (Fritz!Box), or laptops, tablets, TVs, heating hubs connected via a mesh WiFi (also connected directly to the router).  The FWB is connected directly to the router too.

    I realise Fritz!Box is not listed as supported under Simple Mode or Experimental Simple Mode, but it had been working fine for months before then.  I prefer to not use DHCP mode as there isn't the facility to reserve addresses for specific things (e.g. printer) which I want to be able to do.

    The problem occurs to any device when monitoring in general is turned on, even devices that are not monitored!  When monitoring is turned off it has not occurred (and starts reoccurring when monitoring is turned back on).

    Don't want to have to disconnect the Firewalla and find some other solution...

     

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Bens

    DHCP mode can reserve IP addresses, see https://help.firewalla.com/hc/en-us/articles/115004304114-Everything-about-Firewalla-DHCP-Mode- the last section should have it.

    For your problem, check these things

    • make sure your power is good to the firewalla, try not use the router's USB ports to power the unit
    • check cable
    • And do try DHCP mode, if it is stable, then your issues is simple mode compatibility
    • If DHCP mode also having issues, please contact support via the app and attach logs, we can take a look

    The DHCP mode does have a lot more advantages than the simple mode.  You can see here https://help.firewalla.com/hc/en-us/articles/115004292514-How-does-Firewalla-Intercept-Traffic

     

    1
    Comment actions Permalink
  • Avatar
    Ron Stams

    Sorry all,
    Missed you responded to this topic. Herewith a little update.
    I uninstalled PiHole as I wanted to bring firewalla back to a normal state. Initially I executed a factory reset, but for some reason that was not performed by the box. I settled for getting rid of PiHole instead.

    Before I did this, things got even weirder. After a while, I discovered that DHCP service was impacted as well. I didn't notice this initially because I use a fixed IP on my own PC.

    After deleting PiHole, things initially seemed to improve. For about 24 hours, things were stable. So I switched on monitoring and all other firewalla services - issue back again.

    I am currently running for 2 weeks with everything switched off on the firewalla box except VPN client and VPN server.

    Not ideal, but better than rebooting daily or worse, trying to revitalize the DHCP service for 3 VLANs multiple times per day....

    0
    Comment actions Permalink
  • Avatar
    BenS

    Ah cool, thanks!  I'd been looking for it next to the DHCP setting and in the Network Settings -- would be good to have a way to get to all Reserved IPs in one go, but this will do for now.  I'll see how this gets on.

    BTW, one thing I forgot to mention is I broadened my router's IP range from 192.168.0.0/24 to 192.168.0.0/21 so I could put reserved IPs on, e.g. 192.168.5.* and DHCP on 192.168.7.* (this was to avoid IP clashes with my work VPN).  It turned out to be a bit of a struggle to set Firewalla to this (I can't remember precisely what I did but it has it now).  I assume having a bitmask of 21 rather than 24 would not be a problem?

    (I realise that the mask on the overlay network that Firewalla uses for DHCP will be 24 -- I'm okay with that, I don't have /too/ many devices!!).

    0
    Comment actions Permalink

Please sign in to leave a comment.