By default, in Pfsense, the values “connection tracking” are set for the FreeBSD, which are different from the settings in Linux based distributions. Therefore, I collected data from Mikrotik-based settings and transferred them to PfSense.
Mikrotik’s settings:
/ip firewall connection tracking> print
enabled: auto
tcp-syn-sent-timeout: 5s
tcp-syn-received-timeout: 5s
tcp-established-timeout: 1d
tcp-fin-wait-timeout: 10s
tcp-close-wait-timeout: 10s
tcp-last-ack-timeout: 10s
tcp-time-wait-timeout: 10s
tcp-close-timeout: 10s
tcp-max-retrans-timeout: 5m
tcp-unacked-timeout: 5m
loose-tcp-tracking: yes
udp-timeout: 10s
udp-stream-timeout: 3m
icmp-timeout: 10s
generic-timeout: 10m
max-entries: 217992
total-entries: 1233
in PfSense:
Go to: System -> Advanced -> Firewall & NAT. Scroll to whole down. And put these values in fields:
And press “save” button. Changes applies immediatelly.
That’s all. Thanks.
Similar Posts:
- How to Install Midnight Commander MC on PfSense 2.4.5
- Mikrotik: drop ports scanners + honeypot
- how to import ip addresses list to mikrotik firewall
- How to block SASL login attacks in zimbra using csf
- csf firewall set email smtp alert port number
2,534