Cacti will not graph the data from my PfSense firewall

Post support questions that directly relate to Linux/Unix operating systems.

Moderators: Moderators, Developers

Post Reply
Author
Message
HIllBillyHam
Posts: 4
Joined: Mon Nov 04, 2019 10:19 pm

Cacti will not graph the data from my PfSense firewall

#1 Post by HIllBillyHam » Mon Nov 04, 2019 10:36 pm

Cacti does not want to graph the data from my PfSense firewalls interfaces. I'm running Cacti 1.1.38 on an Ubuntu 18.04.3 Server. The PfSense firewall (FreeBSD based firewall) is version 2.4.4 update p3. I have tried using the default snmp service bsnmp as well as switching net-snmp. The graphs never show any data they just say nan on every interface.

I have a tp-link switch that I have been able to graph data from it with out any problem.

Thanks


HIllBillyHam
Posts: 4
Joined: Mon Nov 04, 2019 10:19 pm

Re: Cacti will not graph the data from my PfSense firewall

#3 Post by HIllBillyHam » Tue Nov 05, 2019 11:00 pm

On the clean side of firewall there is a default rule to allow everything on that network to pass traffic to everything. I would assume that would include traffic from firewall itself. It lets me hit 443 to log into the web interface.

When adding the device in Cacti it did give info about the pfsense like what it was named and contact and location that I set in the firewall. They seem like they are talking. There is never any traffic shown on the graphs. This very well could be a pfsense issue but I did think it was odd I could not get it to work under bsnmp or net-snmp.

netniV
Cacti Guru User
Posts: 2978
Joined: Sun Aug 27, 2017 12:05 am

Re: Cacti will not graph the data from my PfSense firewall

#4 Post by netniV » Wed Nov 06, 2019 2:37 pm

Use snmpwalk to see if the interface oids are returned. I suspect they aren’t and the snmp config of pfsense is limiting the view. CentOS or Ubuntu i forget which one Is defaulted that way too.

HIllBillyHam
Posts: 4
Joined: Mon Nov 04, 2019 10:19 pm

Re: Cacti will not graph the data from my PfSense firewall

#5 Post by HIllBillyHam » Wed Nov 06, 2019 9:25 pm

I appreciate the help.
I ran snmpwalk against both my pfsense box which I can't get to graph and my switch which works fine.
I have to admit I don't totally know what I am looking at or looking for.

I do see alot of the interfaces listed and ip addresses and such. There are some rather large numbers as well listed under counter32 that I think could be traffic stats. Quite abit more data came out of the switch than the firewall. The switch does have 24 ethernet ports and 4 sfp ports compared to the firewall only having 6 ports

I would paste the contents of text that I outputted to in the forums but it is quite abit of text and the security analyst in me if is afraid I would unknowing disclose security related information :(

netniV
Cacti Guru User
Posts: 2978
Joined: Sun Aug 27, 2017 12:05 am

Re: Cacti will not graph the data from my PfSense firewall

#6 Post by netniV » Thu Nov 07, 2019 7:23 pm

Yeah that kind of info shouldn't be posted without filtering on here. If you have a look at the interface templates, you can see the OID's it uses, try querying directly for those and make sure you are getting a table of data coming out.

HIllBillyHam
Posts: 4
Joined: Mon Nov 04, 2019 10:19 pm

Re: Cacti will not graph the data from my PfSense firewall

#7 Post by HIllBillyHam » Fri Nov 08, 2019 8:04 pm

Do you think it could have anything to do with the way I have the vlans setup. Pretty much all the equipment is new an just getting it setup. I deleted the cacti vm I had setup and made some changes and now I can't even get the switch to graph.

My PfSense firewall has 6 physical interfaces including the WAN
I'm am currently using 5 of them WAN,LAN, IoT, Guest, DMZ
I also have a esxi host setup with several physical nics as well. Each nic that I have used I have it set on the switch to use a seperate vlan incase I want to setup a machine on any of the networks.

LAN is VLAN 11
IoT is VLAN 12
Guest is VLAN 13
DMZ is VLAN 14

I have the each port that goes to the firewall tagged with it's corresponding VLAN and have the pvid set to that vlan as well.
The client machines and server nics are on different VLANs but their ports are not tagged and the pvid is set to that VLAN

I got everything setup last night and everything seems to work like it should. I then put added firewall rules so that everything could talk to the internet but not to each other. I build my cacti server again tonight and thought I would give it another shot. When I add the device I can see it pulling some data like the contact info I set and the location but I don't get any graphs. While I was writing this I disabled all the restrictive firewall rules so every segment can freely talk to the others.

My previous setup had LAN setup on VLAN1 (the native VLAN) and my switch was being managed from that VLAN. Now my switch is being managed from VLAN11. The ports on the firewall were tagged and the ports on the switch to the firewall were tagged.

If everything seems to be working I don't know why I'm having trouble with snmp unless cacti does not like the name of the interfaces it has given them (like em1.11 for ethernet 1 on vlan 11).

I know this is a little complicated for a home network but it seems to work. Please let me know if you see any obvious issues that cacti may have a problem with.

Thanks

netniV
Cacti Guru User
Posts: 2978
Joined: Sun Aug 27, 2017 12:05 am

Re: Cacti will not graph the data from my PfSense firewall

#8 Post by netniV » Fri Nov 08, 2019 10:41 pm

It still sounds like your snmp configuration on the pfsense firewall is incomplete. The default is likely a reduced view as I've seen that configuration applied on Ubuntu I think it is.

Post Reply