Monitoring pfSense WAN Uptime with Uptime Robot
I have had a few problems with my pfSense firewalls losing their internet connection and not finding out about it until I get a panicked call or text from someone. Nine times out of ten this is caused by the ISP going down or their modem crashing. I have successfully turned on email notifications from within pfSense and this is helpful to let me know that a connection has gone down and to send me daily reports. The problem with this is that only a few locations have more than one WAN, and I won’t get an alert if the only internet connection goes down.
I happened upon a post on Nothing to IT detailing how to use Uptime Robot. Uptime Robot is a free service that will ping your firewall every five minutes and send an email or app alert to inform you when it goes down. The paid service can check every minute for only $5.50 a month or $54.00 a year. If for some reason, you want a longer interval, the service can check at longer intervals, up to 24 hours between pings.
Adding a New Monitor
Go to UptimeRobot.com and sign up for a free account. Log in and click “+ Add New Monitor.” Fill out the form similar to the one below. If you don’t have a static IP, I suggest setting up a dynamic DNS from one of the many services that pfSense supports.
I installed the app on my phone and was surprsied that it can be a seperate contact to notify. For this example I selected both, but it could be easily customized just for certain contacts. For example, you can create a single account that checks several firewalls, and have it send an alert to the right person who is onsite so they can fix the problem, while still letting you know the site went down (what I do since several of the sites I help maintain are geograhically spread out).
Getting pfSense to Respond to “Pings”
If you check the status, it will probably be down right after you turn on monitoring. This is becasue pfSense doesn’t respong to pings by default.
To enable this, go to Firewall -> Rules.
Create a new rule similar to the one below to pass ICMP pings sent to the WAN address over the WAN interface:
Click Save and Apply Changes to activate the new rule.
Watching the Dashboard
Within five minutes, the dashboard should show that your firewall monitor is up. The next time you have a service outage, Uptime Robot will send you an alert within five minutes and hopefully let you fix the problem before it causes too many issues.
As you can see, the fourth location had a power outage for several days and then has had several small interuptions in service.