The page at Status > Interfaces displays the status of each assigned network interface on the firewall.
The information available for each interface varies depending on the interface type, but may include:
- Header Information
The header of each interface contains the following information:
- Friendly Name
The name of the interface as designated by the user (e.g.
- Internal Name
The internal name of the interface (e.g.
- Assigned Interface
The name of the underlying interface which was assigned to this entry (e.g.
The current status of the interface along with an icon which visually represents the status. The status is typically one of:
The interface is up, has a link, and is operating normally.
A wireless interface is up and associated with an access point.
A dynamic WAN type is not connected or does not have an IP address.
- No Carrier
Typically means that the cable is not plugged in or the device on the other end is malfunctioning in some way.
The interface is assigned but manually disabled in the configuration.
- Dynamic WAN Controls
Dynamic interfaces have a button to manually change their current state.
- DHCP, DHCP6
Interfaces obtaining an IP address from DHCP or DHCPv6 have a Release button when there is an active lease, and a Renew button when there is not.
The DHCP Release action has an optional Relinquish Lease checkbox. When set, the release action also sends a special message to the DHCP server which relinquishes its current lease.
- PPPoE, PPTP, L2TP, PPP
PPP-based connection types like PPPoE have a Disconnect button when connected and a Connect button when offline.
If a PPP connection is using dial-on-demand it will reconnect itself when triggered even after a manual disconnect action. Disable dial-on-demand if the interface must remain disconnected.
Clicking ‘Renew’ or ‘Connect’ will trigger an attempt to take that action, but the attempt may fail if the interface has a problem or the upstream service is not responding.
- PPP Uptime
PPP-based interfaces track how long they have been up based on the time the interface last connected to its upstream provider.
- Cellular Status
PPP type interfaces connecting through cellular modems (e.g. 5G, LTE, 4G, 3G, etc.) may show additional statistics from the modem. This varies by hardware and type of connection.
- Cell Signal (RSSI)
The signal strength from the cellular provider.
- Cell Mode
System mode change indicator.
- Cell SIM State
SIM card status (e.g. inserted or removed.)
- Cell Service
Service mode change indicator.
- Cell Upstream
Measured upload speed.
- Cell Downstream
Measured download speed.
- Cell Current Up
Maximum upload speed.
- Cell Current Down
Maximum download speed.
- MAC Address
The hardware MAC Address of the interface.
Installing the NMAP package activates a feature which allows the page to also display the manufacturer associated with the MAC address, if it is known. Note that this is not effective in some cases, such as for virtual machines which use randomly generated MAC addresses or for wireless clients which utilize privacy features that alter their MAC addresses.
- IPv4 Address
The current IPv4 address assigned to the interface.
This does not include Virtual IP addresses.
- Subnet mask IPv4
The subnet mask for the current IPv4 address.
- Gateway IPv4
The IPv4 gateway defined on this interface, if any.
- IPv6 Link Local
The IPv6 link-local address for this interface, including the interface scope.
- IPv6 Address
The current IPv6 address assigned to the interface.
- Subnet mask IPv6
The length of the prefix for the current IPv6 address.
- Gateway IPv6
The IPv6 gateway defined on this interface, if any.
- DNS Servers
DNS servers obtained from upstream providers on this interface (e.g. DHCP or PPPoE).
maximum transmission unit (MTU) of this interface, which is the largest packet it can transmit or receive.
The type of media connected to this interface, including the link speed and type. The exact values depend upon the network interface type and what is connected to that interface.
For example, it may be
1000baseT <full-duplex>for some types of 1Gbit/s copper Ethernet or
10Gbase-SR <full-duplex>for some types of 10Gbit/s fiber.
- SFP Module Information
If the interface uses an SFP module and the operating system can read the data from the module, the page will also include that information. The data may include the following fields:
Some interfaces capable of using SFP modules, such as combination copper and SFP interfaces, do not expose this module data to the operating system. As such, the page cannot include module data from these interfaces.
- LAGG Information
If this interface is an assigned LAGG interface, the page displays information about the LAGG itself.
- LAGG Protocol
The current protocol for LAGG, for example it could be failover, loadbalance, LACP, etc.
The current LAGG hashing method is also in this field, which typically is
l2,l3,l4which indicates that when load balancing it takes information from OSI layers 2, 3, and 4 into account when deciding which port to use.
- LAGG Ports
The underlying interfaces which are a members of this LAGG, along with their current status.
- Wireless Information
The page displays additional information specific to wireless interfaces as well, including:
The wireless channel the interface is using to communicate with peers.
When acting as an access point, this is the SSID being broadcast to clients.
When acting as a wireless client, this is the SSID of the AP to which this interface is connecting.
When acting as a wireless client, this is the current wireless data transfer rate to the AP.
When acting as a wireless client, this is the current signal level to the AP.
- In/Out Packets
The number of packets received (in) and transmitted (out) by this interface.
- In/Out Packets (Pass)
The number of packets
pfhas passed on this interface.
- In/Out Packets (Block)
The number of packets
pfhas blocked on this interface.
- In/Out Errors
Input and output errors on the interface. This is a total count and can be from a variety of causes. For example, it could be from a hardware issue or packets lost because they could not be processed due to high load.
Hardware issues are typically physical in nature: cabling or port errors. The most common suspect is cables, and they are easy and cheap to replace.
In many cases, occasional errors are not indicative of a problem, however, if the number is large and/or rapidly increasing, there is cause for concern.
Depending on the interface type, more detail may be available from
sysctl. For example, an
ix0interface would have information under
sysctl dev.ix.0, in particular
dev.ix.0.mac_statshas several fields detailing different types of error conditions.
The number of network collisions experienced by this interface.
In most cases this can only happen on half-duplex networks (i.e. hubs, not switches). If this is non-zero it can also indicate that the interface has not linked at the proper duplex.
See Interface Configuration for more about setting the speed and duplex of an interface.
- Bridge Interface
If an interface is a member of a bridge, the title of this field contains the name of the bridge and the content is the current status.
- Total Interrupts
For physical interfaces this field may show the total number of hardware interrupts generated by this interface. A rapidly increasing number of interrupts can indicate that an interface is highly loaded, but that does not necessarily mean there is a problem if the load is expected.
In the first part of Figure Interface Status, the firewall has a DHCP WAN connection and it obtained the IPv4 and IPv6 address, DNS, etc. automatically.
In the lower part of the image, the LAN connection is visible. Since this is a normal interface with a static IP address, only the usual set of items are present.