Interface Status¶

The page at Status > Interfaces displays the status of each assigned network interface on the firewall.

Status Information¶

The information available for each interface varies depending on the interface type, but may include:

Header Information

The header of each interface contains the following information:

Friendly Name: The name of the interface as designated by the user (e.g. DMZ).
Internal Name: The internal name of the interface (e.g. wan, opt1).
Assigned Interface: The name of the underlying interface which was assigned to this entry (e.g. ix2).

Status

The current status of the interface along with an icon which visually represents the status. The status is typically one of:

Up: The interface is up, has a link, and is operating normally.
Associated: A wireless interface is up and associated with an access point.
Down: A dynamic WAN type is not connected or does not have an IP address.
No Carrier: Typically means that the cable is not plugged in or the device on the other end is malfunctioning in some way.
Disabled: The interface is assigned but manually disabled in the configuration.

Dynamic WAN Controls

Dynamic interfaces have a button to manually change their current state.

DHCP, DHCP6

Interfaces obtaining an IP address from DHCP or DHCPv6 have a Release button when there is an active lease, and a Renew button when there is not.

The DHCP Release action has an optional Relinquish Lease checkbox. When set, the release action also sends a special message to the DHCP server which relinquishes its current lease.

PPPoE, PPTP, L2TP, PPP

PPP-based connection types like PPPoE have a Disconnect button when connected and a Connect button when offline.

If a PPP connection is using dial-on-demand it will reconnect itself when triggered even after a manual disconnect action. Disable dial-on-demand if the interface must remain disconnected.

Note

Clicking ‘Renew’ or ‘Connect’ will trigger an attempt to take that action, but the attempt may fail if the interface has a problem or the upstream service is not responding.

PPP Uptime

PPP-based interfaces track how long they have been up based on the time the interface last connected to its upstream provider.

Cellular Status

PPP type interfaces connecting through cellular modems (e.g. 5G, LTE, 4G, 3G, etc.) may show additional statistics from the modem. This varies by hardware and type of connection.

Cell Signal (RSSI): The signal strength from the cellular provider.
Cell Mode: System mode change indicator.
Cell SIM State: SIM card status (e.g. inserted or removed.)
Cell Service: Service mode change indicator.
Cell Upstream: Measured upload speed.
Cell Downstream: Measured download speed.
Cell Current Up: Maximum upload speed.
Cell Current Down: Maximum download speed.

MAC Address

The hardware MAC Address of the interface.

Tip

Installing the NMAP package activates a feature which allows the page to also display the manufacturer associated with the MAC address, if it is known. Note that this is not effective in some cases, such as for virtual machines which use randomly generated MAC addresses or for wireless clients which utilize privacy features that alter their MAC addresses.

IPv4 Address

The current IPv4 address assigned to the interface.

Note

This does not include Virtual IP addresses.

Subnet mask IPv4

The subnet mask for the current IPv4 address.

Gateway IPv4

The IPv4 gateway defined on this interface, if any.

IPv6 Link Local

The IPv6 link-local address for this interface, including the interface scope.

IPv6 Address

The current IPv6 address assigned to the interface.

Subnet mask IPv6

The length of the prefix for the current IPv6 address.

Gateway IPv6

The IPv6 gateway defined on this interface, if any.

DNS Servers

DNS servers obtained from upstream providers on this interface (e.g. DHCP or PPPoE).

MTU

maximum transmission unit (MTU) of this interface, which is the largest packet it can transmit or receive.

Media

The type of media connected to this interface, including the link speed and type. The exact values depend upon the network interface type and what is connected to that interface.

For example, it may be 1000baseT <full-duplex> for some types of 1Gbit/s copper Ethernet or 10Gbase-SR <full-duplex> for some types of 10Gbit/s fiber.

SFP Module Information

If the interface uses an SFP module and the operating system can read the data from the module, the page will also include that information. The data may include the following fields:

Description (Plugged)
Vendor
Temperature
Voltage
Signal levels

Note

Some interfaces capable of using SFP modules, such as combination copper and SFP interfaces, do not expose this module data to the operating system. As such, the page cannot include module data from these interfaces.

LAGG Information

If this interface is an assigned LAGG interface, the page displays information about the LAGG itself.

LAGG Protocol

The current protocol for LAGG, for example it could be failover, loadbalance, LACP, etc.

The current LAGG hashing method is also in this field, which typically is l2,l3,l4 which indicates that when load balancing it takes information from OSI layers 2, 3, and 4 into account when deciding which port to use.

LAGG Ports

The underlying interfaces which are a members of this LAGG, along with their current status.

Wireless Information

The page displays additional information specific to wireless interfaces as well, including:

Channel: The wireless channel the interface is using to communicate with peers.
SSID: When acting as an access point, this is the SSID being broadcast to clients.
BSSID: When acting as a wireless client, this is the SSID of the AP to which this interface is connecting.
Rate: When acting as a wireless client, this is the current wireless data transfer rate to the AP.
RSSI: When acting as a wireless client, this is the current signal level to the AP.

In/Out Packets

The number of packets received (in) and transmitted (out) by this interface.

In/Out Packets (Pass)

The number of packets pf has passed on this interface.

In/Out Packets (Block)

The number of packets pf has blocked on this interface.

In/Out Errors

Input and output errors on the interface. This is a total count and can be from a variety of causes. For example, it could be from a hardware issue or packets lost because they could not be processed due to high load.

Hardware issues are typically physical in nature: cabling or port errors. The most common suspect is cables, and they are easy and cheap to replace.

In many cases, occasional errors are not indicative of a problem, however, if the number is large and/or rapidly increasing, there is cause for concern.

Note

Depending on the interface type, more detail may be available from sysctl. For example, an ix0 interface would have information under sysctl dev.ix.0, in particular dev.ix.0.mac_stats has several fields detailing different types of error conditions.

Collisions

The number of network collisions experienced by this interface.

In most cases this can only happen on half-duplex networks (i.e. hubs, not switches). If this is non-zero it can also indicate that the interface has not linked at the proper duplex.

Example Status¶

Interface Status¶

In the first part of Figure Interface Status, the firewall has a DHCP WAN connection and it obtained the IPv4 and IPv6 address, DNS, etc. automatically.

In the lower part of the image, the LAN connection is visible. Since this is a normal interface with a static IP address, only the usual set of items are present.