pfSense » pfSense Plus

When syncing a large configuration file with a large number of Virtual IPs, XMLRPC Sync can cause the webConfigurator to completely hang on a secondary unit in an HA pair for several minutes. This can also lead to 504 Timeout messages. The webConfigurator will typically recover on it's own, but this will often take several minutes.

Disabling the Virtual IP portion of the XMLRPC sync resolves this issue and the failover is nearly instantaneous, along with complete responsiveness from the webConfigurator.

Likely improvements can be made to the PHP code to not just blindly copy and rebuild the entire Virtual IP configuration on the secondary unit, as these hangs can lead to high CPU load and responsiveness issues for the secondary firewall that you just failed over to. This is obviously less than ideal since that unit is supposed to be taking over traffic in a manual failover scenario.