 Tom here from Orange Systems and there's nothing quite as aggravating as packet loss. Well, lag is probably up there with it, but the two are kind of related because packet loss can also really ruin your day the same way lag will. And for the same reason, you have lost packets somewhere. The connection is unstable. Now I'm going to show you how to track this in PF sense. And I'm going to show you how to set up the gateway monitor IP and the default might be fine for you, but it's not always fine in every scenario. So we'll talk about when you should look at changing that and what other factors you should track and how you can track that over time and then present and download the data out of PF sense and hopefully get the problem resolved or at least have a lot more data to understand the problem better. Now, my preference is always to monitor any of these type of problems from within PF sense because anytime you put another tool behind it, you now have more factors. You have more layers in between. So my personal preference is always to monitor all of this from PF sense. It's really easy to do, but before we dive into the details of the video to how to set this up, let's first. Are you an individual or company looking for support on a network engineering storage or virtualization project? Is your company or internal IT team looking for someone to proactively monitor your system security or offer strategic guidance to keep your IT systems operating smoothly? Not only would we love to help consulting your project, we also offer fully managed or co-managed IT service plans for businesses in need of IT administration or IT teams in need of additional support. With our expert install team, we can also assist you with all of your structure, cabling and Wi-Fi planning projects. If any of this piques your interest, fill out our Hire Us form at laurancesystems.com so we can start crafting a solution that works for you. If you're not interested in hiring us, but you're looking for other ways you want to support this channel, there's affiliate links down below to get you deals and discounts on products and services we talk about on this channel. And now back to our content. Now by default, PF sense is already doing the monitoring, but we have to make sure it's monitoring the right thing. So here is my WAN DHCP. I have Wide Open West as my internet cable writer. They provide me a cable modem that's in bridge mode, and it's set up to DHCP on my PF sense WAN. So this is the DHCP first hop or default gateway, the default route by which the PF sense sends all the traffic until it gets to the next router. Now you have to make sure you're monitoring the right IP address. So we're over here to system and then routing. And here's my WAN DHCP. And you can see the gateway address and the monitor IP address are the same. If we don't want them the same, we can click on the edit and then we can change and put a different monitor IP in here. The important part is that the IP or monitoring should be an off-prem piece of equipment. And what I mean by that, you should monitor something that is pingable, that is within your internet provider's network operation center, not necessarily on-prem. The example would be, and this is common with some fiber equipment, the fiber equipment may have a default gateway that's assigned to the fiber device that bridges over to the PF sense. And if you just ping that, well, you're not really that accurate in terms of whether or not you're down when it comes to the internet, because if it's only pinging the local device before it goes down the fiber and over to the provider, well, you've only managed to confirm that there's a connection between that short distance. So you want the monitor IP to be something within their network operation center for the most part of your using cable motor minutes in bridge mode. That's perfectly fine to use the default gateway. But if you don't have it in bridge mode and your PF sense has a private IP address, it will default to pinging the local device. Well, if the internet goes out coming to the local device, once again, you won't have any information to go on. So yes, this will work, even if it's not in bridge mode. But those are the factors you have to think about as to what you're monitoring. Now, if you scroll down, there's under display advanced, you can also fine tune if you need to, the latency thresholds, packet loss thresholds, what you find acceptable. If you're on a high latency connection, you may be getting errors from this particular connection, because well, it's always high latency, such as Starlink is going to be a higher latency than fiber versus a capable. Each one of these has different profiles of performance. So depending on what your use case is, think about that. If you need to tune these, I find for most connections, though, the default works perfectly fine. It's tolerant and losing a few packets here and there does happen, it will log that, but it's just a matter of whether or not it does any triggering these other options, such as monitoring a gateway or the gateway action are more related to if you have failover scenarios where you want the action to be stopped using this gateway, use the other gateway, that's also where this fine tuning may come into play. Now, once you've got this configured, we're going to go to status and we're going to go over to monitoring. This is the default monitoring that's in here and we click the wrench icon and this is where we can start making changes. We can change it to quality and we can pick which thing we want to measure the quality of which different gateway way and DHCP and we're going to head and hit display advanced and we'll hit save view. All that does is save this to be the default view anytime we go here and then we can click on these delay average or delay standard deviation because I want to focus on packet loss or maybe I don't and I only want to see the standard deviation for when there's, you know, different high pings and right here, it looks like around 1031. There were some high pings at 2345. So it got all the way up to 13. So you can see is your latency changing over time with the pings or are you experiencing any packet loss like we did right here on 1031. This is pretty simple, but let's go a little bit more advanced and go here, click this icon and let's create some extra views. So we can actually add a view here and we're going to call this 30 day view. So we'll name it that names are arbitrary on this. Click the icon and we're going to change it to one month. The resolution will make it pretty fine here at one hour. We'll leave quality. We'll keep it WAND, we can then hit display advance. We're just going to save the view right here. So now this one is a 30 day look and wow, we definitely had some loss back on a 1012. It looks like we had an outage for a little while. So there's minor loss here and there. Let's go ahead and create another one and we can go ahead and go display advance or add a view one day view. Then we'll edit this one to be one day. So we change this to a day, five minute resolution sounds good. Display advance and hit save. Now this is our one day view. Now there may be other data you want to add on top of this. Like we have this spike right here, but I wonder what that spike might have been caused by. So we can actually edit this and set another piece of information in this, like what was the system load? What was the memory or the processor on there? So if we update the graph, well, it looks like the processor didn't really change much with that. So a little bit of some user going on here. Probably that was a VPN transfers because it I'm using wire garden that operates in a way that may have spiked the system a little bit. So maybe that's why that happened. Let's look at maybe a traffic and we'll put the traffic down here to the wire guard VPN and we'll update the graphs. Ah, there we go. So if we start looking at the wire guard VPN overlaid with this, we can correlate some of this data to say, all right, maybe this VPN was causing this, but actually I don't see a packet loss related to it, but it does obviously change some of the deviation that's going on here. And we can uncheck these different boxes to just compare the in or out traffic and overlay only pieces at a time. Now let's switch over to my office one where you can see what the differences are. For example, when you have VPN users. So here's my Comcast connection, which actually is experiencing a lot of packet loss. I know they've been servicing it today. There's a technician there now and it's definitely down. We have a secondary backup connection is how I'm connected to our firewall at the office, but this is where you may want to overlay data such as VPN users. So let's look at my open VPN LTS users, people remoting in, update the graph and you can see if those users cause any change in maybe traffic patterns actually updated this way. These are ways you can look at traffic or even go over here and look at the processor, update graphs. Is there a big change in processor when these users log in? So these users are logged in, several users logged in here at 10 o'clock when some of the people started working remotely. And there's really not a big change in processors. So if we focus just on users and process. Yeah, there's some processes running, but it didn't really overload the system. This is another way you can look at this to try to start troubleshooting PF sense and understand if these other things have an effect on things like packet loss. So you're correlating two pieces of data. Of course, ultimately, once you have any of this data, you want to look at it over time and maybe even say, you know, you go back to like your month view, update the graph. Well, this one hasn't been on for a month. So maybe go to the month view of the Comcast changes to three months of Comcast. And then we want to export that data. It creates a CSV file. There's packet loss, delay average, standard delay average, and you can import this to make your own assessments and make your own graphs. And maybe you want to pivot the data a little bit differently. But as I said, this has been doing this since you set up PF sense. Once you load it, it automatically starts monitoring all this data. It's just a matter of going to status monitoring and building the different pivots on here. So you can help use it to understand what problems you're trying to troubleshoot or use it as that correlation data to get you pointed in the right direction. And that's it for status monitoring. It's really easy to use. I highly recommend looking at it once in a while and going back in history. It's kind of fun just to think about how things are being done or if you're looking at, hey, why didn't my transfer seem to slow down when I do this? Hey, jump over there and take a look at the history of it and whether or not it's using a lot more processor power. If it's because there's a lot of VPN users logged in at the same time, you know, that different correlation data can send you down the right path to getting your problem solved. Leave your thoughts and comments down below or head over to my forums for a more in-depth discussion. And thank you for making it all the way to the end of this video. If you've enjoyed the content, please give us a thumbs up. If you would like to see more content from this channel, hit the subscribe button and the bell icon. If you'd like to hire a short project, head over to laurancesystems.com and click the hires button right at the top. To help this channel out in other ways, there's a join button here for YouTube and a Patreon page where your support is greatly appreciated. For deals, discounts and offers, check out our affiliate links and description of all of our videos, including a link to our shirt store, where we have a wide variety of shirts that we sell and designs come out well randomly. So check back frequently. And finally, our forums. forums.laurancesystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel. Thanks again for watching and look forward to hearing from you.