Skip to main content

PFS200 - Failed to Apply Pending pfSense Firewall Changes

Agent error code #PFS200 indicates that the alias was updated successfully but the subsequent apply step failed. Without the apply, the change is held as pending and will not take effect against live firewall rules.

This error is distinct from alias edit failures (#PFS102), which fail before any change is made. Error #PFS200 means the change was saved but could not be committed.

Common causes include:

  • The API user lacks privilege to apply firewall changes
  • An unrelated pending configuration change on pfSense is invalid and apply is refusing to run
  • A filter reload triggered by another change is already running and the apply call timed out

Steps to Resolve

Apply Pending Changes From the pfSense UI

  1. Log into pfSense and navigate to Firewall > Aliases > IP
  2. If a yellow apply banner is shown, click Apply Changes. Any underlying configuration error will surface here
  3. If the apply succeeds in the UI, retry the grant in Knocknoc

Check the API User Privileges

  1. Confirm the API user has the privileges listed in the pfSense setup guide
  2. In particular, WebCfg - Status: System: REST API is required for the apply call

Check the pfSense System Log

  1. Navigate to Status > System Logs > General and look for entries around the time of the failure
  2. Apply errors are usually logged here with the underlying cause

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top