Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 6987 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Static routing issue (Devices under same network every few min get network disconnection)

YB Shin

Hi Sophos experts,

 

Now I have two gateways one is for internet other is for IDC as below.

 

Sophos XG (192.168.1.66)      Router (192.168.1.52)

               Arrow upper left                                         Arrow upper right

                       PC (192.168.1.0/24)

 

Now XG has static routing for IDC as below

-IP/Netmask : 192.168.101.0/24

-Gateway : 192.168.1.52

-Interface : Port1 (192.168.1.66)

 

When I connect to IDC server over the Router (192.168.1.52) the connection is okay for few min (within Ping seq number 115) but the connection is disconnected after few min.

so I checked log on Firewall the firewall recored two denined logs as below.

 

First, (Connection is okay during occuring this log)

Log Comp : Invalid Traffic

Action : Denined

Firewall Rule : 0

Message : Invalid TCP state.

 


Second, (I get this log when the network disconnect)

Log Comp : Invalid Traffic

Action : Denined

Firewall Rule : 0

Message : Could not associate packet to any connection.

 

additional, If I use another network with another gateway on the firewall like 192.168.2.1 G/W I never get network disconnection. (It also follow static routing)

This problem occur under 192.168.1.0/24 network.

Can you please advise how to fix this problem?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    This is not a device issue. This is a known issue in the routing and this is called S* (Sorry I forget full name of this  issue). This will happen when your traffic will come back on sender network for next destination. As your pc is sending packet to firewall and firewall again redirect this traffic to router by same link which it was received.  

    Pc--->Lan switch---->xg firewall---->Lan switch---->router.

    This is incorrect.

    Solution:

    As your network as flat L2 network so you have to make a direct link between XG firewall and router and use a different subnet between both devices and now recofigure your static route on the firewall with router new IP.

    Your traffic flow  will as below

    Pc --->xg firewall---->router.

    Regards,

    Deepak Kumar

Reply
  • 0

    Hi,

    This is not a device issue. This is a known issue in the routing and this is called S* (Sorry I forget full name of this  issue). This will happen when your traffic will come back on sender network for next destination. As your pc is sending packet to firewall and firewall again redirect this traffic to router by same link which it was received.  

    Pc--->Lan switch---->xg firewall---->Lan switch---->router.

    This is incorrect.

    Solution:

    As your network as flat L2 network so you have to make a direct link between XG firewall and router and use a different subnet between both devices and now recofigure your static route on the firewall with router new IP.

    Your traffic flow  will as below

    Pc --->xg firewall---->router.

    Regards,

    Deepak Kumar

Children