Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 29 subscribers
  • Views 13551 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unexplainable problem - unable to ping some hosts

VikenNajarian

Hello,

Setup: XG135W V18 build 354.

I noticed today that I cannot ping properly some hosts like 8.8.8.8, 8.8.4.4, and 1.1.1.1. I launch a CMD, I type "ping 8.8.8.8" the first answer is correct, and then the 3 next are timeout.

This ping is passing through my #1 firewall rule "LAN TO WAN GENERAL RULE" which allows my internal lan to reach internet. I don't know since when this problem is occuring but it's really weird because if I switch on the capture packet in the firewall, the ping is working well ???!!! what the f*ck ???

Here are some screenshots to explain that...

The ping fail after the 1st successful answer.

Then I switch on packet capture, and ping again while it's still ON, and BINGO, ping is working:

Then I switch off packet capture, and ping is not working again...

 

Another weird thing is that, I monitor my custommer's firewall and internet lines with ping and other services which is alowed on a rule which is on the top of my #1 rule. This rule allows to ping those specifics IP, and if I ping those IP manually, they are all working great...

The issue is only on the IP that are not in the monitoring firewall rule. 

The ping to 192.168.253.254 which is my ISP modem IP have the same issue, 1st anwer OK, 3 others timeout. If I connect a computer on the ISP modem directly and ping 192.168.253.254 the ping is OK.


The issue was not present few weeks ago...

if anyone have an idea...

 

Regards



This thread was automatically locked due to age.
  • 0 in reply to LuCar Toni

    console> system route_precedence show
    Routing Precedence:
    1. Static routes
    2. VPN routes
    3. SD-WAN policy routes

  • 0 in reply to VikenNajarian

    Does "system firewall-acceleration disable" persist after a reboot?

    I believe I may have a similar issue on my home network. I run some network monitoring software that monitors systems external to my network. The XG sits between my LAN and my router. As part of the monitoring it pings the router and suspends all the monitoring if it can't ping the router. In the last couple of months I have had random times where the software can't ping the router so suspends all the monitoring. I have checked the server that the monitoring software is on and I can't ping the router manually from that server when I have the issue but I can ping the router from another server on my network (and any PC).

    I haven't had the time to investigate this further but seeing this post I thought I would try disabling firewall acceleration. I didn't used to have this problem but I used to run the XG as a Hyper-V software image which doesn't support firewall accleration. More recently I have moved to a second hand 430 with a software image which does support firewall acceleration and I believe this may coincide with when I started having the issue.

  • 0 in reply to JasP

    Hello,

     

    Yes it persists after a reboot.


    Regards