Hi all, We're having an issue with seemingly random users losing their internet connection for a couple of minutes throughout the day since replacing our Juniper SSG5 with a Sophos XG 135. I'll try to post what I think are the salient points but please let me know if there's other info that would be helpful to see We're running software version SFOS 18.0.1 MR-1-Build396 It doesn't affect the whole company at the same time It doesn't affect all of our users This happened before and after we started using the Sophos web filtering service The hardware graphs don't seem to show anything like the CPU or RAM etc getting maxed out Our VOIP phones continue to work, they're connected to a different NIC on the firewall from our LAN traffic but use the same fibre connection I haven't really been able to find a pattern of what the users are doing to cause this A continuous ping to a website persists through the loss of internet connection but a ping to a different website fails (this works once the connection is back up again) It feels like any new connections are being dropped for the duration of the 2 or 3 minutes Internal traffic continues to work absolutely fine While I know I haven't gone into lots of detail I won't add more at this stage in case there's a known fix and I've just muddied the waters. Thank you in advance for any help and advice of how to resolve this. All the best, Ben.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet connection dropping

Hi all,

We're having an issue with seemingly random users losing their internet connection for a couple of minutes throughout the day since replacing our Juniper SSG5 with a Sophos XG 135. I'll try to post what I think are the salient points but please let me know if there's other info that would be helpful to see

We're running software version SFOS 18.0.1 MR-1-Build396
It doesn't affect the whole company at the same time
It doesn't affect all of our users
This happened before and after we started using the Sophos web filtering service
The hardware graphs don't seem to show anything like the CPU or RAM etc getting maxed out
Our VOIP phones continue to work, they're connected to a different NIC on the firewall from our LAN traffic but use the same fibre connection
I haven't really been able to find a pattern of what the users are doing to cause this
A continuous ping to a website persists through the loss of internet connection but a ping to a different website fails (this works once the connection is back up again)
It feels like any new connections are being dropped for the duration of the 2 or 3 minutes
Internal traffic continues to work absolutely fine

While I know I haven't gone into lots of detail I won't add more at this stage in case there's a known fix and I've just muddied the waters.

Thank you in advance for any help and advice of how to resolve this.

All the best,

Ben.

This thread was automatically locked due to age.

Top Replies

FormerMember over 4 years ago +1

Hi Ben Reeve , Thank you for reaching out to the Community! Did you configure STAS? If yes, what is the configured value for identity probe time-out? Did you configure web proxy or DPI? Thanks…

Parents

0 FormerMember over 4 years ago

Hi Ben Reeve,

Thank you for reaching out to the Community!

Did you configure STAS? If yes, what is the configured value for identity probe time-out?

Did you configure web proxy or DPI?

Thanks,
Cancel
Vote Up +1 Vote Down

Cancel
0 Ben Reeve over 4 years ago in reply to FormerMember

Hiya,

Yep we have STAS configured though I can't see any metion of an Identity probe time out, could it be called something else?

Many thanks,

Ben.
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 4 years ago in reply to Ben Reeve

Hi Ben Reeve,

You could find it at Authentication > STAS on your XG firewall.

When the user reports this issue, did you see any dropped packets on the firewall form that users workstation?

Thanks,
Cancel
Vote Up +1 Vote Down

Cancel
0 Ben Reeve over 4 years ago in reply to FormerMember

Ah I see it now. So it's set to 120 seconds, Restrict client traffic during identity probe is set to yes and Enable user inactivity is set to off. I haven't noticed any dropped packets, however I will look for that the next time it happens. Also we see quite a lot of the following in the firewall logs but I don't know if it's related at all -

2020-09-23 16:08:00
Invalid Traffic
Denied
N/A
0
192.168.20.1
40.77.18.167
63140
443
TCP
0
01001
Open PCAP
Could not associate packet to any connection
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Ben Reeve over 4 years ago in reply to FormerMember

Ah I see it now. So it's set to 120 seconds, Restrict client traffic during identity probe is set to yes and Enable user inactivity is set to off. I haven't noticed any dropped packets, however I will look for that the next time it happens. Also we see quite a lot of the following in the firewall logs but I don't know if it's related at all -

2020-09-23 16:08:00
Invalid Traffic
Denied
N/A
0
192.168.20.1
40.77.18.167
63140
443
TCP
0
01001
Open PCAP
Could not associate packet to any connection
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data