Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 608 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

mr4 SNAT -> traffic is lost suddenly

BasSanders

Hi All,

As support is continuously failing to support us i am trying here.

We have a setup with a cluster of XG210's running 18.0 MR4. Since this implementation, we are regularly having issues with our customers PBX. Packets coming from the PBX towards the SIP provider arrive at the firewall, but then disappear into thin air.

PCAP's show only that the packet is received on the inbound interface. After that, no registration of the packet whatsoever (not in traffic log, session list etc). Also the policy-counters are not increasing anymore (which is logical as the packet doesn't seem to be processed.

The only solution so far is to do a failover to the aux firewall.. and then wait till it happens again (between 6 and 30 hours so far).

Some other PBXs in the exact same config work fine.

Sophos support is being pushed to the limits and provides us supreme attention by sending an email every two days asking if we still have the issue.. (facepalm..)

Anyone seeing similar issues?



This thread was automatically locked due to age.
Parents
  • 0

    Check the drop packet capture for this time frame. If the policies did not hit, it means, that the firewall is dropping the traffic. 

    NAT etc. comes later in the packet flow. Initially the correct firewall rule should hit. 

    Takeover to the second appliance initially will apply the same ruleset. So basically if you see, that the firewall is dropping the traffic for "not finding any firewall rule" you could eventually find something in the firewall_rule.log on the appliance. 

Reply
  • 0

    Check the drop packet capture for this time frame. If the policies did not hit, it means, that the firewall is dropping the traffic. 

    NAT etc. comes later in the packet flow. Initially the correct firewall rule should hit. 

    Takeover to the second appliance initially will apply the same ruleset. So basically if you see, that the firewall is dropping the traffic for "not finding any firewall rule" you could eventually find something in the firewall_rule.log on the appliance. 

Children
No Data