Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1831 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't ping outside WAN - Firewall-acceleration

Ste

Dear Community,

we have a new installation of an XG310 with the firmware (SFOS 18.0.4 MR-4) and we are experience random ping timeout to WAN:

Example ping 8.8.8.8 works from some computer and didn't work on others. Later pings stop work from the previos pc and start work on the otherone.

To solve we have to disable Firewall-acceleration option.

Is this a bug issue? Are you working on it?

What are the feature of the Firewall-acceleration option?

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Hello Ste,

    this is definitely a bug.

    We have the same issue on a XG550 after the migration from 17.5.12 to 18.0.4 MR-4.

    The thing is not reproducable. We had it right after the migration on 9th of january. Then it vanished for some weeks and probably came back a couple of days ago.

    Disabling the firewall-acceleration also helped in our case but we decided to leave the acceleration on as sophos support never told us to disable it and we wanted to find the root cause. This is diffcult as running tcpdump also will let the error go away.

    We have another issue with UDP Packets and Teams Communication which might be related in some way. However this issue is older and we have seen it also on 17.5.x.

    For me it looks like some packets are dropped under certain circumstances.

    Regards
    BeEf

  • FormerMember
    0 FormerMember in reply to BeEf

    Hi ,

    Have you opened a case with support for this issue? If not, please open a support case and PM me the case number. 

    Thanks,

  • 0 in reply to LuCar Toni

    is there any chance to open a Bug and resolve it in the next update?

  • 0 in reply to Ste

    We cannot fix anything, which is not completely investigated. And as this issue seems to be hard to troubleshoot, it needs to be investigated further. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Just to be sure: & you are using HA? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes I'm using HA. 

    I would say that the customer buy a new cluster of XG 310 and now I've say him that sophos drop packet without reason and is hard to troubleshoot it. He is not really happy about and he want to breack down the new hardware with a big Hammer...

  • 0 in reply to Ste

    Just to be clear, there seems to be an issue - It will be investigated in your case ID, if you do not want to continue to have those (ICMP!) drops, disable the Firewall acceleration for this matter. 

    I do not see any issue in this approach, you have a working workaround for the time while the issue is being identified. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes I am using HA.

    So far it is only seen by ICMP (tested mainly with Ping).
    I already told H_Patel in a personal note some details which we opened indirectly via our consulting company after the migration.

    For details you can ask your colleague Mr. Gunjan Bhatt.

  • FormerMember
    0 FormerMember in reply to BeEf

    and ,

    The support team is investigating this issue with the internal ID NC-69286. , we've updated your case with this internal ID; I will update this thread as more information becomes available. 

    Thanks,

  • 0 in reply to FormerMember

    Thank you Patel for the update

  • 0 in reply to Ste

    Wondering: Which tool do you use to monitor those pings? Can this tool adjust the ICMP timeout? Maybe there are no drops, instead simple ICMP timeout (Latency) issues? 

    Because i could eventually reproduce this with a tool and 500ms timeout, stable on 1000ms timeout. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    ping -t on windows 10 with default settings.  

    I don't think so as this goes away when running tcpdump or switching off the fastpath. 

    The default timeout is quite high (4s )and eg. google 8.8.8.8 responds very quickly ...

    (Just an example.)

Reply
  • 0 in reply to LuCar Toni

    ping -t on windows 10 with default settings.  

    I don't think so as this goes away when running tcpdump or switching off the fastpath. 

    The default timeout is quite high (4s )and eg. google 8.8.8.8 responds very quickly ...

    (Just an example.)

Children
No Data
Cookie Information Banner