Hello community,
until now we had several "old" vlans which are routed over the core switch.
Any traffic between the vlans and the corresponding subnets is allowed. No acls, no packetfiltering.
Now we created new vlans with new subnets and tried to route the traffic over the sophos xg.
So we created vlan interfaces on the lacp trunk interface which is connected with the core switch.
So far so good. Everything works as expected.
The clients are getting an ip address via dhcp relay (sophos xg) from the dhcp server,
the clients can access the servers and resources in the old vlans and vice versa.
But sometimes it seems like the xg is "droping" single tcp sessions between a client and the file server e.g..
An example: there are two co-workers in a room. Both are working with a database file which is lying on the fileserver and opened
in microsoft access on the client.
They are editing the database simultaniously (as usual in the old vlan infrastructure) and everything works fine.
But then suddenly one client gets the message "connection to the database was interrupted" and the access database file has to be reopened.
The other client, which is connected to the same switch, to the same vlan in the same subnet, dont gets this error and is able to work without reopening the file.
Sometimes the whole windows explorer is frozen for a few seconds in this moment and then continues working after the freeze.
If we run a ping at the fileserver, there are no highpings or timeouts while the problem occurs so it is not a general network problem...
In the Windows Error Log there are no errors in the moment of the error.
To exclude the switching infrastructure as the source of error we moved one of these clients into the old vlan (which is still routed via core switch and not the firewall) and the problem do not occur anymore.
We created firewall rules which allows any traffic between the new and the old vlans with no intrusion prevention activated or any other security features enabled. But this does not help.
So i think it has something to do with the sophos firewall.
In the log viewer there are no blocked packets on time of the error. The device console "drop-packet-capture" is not showing dropped packets.
Are there any suggestions what we can do to fix the problem?
We have a Sophos XG 550 cluster with firmware version 18.5 MR1 installed.
CPU usage is around 5% avg and the RAM is using 50% avg.
The error itself is absolutely random. It can occur 5 times in 20 minutes or 1 time in a normal workday.
It is not just the fileserver. Applications which are connecting to a server vm hosted service are also affected.
Thanks for your replies!
Kind regards
Nafets
This thread was automatically locked due to age.
