Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 24 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1700 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 19 SD WAN Application timeout

Geniux

I have XG V19 Firewalls and created a SD-WAN policy to handle traffic for Site 2 Site Route based IPSec VPN with xfrm interfaces.

it works great, just some strange issue, many application that are used over that VPN timeout and crash after around 15 - 20 minutes,

so if a user has open an RDP session it will suddenly crash



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Vivek Jagad

    10.21.11.1 is the IP of the other side xfrm interface

    reduced Sample size to 5, let's wait and see.

    BTW, a ping site to site never dropped

  • 0 in reply to Geniux

    okay then, rest looks fine. continue to observe with the change made in SLA and revert us the results...

  • 0 in reply to Vivek Jagad

    Still disconnecting applications 

  • 0 in reply to Geniux

    Can you take a tcpdump on RDP session on Port 3389
    putty ssh > admin credentials > press 5 for the  Device Management > press 3 for the advance shell 
    # tcpdump -nei any port 3389 
    Under the putty session > under the logging > ensure all session output is selected
    And under the window > linces of scrollback = 20000000
    And wait for the disconnection...
    and then share the output to analyze the traffic...

  • 0 in reply to Vivek Jagad

    see attached a capture of a "radmin viewer / server" from 192.168.1.250 to 192.168.4.159 port 48991 over  the VPN.

    it dropped suddenly

    totermw - 20220601-233856128-M0400.txt

  • 0 in reply to Geniux

    Okay, can you also provide us an output of the following from: 
    putty ssh > admin credentials > press 4 for the device console:
    console> system route_precedence show

  • 0 in reply to Vivek Jagad

    Default routing Precedence:
    1. SD-WAN policy routes
    2. VPN routes
    3. Static routes

  • 0 in reply to Geniux

    Hello ,

    Conduct a session again, and wait for the disconnection to happen again:
    in the process, capture the following things:

    1.) Tcpdump again 
    2.) Drop packet capture: 
    Monitor dropped packets using CLI : https://support.sophos.com/support/s/article/KB-000036858?language=en_US
    3.) Monitor traffic using Packet Capture Utility : https://support.sophos.com/support/s/article/KB-000035761?language=en_US
    4.) Create and download a packet capture : https://support.sophos.com/support/s/article/KB-000037007?language=en_US
    5.) And run a live conntrack: conntrack -E -d <dstp ip> | grep <src ip> 

  • 0 in reply to Vivek Jagad

    see attached packet capture, it's possible that the capture stopped before the connection dropped.

    the connection was from 192.168.1.250 to 192.168.4.159 port 48991

    totermw - 20220603-005359940-M0400.txt

    Fullscreen totermw - 20220603-005608740-M0400.txt Download 
    
Sophos Firmware Version SFOS 19.0.0 GA-Build317 

Main Menu 

    1.  Network  Configuration
    2.  System   Configuration
    3.  Route    Configuration 
    4.  Device Console 
    5.  Device Management
    6.  VPN Management
    7.  Shutdown/Reboot Device
    0.  Exit 

    Select Menu Number [0-7]: 5

Sophos Firmware Version SFOS 19.0.0 GA-Build317 

Device Management 

    1.  Reset to Factory Defaults
    2.  Show Firmware(s)
    3.  Advanced Shell
    4.  Flush Device Reports
    0.  Exit

    Select Menu Number [0-4]: 3


Sophos Firewall
===============
(C) Copyright 2000-2022 Sophos Limited and others. All rights reserved.
Sophos is a registered trademark of Sophos Limited and Sophos Group.
All other product and company names mentioned are trademarks or registered
trademarks of their respective owners.

For Sophos End User Terms of Use - https://www.sophos.com/en-us/legal/sophos-end-user-terms-of-use.aspx

NOTE: If not explicitly approved by Sophos support, any modifications
      done through this option will void your support.


SFVH_VM01_SFOS 19.0.0 GA-Build317# tcpdu
SFVH_VM01_SFOS 19.0.0 GA-Build317# tcpdump fil
SFVH_VM01_SFOS 19.0.0 GA-Build317# tcpdump f
feedbackconfig  fontconfig/

SFVH_VM01_SFOS 19.0.0 GA-Build317# tcpdump ffiledump 'host 192.168.4.159 -s0'
tcpdump: can't parse filter expression: syntax error
SFVH_VM01_SFOS 19.0.0 GA-Build317# exit

Sophos Firmware Version SFOS 19.0.0 GA-Build317 

Device Management 

    1.  Reset to Factory Defaults
    2.  Show Firmware(s)
    3.  Advanced Shell
    4.  Flush Device Reports
    0.  Exit

    Select Menu Number [0-4]: 0
Exit

Sophos Firmware Version SFOS 19.0.0 GA-Build317 

Main Menu 

    1.  Network  Configuration
    2.  System   Configuration
    3.  Route    Configuration 
    4.  Device Console 
    5.  Device Management
    6.  VPN Management
    7.  Shutdown/Reboot Device
    0.  Exit 

    Select Menu Number [0-7]: 4
Sophos Firmware Version SFOS 19.0.0 GA-Build317 

console> tcpdump filedump 
<text>     count      hex        interface  llh        no_time    quite      verbose    
console> tcpdump filedump 'ho' st 192.168.4.159 s) 0'
tcpdump: can't parse filter expression: syntax error
console> tcpdump filedump 'host 192.168.4.159 s0' 
tcpdump: can't parse filter expression: syntax error
console> tcpdump filedump 'host 192.168.4.159 s0'-s0'
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
1000 packets captured
1131 packets received by filter
0 packets dropped by kernel
console> tcpdump filedump 'host 192.168.4.159 -s0'
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
1000 packets captured
1176 packets received by filter
0 packets dropped by kernel
console>
    totermw - 20220603-005805005-M0400.txt
    Fullscreen totermw - 20220603-010029812-M0400.txt Download 
    
Sophos Firmware Version SFOS 19.0.0 GA-Build317 

Main Menu 

    1.  Network  Configuration
    2.  System   Configuration
    3.  Route    Configuration 
    4.  Device Console 
    5.  Device Management
    6.  VPN Management
    7.  Shutdown/Reboot Device
    0.  Exit 

    Select Menu Number [0-7]: 4
Sophos Firmware Version SFOS 19.0.0 GA-Build317 

console> drop-packet-capture ; ''p'o'r't' '4'8'9'9'1'
^Cconsole>