Hi,
after upgrading our SG210 from v15 to v16 two weeks ago we encounter multiple LAN-to-LAN Network issues. Everything else (VPN, LAN-to-WAN, ...) works fine. We have not detected any degradation in performance on outbound traffic nor connection timeouts.
Setup
We have two subnets (say 10.1.2.1/255.255.255.0 and 10.1.3.1/255.255.255.0 on Port E0 and Alias PortE0:0) and a LAN-to-LAN Rule on top (LAN/LAN - Any Host/Any Host - Any Service).
Problem
Since the v16 upgrade
- SSH connections from 10.1.2.x to 10.1.3.x die after one or two minutes (broken pipe) while SSH to external hosts or SSH originating from VPN zone stay alive for hours...
- NFS mounts do not work (drop-packet-capture on console shows log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied fw_rule_id=0
As far as I understand the results of drop-packet-capture the LAN-to-LAN rule does not match (nor any other since log_subtype is »Denied« for »fw_rule_id 0«). Both services, SSH and NFS, worked flawless on v15, the setup did not change after the upgrade.
What we already tried
- checked the »Troubleshooting guide for XG« by sachingurung
- disabled all firewall rules
- disable all rules but LAN-to-LAN
- created rules on top for single host/single service in both directions for SSH/NFS and particular test hosts
- moved the second subnet to physical PortE4 (in LAN zone) and again try with and w/o rules
- created extra zone for PortE4 and added rules for LAN / new test zone
So far we were unable to solve this problems. Any advice to isolate the root cause of the problems is highly appreciated ;-)
Andreas
This thread was automatically locked due to age.
