Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 9042 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAN Link goes down Every 6 Hours

VivekKumar

Hello,
I am using Sophos XG firewall Home Edition with firmware SFVH (SFOS 16.01.2).
It is installed on a dedicated Intel Hardware (ZotacZbox Nano CI321 Dual Gig Ethernet).

Current Network Setup -
1. Airtel ADSL Link with Static IP lands on ADSL modem configured in Bridge mode
2. This modem is connected to the WAN port (Port 2) of the firewall through a Straight Through cable
3. And then the firewall’s LANport (Port 1) is connected to Wi-Fi router
4.
The Problem – WAN interface (Port 2) goes down precisely every 6 hours.
Work Around - To resolve it, I simply go to
ConfigureNetworkPort2 and then without making any changes, I save the page and it works.
Troubleshooting done so far –
1. Replaced ADSL Modem
2. Replaced Straight Through Cable between the ADSL Modem and the Firewall WAN port (Port 2) with another Straight Through Cable
3. Tried Crossover cable as well between the ADSL Modem and the Firewall WAN port (Port 2)
4. Tried Auto Negotiation and all combinations of Manual setting of Speed and Duplex at the Firewall’s end (Port 2)
5. ADSL modem does not have options to change Speed and Duplex settings.
I am looking at the experts in forum to help me resolve it. Thanks in advance...



This thread was automatically locked due to age.
Parents

  • Vivek,

    an interesting thing to check are system logs. Also, by command line, give us the output from this 2 commands:

    netstat -s

    ethtool -S "portname"

    Thanks

  • in reply to lferrara

    Thank you, Luciano. Below are the requested details - 

    Log snapshot at the time of event - 

    SFVH_SO01_SFOS 16.01.2# netstat -s
    Ip:
    0 total packets received
    0 forwarded
    0 incoming packets discarded
    1468160 incoming packets delivered
    1763172 requests sent out
    654 dropped because of missing route
    574 reassemblies required
    287 packets reassembled ok
    Icmp:
    17154 ICMP messages received
    6 input ICMP message failed.
    InCsumErrors: 0
    ICMP input histogram:
    destination unreachable: 14903
    echo requests: 19
    echo replies: 2232
    16160 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
    destination unreachable: 11997
    echo request: 4144
    echo replies: 19
    IcmpMsg:
    InType0: 2232
    InType3: 14903
    InType8: 19
    OutType0: 19
    OutType3: 11997
    OutType8: 4144
    Tcp:
    26179 active connections openings
    30331 passive connection openings
    1608 failed connection attempts
    2772 connection resets received
    304 connections established
    1067478 segments received
    1028866 segments send out
    12758 segments retransmited
    7 bad segments received.
    6211 resets sent
    InCsumErrors: 0
    Udp:
    368096 packets received
    11553 packets to unknown port received.
    1221 packet receive errors
    448031 packets sent
    RcvbufErrors: 244
    SndbufErrors: 0
    InCsumErrors: 0
    UdpLite:
    InDatagrams: 0
    NoPorts: 0
    InErrors: 0
    OutDatagrams: 0
    RcvbufErrors: 0
    SndbufErrors: 0
    InCsumErrors: 0
    error parsing /proc/net/snmp: Success
    **********************************************************************

    SFVH_SO01_SFOS 16.01.2# ethtool -S Port2
    NIC statistics:
    tx_packets: 456749
    rx_packets: 397109
    tx_errors: 15
    rx_errors: 308
    rx_missed: 0
    align_errors: 167
    tx_single_collisions: 8
    tx_multi_collisions: 7
    unicast: 393014
    broadcast: 2396
    multicast: 1699
    tx_aborted: 0
    tx_underrun: 0

    **********************************************************************

  • in reply to VivekKumar

    Vivek,

    what about configure static ip on WAN side?

    What NIC interface is using your box?

    Thanks

Reply Children
  • in reply to lferrara

    Hi Luciano,

    On WAN side, I have set Speed = 100Mbps and Duplex as full. Interestingly, when I set WAN port to Autonegotiation, it results into Speed = 100 Mbps and Duplex = Half Duplex.

    I believe NiC interface is from Realtek family.

    Earlier this setup was running without any problem, it started cropping up since I subscribed Static IP Address. Do you think Static IP has got any relation to this problem? 

    Thanks...Vivek

  • in reply to VivekKumar

    Vivek,

    I saw on other threads that Realtek have some issues on XG. Anyway if you configured autonegotiation, there is someone that is not able to negotiate at full duplex. You should try to fix every single port on fixed speed and duplex mode and retry.

    Fixed IP should not be the problem. You can ask to your ISP if the port is working at half-duplex and at what speed.

    Thanks

  • in reply to VivekKumar

    Hi Vivek , 

    As per Luk suggestion , you may use 100HD or 10HD , if your ISP connection is > 10mbps then use 100HD this should be compatible. As I saw there is some negotiation issue and due to that the connection drop and packet loss is noticed.