Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 16 replies
  • Subscribers 5 subscribers
  • Views 1516 views
  • Users 0 members are here
Options
Suggested

WAN link manger fails to test after link restore

rfcat_vk

Hi folks,

I have been experimenting with putting a UTM in front of the XG for when I change ISPs, they use a connection method not currently supported by XG. When I have finished my experiment for the night, I restore the connection to the XG and both links show down. Edit the WAN interface gets the IP4 connection working, but not the IPv6 even though the IPv6 has an address.

editing the WAN link  manager does not help, so a restart is required which on an XG115W is painfully slow.

This is not the case in previous versions of XG.

Ian

  • 0 in reply to sanket.shah

    Tomorrow's challenge, makes good activity, weather forecast is rain, rain, rain.

    I will copy today'y result before starting testing tomorrow and sent it to you in PM. Should not having any parameters for port allowed the capture of all traffic?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    TCPDUMP which you have taken earlier will only capture traffic destined to host 2001:4860:4860::64. DHCP6 traffic won't have this as source or destination so it won't be capture.

    On a second thought, I suggest to save pcap on appliance itself so that it can be reviewed later. Please use following command (verified on your appliance) which will save pcap file in /var/sanket-logs folder.

    XG115w_XN03_SFOS 19.5.0 EAP1-Build144# tcpdump -n host 2001:4860:4860::64 or port 546 or port 547 -vv -b -w /var/sanket-logs/icmp6_dhcp6.pcap

    Regards,

    Sanket Shah

    Regards,

    Sanket Shah

    Senior Development Manager, Sophos Firewall

  • 0 in reply to sanket.shah

    Okay, will do.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to sanket.shah

    Hi Sanket,

    thinking about the command line, it will not produce the results you are after because the IPv6 address is a google one and not a telstra network server.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I sent you a PM.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hello Ian,

    After doing investigation from the logs and pcaps gathered on your setup, it sounds like defect.

    There might be some race condition happening between DHCP IPv6 address assignment and gateway.

    Issue is being tracked against NC-108057 internally and we will try to fix it as soon as possible.

    Meanwhile only workaround in such scenario is - reboot the appliance :-(

    Thanks a lot for all your support and cooperation. And sorry for the inconvenience caused.

    Regards,

    Sanket Shah

    Regards,

    Sanket Shah

    Senior Development Manager, Sophos Firewall

Unfiltered HTML