Thread Info
  • State Not Answered
  • Replies 16 replies
  • Subscribers 0 subscribers
  • Views 2597 views
  • Users 0 members are here
Options
Suggested

[7.904][BUG][FIXED] HTTP/S proxy issue w/active-active cluster

darrenl
Hi,

Same issue as 7.903 - was this fixed in 7.904?
Can I reapply the patch again or will this no longer work?

https://community.sophos.com/products/unified-threat-management/astaroorg/f/102/t/69427

Cheers,

Darren

Correction - workaround does not work per 7.903 (i.e. turn off HTTP/S proxy), the http packets are then dropped and won't allow direct connection out.

Had to shut down one node and reboot the other before I got a usable connection.
Parents
  • 0
    Hi Ulrich,

    Back to issues with HTTP/S traffic this morning via the cluster.
    When monitoring the HTTP/S live log, the slave node(3) is not processing any traffic, only the master node.  Computers trying to access web traffic are seeing very poor performance when trying to view web pages.
    Moved profile to 'Standard' from 'Transparent', no change.
    Disabled IPS, no change.
    Disabled HTTP/S proxy, very slight improvement but now see a lot of these style entries hitting the packet log:

    2010:04:30-08:10:17 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54758" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:17 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54757" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:17 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54756" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:17 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54755" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:19 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54758" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:19 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54757" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:19 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54756" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:19 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54755" dstport="8080" tcpflags="ACK FIN"

    Again, no entries in the packet filter for the slave node(3).

    CPU/memory usage for master node (pic attached):


    Cheers,

    Darren
Reply
  • 0
    Hi Ulrich,

    Back to issues with HTTP/S traffic this morning via the cluster.
    When monitoring the HTTP/S live log, the slave node(3) is not processing any traffic, only the master node.  Computers trying to access web traffic are seeing very poor performance when trying to view web pages.
    Moved profile to 'Standard' from 'Transparent', no change.
    Disabled IPS, no change.
    Disabled HTTP/S proxy, very slight improvement but now see a lot of these style entries hitting the packet log:

    2010:04:30-08:10:17 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54758" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:17 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54757" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:17 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54756" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:17 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54755" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:19 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54758" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:19 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54757" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:19 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54756" dstport="8080" tcpflags="ACK FIN"
    2010:04:30-08:10:19 mercury-1 ulogd[4441]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0.10" srcmac="0:23[:D]f:7e:cf:30" dstmac="0:1a:8c:f0:bf:0" srcip="10.10.0.80" dstip="10.10.0.2" proto="6" length="52" tos="0x00" prec="0x00" ttl="64" srcport="54755" dstport="8080" tcpflags="ACK FIN"

    Again, no entries in the packet filter for the slave node(3).

    CPU/memory usage for master node (pic attached):


    Cheers,

    Darren
Children
No Data
Cookie Information Banner