Hi,
a client of ours is using an Astaro firewall (an iBase rack 4XLe appliance running Astaro software), which has 2 connections on the 'outside'. The first is a dedicated dsl with a vpn on it, that goes to the central vpn concentrator to hook up to the total company-wide lan, the second is a local dsl connection, used for getting large updates, and to host a small web-application the external call center uses to log calls and reports. LAN and the 2 WAN connections are all in 1 bridge, as the routers are configured in the same subnet as the LAN is (historical issue). I cannot cannot the local cisco dsl router as I don't have the passwords of it... Still looking to change this router's config though... The dsl/vpn connection itself is a configured cisco router, managed by another company. Configuration changes are to be confirmed by the central IT (who doesn't respond quickly to non-urgent questions, and they think this is not an urgent matter as their service isn't interrupted)
All PC's in the lan (except a few like the MS Windows Update Server getting all MS Updates etc...) connect to the internet through the dsl/vpn connection.
Now what happens is this:
after a while (couple of days, or sometimes less), the connections going through the local dsl are blocked... both in->out and out->in. this means, the few pc's/servers using this route cannot connect to the internet anymore. The webapplication for the callcenter is out too.
The other connection to the vpn is unharmed, and stays in place.
The webadmin and ssh connections to the firewall itself don't respond. Only option is a reboot from the lcd in the front, or a hard reboot.
As this isn't normal, I started looking at it, and so did my colleagues. We're 5 now that have been looking at config and settings, and we all conclude there's nothing really wrong with this config, except that it's a little odd to use 3 bridged connections, but that should keep working once it starts... It has for weeks/months and it started behaving weird for the last few weeks now...
A few minutes ago, I noticed the Load on the machine ramps up to about 2 constantly, about 10-15 minutes after reboot, and doesn't come down... I suppose a process is getting mixed up or so, or a memory problem is occurring and the firewall doesn't come out of the load.
All the machine does is NAT-ting, packet filtering and ids/ips... there are no proxys in use, no antivirus, no antispam... which can cause high load... the machine has a full P4 2.4GHz processor, and 512MB DDR memory, so it should run smoothly, no? It's running latest versions of the v6 (currently running v6.311 now)
I never had an issue with this firewall before, never seen a similar thing happening...
Can anyone point me where to look and what to try?
I'd like to change all the routers to an extra subnet, and to leave the bridged-config to a full routed config, but at the moment, that doesn't seem so easy right now... We don't have a backup config of the cisco router for the local dsl, and just trying to reconstruct it, might leave us with a line that doesn't do anything anymore, so I'm a bit cautious on this part...
Any help is welcome! Thanks!!
This thread was automatically locked due to age.