Additional Address on external interface of UTM stopped responding

Hi Dave,

Had a similar problem yesterday.  In my case I added a new IP address to the external interface and assigned it to a virtual web server. The WAF stopped for about 10 minutes and then restarted. The UTM CPU went to 100% and all websites were unavailable externally. The following entry was in the WAF log referring to the IP address I added: 2016:09:21-14:55:02 utm-cpc-2 reverseproxy: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address.  I have opened a case with Sophos.

Hi David, hope you are well.

Thanks for the info in your reply. I will do a search in the WAF log to see if I have any similar entries as yours.

Regards,

Dave

hi Dave,

this problem exists over a long time and i never could solve it. after a few minutes with no outgoing traffic the additional ip´s can´t be reached anymore until you switch the interface off/on. or you can send a ping from the server outside then it works again for about 10mins. the strange thing is that not all ip´s affected only server which are generating over a longer time no outside traffic. the only workaround i found is to send a continous ping for e.g. to 8.8.8.8 from all servers to keep the ip´s alive.

best oliver

Hi Dave,

Do you see any suspicious log lines in the fallback and kernel logs? Can you think of any configuration changes or activity that resulted in this occurrence? Also, did you configure the add-interface to connect through an IPSec tunnel and whenever the tunnel goes down the additional interface needs a manual restart?

Thanks

Hi All, thanks for the replies.

As far as I can see there is no error similar to the one mentioned above in the WAF.

I must admit, I have not checked the "fallback" and "Kernel logs" as I just don't know enough about supporting these systems to have thought about checking those logs. My background and main discipline is Windows systems so only started getting involved with the Linux based systems since migrating from TMG a few months ago.

I will have a check in these logs but like most logs, if you don't really know what your looking for, its difficult to find certain issues.

I am not using IPsec tunnels and no changes with the exception of regular patterns and one or two URL re-categorizations have occurred in recent weeks.

Regards,

Dave

I've seen situations in the past where the Interface definition had been disabled and, after enabling it, non-responsive Additional Addresses had to be re-activated by toggling them off/on.  Any luck with that?

Cheers - Bob

Hi Bob, hope you are well.

Actually I wonder if that is what might have happened. There was an issue with the switch fabric that Sophos is plugged into and it resulted in the two external network links going up and down several times across the early hours of the morning a couple of nights earlier to the incident.

I wonder if it was a knock on from that upset.

Thanks

Dave

Hi Dave, 

So does that conclude it was a non-Sophos issue?

Thanks

Hello,

Not really sure what the root cause was as it was two days after the switch issue.

Will keep an eye on it and see if it re-occurs.

Thanks all.

Dave