Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 6 subscribers
  • Views 7623 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Additional Address on external interface of UTM stopped responding

TrotterD

Hello, hope you are well.

Today, a customer raised an incident that Outlook Web Access was not working. After investigating the problem, I found that the IP Address used for publishing the service was not responding.

This IP Address is an "Additional Address" of the external primary address on the Interface.

To resolve the problem, I had to switch off the "Additional Address" and then switch it back on.


No doubt I am going to by asked to contribute to an incident report and be requested to investigate what the root cause was. Since I have no alerts about the issue, where could I look for any clue about why it stopped working and also has anybody else had a similar problem.

Thanks in advance

Dave



This thread was automatically locked due to age.
Parents
  • 0

    Hi Dave,

    Do you see any suspicious log lines in the fallback and kernel logs? Can you think of any configuration changes or activity that resulted in this occurrence? Also, did you configure the add-interface to connect through an IPSec tunnel and whenever the tunnel goes down the additional interface needs a manual restart?

    Thanks

  • 0 in reply to sachingurung

    Hi All, thanks for the replies.

    As far as I can see there is no error similar to the one mentioned above in the WAF.

    I must admit, I have not checked the "fallback" and "Kernel logs" as I just don't know enough about supporting these systems to have thought about checking those logs. My background and main discipline is Windows systems so only started getting involved with the Linux based systems since migrating from TMG a few months ago.

    I will have a check in these logs but like most logs, if you don't really know what your looking for, its difficult to find certain issues.

    I am not using IPsec tunnels and no changes with the exception of regular patterns and one or two URL re-categorizations have occurred in recent weeks.

    Regards,

    Dave

  • 0 in reply to TrotterD

    I've seen situations in the past where the Interface definition had been disabled and, after enabling it, non-responsive Additional Addresses had to be re-activated by toggling them off/on.  Any luck with that?

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi Bob, hope you are well.

    Actually I wonder if that is what might have happened. There was an issue with the switch fabric that Sophos is plugged into and it resulted in the two external network links going up and down several times across the early hours of the morning a couple of nights earlier to the incident.

    I wonder if it was a knock on from that upset.

    Thanks

    Dave

Reply
  • 0 in reply to BAlfson

    Hi Bob, hope you are well.

    Actually I wonder if that is what might have happened. There was an issue with the switch fabric that Sophos is plugged into and it resulted in the two external network links going up and down several times across the early hours of the morning a couple of nights earlier to the incident.

    I wonder if it was a knock on from that upset.

    Thanks

    Dave

Children