Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 1163 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Link error 2nd WAN Interface

MueTi

An einer SG330 sind zwei Interface für den WAN-Zugriff mit Multipath-Rules konfiguriert. Beide Interface sind über eine statische IP über je ein VLAN mit dem Providerrouter hier vor Ort konfiguriert. Das lief so bis vor kurzem seit mind. 2 Jahren problemlos. Nun geht das eine WAN-Interface gelegentlich in einen Link-error und kein traffic führt mehr über diese WAN-Verbindung. Ein shut / no shut des Interface auf der SG behebt das Problem. Konnektiert ist das Interface an einem Cisco 2960x, wo keine Fehler auf dem Port ersichtlich sind. Sowohl Switchport und WAN-Interface der SG sind mit auto-negotiation konfiguriert, der Switchport stellt sich auf 1000/FULL ein. Was könnte hier die Ursache sein?



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    If the interface is up but the link shows an error, it means UTM is able to communicate to the directly connected peer but the ISP connection is down or an incorrect IP address is configured. 

    When the link status shows an error, are you able to ping the gateway? What did you configure under Interface > Uplink Balancing > Monitoring Hosts? 

    Thanks,

  • 0 in reply to FormerMember

    Thank you for your answer. 
    I´m not sure if ping is working to gateway. At the next issue I´ll try it and tell you.

    For Monitoring Hosts, Automatic monitoring is activated.

  • 0 in reply to MueTi

    the issue occured again, ping to gateway doens´t work, 
    I tested now with notebook in same vlan and it works, internet-access is possible too.
    shut and no shut on switchport with no changes, shut and no shut on sophos interface and it workes again

  • FormerMember
    0 FormerMember in reply to MueTi

    Hi ,

    Thank you for the update. 

    Is it possible for you to put layer 2 switch between UTM and your ISP modem and then monitor this issue? 

    If the interface is up and the link down does not indicate the issue is with the UTM interface/hardware. 

    Thanks,

  • 0

    Ich hatte ein ähnliches Verhalten mit einem Hitron-Modem an einem Cable-Provider Anschluss. Wir haben dann einen "dummen" Switch dazwischen geschaltet, dann lief es. Letztlich hat aber Unitymedia das Modem getauscht, weil es mit einem bestimmten Firmware-Update für das Hitron ein Problem gab, so dass die anschliessend instabil liefen.

    Ein nachträgliches Downgrade der Firmware war da angeblich nicht möglich.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to FormerMember

    There are switches and no ISP modem:

    Sophos SG330 - CopperCabel - Cisco2960x - Fiber Optic Cable - Cisco2960x - CopperCable - Juniper EX3400 (ISP Router)

    There is no error on any switchport. It worked for over 2 years without any error before this issue appeared. Now Í activate Ulink Monitoring for Gateway IP with Intervall 15 and Timeout 3.

    EDIT: Just I click Apply both WAN interface link went down and no traffic to internet was possible over both interface so I reactivated Automatic monitoring and it worked again.

  • 0

    Hallo,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment.)

    I've seen the same problem with the Cisco fiber optic switch.  If this problem began with an update of the Cisco firmware, you might be able to fix it by disabling auto-negotiation on the Cisco and UTM and fixing the speed and duplex settings on both devices.  The trick of putting a dumb switch between the Cisco and the UTM also gets rid of the incompatibility between the UTM's NIC and the Cisco's.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML