This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Concurrent Connections lead to a crash on 9.312-5

After manually updating to 9.312-5, I noticed that my concurrent connections steadily rose far above the usual norm for my Network, which is usually around 3-6k and continued until reaching 32000.

To be more precise:

Monday 2500
Tuesday 5000
Wednesday 9500
Thursday 14300
Friday 18700
Saturday 23000
Sunday 28000
Monday 32000

This graph is linear by nature, so please don't graph my estimates [H]

Throughout the week, I checked TCP Connections via ip_conntrack, and that never went above 2500, so my only assumption was that UDP "Connections" were never flushed.

It may be coincidental, however, it seems that once I had reached 32000 Connections, the UTM stopped responding completely. I was no longer able to VPN into the UTM, browse via External (Internet), etc. I don't believe it crashed, since the UTM Slave did not take over. Since I needed to get back to work, I restarted the UTM Master, the UTM Slave took over, rebooted the UTM Master and all is right with the world again.

Thought I'd report this just in case it's a bug. If logs are needed, please let me know.

Cheers,
Kyle

This thread was automatically locked due to age.

Parents

0 William Warren over 10 years ago

you are the third to report this yes on these forums. I am not seeing it in any of my paid .12 installations(there's two..mine and my guinea pig client..) the rest are running 9.010.
Cancel
Vote Up 0 Vote Down

Cancel
0 DaMaN841 over 10 years ago in reply to William Warren

Quite interesting. UTM sacrifice, dogs and cats living together... mass hysteria! I'll keep myself on 9.312-5, instead of upgrading to the latest, to see if it happens again.

My other worry is that I've been using the same configuration for years. I have heard that there are cases where configurations sometimes don't always play well with upgrades. As I plan to move toward a more friendly (less Fort Knox stlye) outbound firewall approach, I may consider a fresh start if this continues. I may also consider not automatically upgrading both HA Nodes in the future in lieu of a guinea pig.

Thanks for the information William. It's comforting to know I'm not the only one experiencing these woes.
Cancel
Vote Up 0 Vote Down

Cancel
0 DaMaN841 over 10 years ago in reply to DaMaN841

So even after a reboot, sure enough, my lovely linear graph has continued. After about 24 hours, I've steadily increased from 1500 connections to about 7000 connections at this very moment [:O]

I only suspect it will continue until it reaches 32000 once again.

Unless someone is log curious, to which I'll wait until later this evening for responders, I'll be updating to 9.312-6 to see if that resolves this issue.

Cheers,
Kyle
Cancel
Vote Up 0 Vote Down

Cancel
0 Albeck over 10 years ago in reply to DaMaN841

A similar problem was reported by User HiRN, also with 9.312.

Have a look at https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/42153

A second one by User stpfre:

Have a look at https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/42157
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Albeck over 10 years ago in reply to DaMaN841

A similar problem was reported by User HiRN, also with 9.312.

Have a look at https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/42153

A second one by User stpfre:

Have a look at https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/42157
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 DaMaN841 over 10 years ago in reply to Albeck

I'm bittersweet that it's not only me, Albeck. Sweet that I'm not alone, however, unfortunate that there may be a defect.

That being said, I've let the UTM churn for an additional day as I saw it starting to plateau in the late afternoon, early evening. For the past 24 hours, I've been hovering in the high 6000's, only reaching 7000 here and there.

In all honesty, I was hoping it would be more obvious and less finicky / intermittent...much more difficult to track down the culprit. [:S]
Cancel
Vote Up 0 Vote Down

Cancel