DNAT rule goes thru and drop in the same moment - that drives me crazy!

Hi

To connect to the ISP service, are you using a VDSL modem (like the Draytek 130) or a NAT router? The reason I ask is the mention of the 'second crazy thing' has put me in mind of an issue that happened to me (a couple of years ago) and I wonder if it's related to your issue with the ISP dropping and re-establishing every 24 hours (and likely your ISP assigned public IP address changing)?

When I first started using UTM, I used a NAT router to connect to the ADSL, then I moved to using a Draytek Vigor 120 modem (essentially a PPPoE to PPPoA converter, but no NAT) which meant that my UTM's WAN directly faced the Internet (and thus had my public IP address) and that worked very well, for a while. At that time, the connection was quite stable, but it did occasionally drop and reconnect (and thus I was assigned a new public IP address) and though I wasn't monitoring things closely, it never seemed to cause me any problems.

After a few months, something changed (likely after a UTM update) and whenever the ISP then dropped and reconnected (and thus I was assigned with a new IP address) I had problems. The first thing I did was to look at the UTM's WAN interface and I noted that it still showed as having the previously assigned IP address (from before the drop and reconnect) so for some reason, the UTM WAN interface was no longer 'refreshing'. To get around the problem, I had to revert to using a NAT router (so the UTM WAN interface had a static, internal address) and I have just left it like that, ever since (I am now on VDSL, so I'd have to buy a Draytek 130 in order to test whether that still happens, or not).

Back in the day, I seem to recall finding (here) a discussion on that very same issue (and someone reckoning that it was a UTM bug) but I do not know how things progressed.

Sorry if I am wildly off track and that is not the issue (or if you are already using a NAT in front of UTM) but it just seems a rather strange coincidence that an ISP reconnect (and thus likely a new public IP address being assigned) results in a behavioural change (implying to me that your UTM isn't behind a NAT) and as nobody else has yet responded, I thought the above might be worth a mention.

Bri

Hi

To connect to the ISP service, are you using a VDSL modem (like the Draytek 130) or a NAT router? The reason I ask is the mention of the 'second crazy thing' has put me in mind of an issue that happened to me (a couple of years ago) and I wonder if it's related to your issue with the ISP dropping and re-establishing every 24 hours (and likely your ISP assigned public IP address changing)?

When I first started using UTM, I used a NAT router to connect to the ADSL, then I moved to using a Draytek Vigor 120 modem (essentially a PPPoE to PPPoA converter, but no NAT) which meant that my UTM's WAN directly faced the Internet (and thus had my public IP address) and that worked very well, for a while. At that time, the connection was quite stable, but it did occasionally drop and reconnect (and thus I was assigned a new public IP address) and though I wasn't monitoring things closely, it never seemed to cause me any problems.

After a few months, something changed (likely after a UTM update) and whenever the ISP then dropped and reconnected (and thus I was assigned with a new IP address) I had problems. The first thing I did was to look at the UTM's WAN interface and I noted that it still showed as having the previously assigned IP address (from before the drop and reconnect) so for some reason, the UTM WAN interface was no longer 'refreshing'. To get around the problem, I had to revert to using a NAT router (so the UTM WAN interface had a static, internal address) and I have just left it like that, ever since (I am now on VDSL, so I'd have to buy a Draytek 130 in order to test whether that still happens, or not).

Back in the day, I seem to recall finding (here) a discussion on that very same issue (and someone reckoning that it was a UTM bug) but I do not know how things progressed.

Sorry if I am wildly off track and that is not the issue (or if you are already using a NAT in front of UTM) but it just seems a rather strange coincidence that an ISP reconnect (and thus likely a new public IP address being assigned) results in a behavioural change (implying to me that your UTM isn't behind a NAT) and as nobody else has yet responded, I thought the above might be worth a mention.

Bri

Hi Briain, thank you for your thougts.

In the Moment I use a ZyXEL VMG1312-B30A VDSL-modem in front of the sophos utm. Every 24h I get a new public IP address, I don't have a static one. Luckily, I've had no problems with it so far.

I understand why you changed your configuration and I think about it, if I will use a Fritzbox in front of the sophos utm. Then the utm will get a static IP from the Fritzbox and maybe my problems also gone?!... I will test this, If no simpler/complex solution opens up (maybe a config change only ;-)