Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 13538 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Potential Bug 9.312 Availability Groups

HiRN
Hi,

maybe I found a bug in 9.312. I use Availability Groups for some DNS Servers, monitoring by UDP/53. I also log invalid packets in the Firewall log. Since 9.312 the packets are logged as invalid.

Also there seems to be a permanent rise in concurrent connections, on my installations they went up steadily from approx 200 up to 4000, after a reboot back to 200, and now slowly rising again. Don't know if this related to the AG bug. I set the AG to monitor by ping and will watch the number of concurrent connections.


This thread was automatically locked due to age.
  • 0
    Concurrent Connections still rise permanently although I changed the above mentioned.

    Administrating:

    • 2x UTM Software HA-Clusters (Active-Passive), Enthusiast Home Lab
    • 1x UTM525 HA-Cluster (Active-Passive), Full Guard, 6x AP15, 2x AP30, 40x RED10, 1x RED50
    • 1x SG230, Full Guard, 6x AP10, 1x AP15
    • 1x UTM220, Full Guard, 16x AP10
    • 1x UTM220, Full Guard
  • 0
    Changing the AG to ping did'nt change the behaviour with concurrent connections. Still, the UDP53 requests to the DNS Servers defined in the AG are logged as invalid packets by the UTM.

    Administrating:

    • 2x UTM Software HA-Clusters (Active-Passive), Enthusiast Home Lab
    • 1x UTM525 HA-Cluster (Active-Passive), Full Guard, 6x AP15, 2x AP30, 40x RED10, 1x RED50
    • 1x SG230, Full Guard, 6x AP10, 1x AP15
    • 1x UTM220, Full Guard, 16x AP10
    • 1x UTM220, Full Guard
  • 0
    HiRN, please show a logfile line indicating invalid packet.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Really wonder,as I use this constellation in all Installations I touched once...do you maybe use multiple uplinks with different ISPs and ISP dns servers in the UTM forwarder?
  • 0
    Sascha, I think he was unlucky and that the 9.312 Up2Date broke his config.  I bet he got it back by doing a restore.  I'm hoping that we're nearing the end of the time when this happens to so many people.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    No, he is describing something that I have seen, too, that @scorpionking indicated was caused by availability groups using udp/53.  I have completely rebuilt mine and the issue still remains.  I got rid of the log entries by simply changing my availability group to an icmp ping instead of udp/53.

    I had issues with httpproxy after the initial upgrade to 315(?) but after a restore it was resolved.  I have not had the concurrent connections issue, though.
Cookie Information Banner