Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 5 subscribers
  • Views 95184 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Random clients losing ability to connect to UTM

brendan.daniel

Hi all,

This is truly a weird one and I hope you can help me find a solution.

We have 2 ASG525's running in active-passive HA. Last night I updated one to 9.353-4 but this problem was occurring on the previous version over the last week, I was hoping the update would solve it :( 

The bulk of our 1200 users are working fine but we have been getting an increasing number of reports of a machine that cannot connect to the external Internet. When these users call up the help-desk guys have been verifying that they can connect to internal resources (Intranet, LMS etc) all correctly and they have lost all external access. Today, I have been working on a number of these devices to try and work out the cause, a reboot fixes them but that is not really a solution as it is becoming more regular.

A machine that is not working say has an IP address of 192.168.2.1 and the firewall has an address of 192.168.1.1. My machine has an address of 192.168.2.2.

From my machine I can ping the firewall but cannot ping the affected client.

From the firewall I can ping my machine but not the affected client.

From the core switch I can ping all 3 devices.

From my machine I can traceroute to google.com successfully.

From the affected machine the traceroute to google.com fails as soon as it hits the vlan address of the core switch.

From the firewall I can traceroute to my machine and google.com but not the affected machine.

From the core switch I can traceroute successfully to everything mentioned here.

I have tried to clear the ARP and route cache from the CLI of the UTM. I have tried to clear the ARP cache on the core switch. I have tried to reset every toggle switch possible in the UTM as the problem is occuring but nothing except an interface disconnect (or reboot) gets that machine to start making external connections once again.

Anyone got any ideas to help with this one?

Cheers,

Brendan



This thread was automatically locked due to age.
  • 0
    Doesn't this sound more like a problem with the core switch, Brendan? What happens if, instead of rebooting the device, you plug it into a different Ethernet jack?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Yeah Bob, I do agree except for the fact that the core switch can ping and traceroute to the device at all times? Or do you think this is more of a sign that it is the problem?

    These are wireless devices (we don't have all that many wired devices left). A wireless card disable/enable solves the issue just the same as a reboot.

    Cheers,
    Brendan
  • 0 in reply to brendan.daniel
    Ahhh! Now it sounds like your wireless controller or a malfunctioning AP. Please let us know when you track this down.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Even though that same client can still access our Intranet and LMS just not external?? The AP's are operating in bridged mode so I would think they are handing off all traffic regardless of destination...
  • 0
    OK, so since last week I have now updated the firmware on our core switches and rebooted them all. Nothing in any of their logs to show me this is related to them, unless someone else has a suggestion down this path?

    I do believe this is a problem with the UTM, it's like a connection time-out that can only be resolved with a network refresh/reconnection. I just had a client then that could access Intranet and mapped drives perfectly but no external sites. Checked the web filtering live log and his IP was not even hitting it. Disabled his network adapter and re enabled it, worked instantaneously without even closing the active browser windows...
  • 0 in reply to brendan.daniel
    Well, yuck!

    It sounds like you're down to using tcpdump on the Internal interface.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Yep, been taking Wireshark captures on the client as well as a mirrored port of the UTM's internal interface. Job logged with support, let's hope they can resolve it!
  • 0
    I currently am having a similar issue, have already opened a support case, and they have not really seamed to be able to help much so far. I have the issue where the client will get the message unable to connect to proxy server, I can ping the client from any other internal LAN computer, the client can ping all other internal lan devices such as AD dhcp servers etc. but the client pc will not be able to ping the UTM. As soon as I ping the client that has the issue from the support tools ping tool in the UTM the client immediately has external access again. I have one laptop that it happens to just about everyday, the others are just random PC's through out the network. A user can be using the PC and on the internet and then it will get the message unable to connect to proxy server. I am using a UTM320 with the latest firmware.
  • 0 in reply to timbreck
    Sounds very similar! Please let me know if you hear anything from support that is helpful.

    I have only had 1 reply from support so far, no ideas or resolutions, just asking me for more packet captures next time the issue occurs today...
  • 0 in reply to brendan.daniel

    Well we ended up restarting the http proxy services from the shell and so far we have not had any issues this week after doing this, so we will see. Not sure how that would be any different from just rebooting the UTM which I did several times and still had the issue.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML