Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 8850 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sophos UTM site to site VPN to AWS packet loss since 9.351-3 firmware update

AlastairFerguson

I updated the firmware to 9.351-3 about a week ago and firstly it totally screwed AWS Site to SIte VPN so had to rebuild the whole thing from scratch, but now we seem to be getting a large amount of dropped packets (50%) randomly, then I reconnect the WAN to our PPPoe hosts and turn the BGP and VPC VPN off and on again and it seems to be fine until the next day.

Is this a known issue? Will it be fixed in 9.352 or can I revert to the older software>?

Lots of people shouting at me now.

Let me know,

Thanks!

Alastair



This thread was automatically locked due to age.
Parents
  • 0

    Hello Alastair,

    did you get solution for it. i'm exactly facing the same issue. when there are no users their are no packet drops, but as soon as some traffic is there packet drops starts. i am on 9.351-3. 

    i don't remember upgrading it though since last 2 months. its suddenly started happening since a week or two may be.

    If you could tell me how you were able to fix it, would certainly help me out this complicated situation. 

     

    Ashish

  • 0 in reply to Ashish Barmase

    Hi, Ashish, and welcome to the UTM Community!

    This sounds like an MTU issue.  What do you see that leads you to conclude that you have packet loss?  What do you see when you conclude there is otherwise no packet loss - what is happening at that time?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks for the response Bob.

     

    Where are are very few users the ping to aws instance works fine. but as soon as many users on their worksystems, the ping RTO start getting in between. very feruqent. the connection to aws itself appers slow at that moment. 

    Also, as we use AWS Virtual private gateway as cloudhub, our two sites conneting to same VPG communicate to each other via same VPN. While the PING Rto are showing up, the remote support MSRA sessions between two sites gets frequent disconnetcs. 

    Spoke with AWS support, but they said the ICMP is non-prororites at their end, so we shouldn't worry about ping results. but as RDP session gets disconnects, seems something is not right at all.

     

Reply
  • 0 in reply to BAlfson

    Thanks for the response Bob.

     

    Where are are very few users the ping to aws instance works fine. but as soon as many users on their worksystems, the ping RTO start getting in between. very feruqent. the connection to aws itself appers slow at that moment. 

    Also, as we use AWS Virtual private gateway as cloudhub, our two sites conneting to same VPG communicate to each other via same VPN. While the PING Rto are showing up, the remote support MSRA sessions between two sites gets frequent disconnetcs. 

    Spoke with AWS support, but they said the ICMP is non-prororites at their end, so we shouldn't worry about ping results. but as RDP session gets disconnects, seems something is not right at all.

     

Children
  • 0 in reply to Ashish Barmase

    Using tcpdump or other, check to see whether you're creating fragmented packets due to an MTU setting on your local UTM.  What version are you using = 9.407?

    Cheers - BOb

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML