VPN Dropping Packets

Hi, Jae, and welcome to the UTM Community!

What do you learn from doing #1 in Rulz?

Cheers - Bob

Thanks Bob!  I had Intrusion Prevention turned on, on both sides of the VPN.  I have turned them both off and will give it a shot over night and see how it does.

Jae

Did you check the logs?  I don't think disabling Intrusion Prevention will make a difference.  Please re-read #1.

Cheers - Bob

2017-02-15 Thanks, Jae for letting me know that I'd hit the "2" instead of the "1" key.

Bob, rule #2 is a broad description of how traffic is passed through the system. Traffic is passing through but occasionally packets are dropped or loss.  Using ping it can be one or two or 10 in a row then it comes back.  Sometimes it is choppy for a bit and at other times it is solid.  Pinging outside of the VPN there are no drops between sites so I know it is not the Internet on either side. I also know it is not our switches or local LAN otherwise there would be drops regardless of how the traffic came in.   I don't see anything in the logs as it is small drops here and there.

Jae

Jae, I meant #1.  Typo!  I'll correct my previous post - Thanks!

Cheers - Bob

OK, Bob I have gone through rule #2 and I am still having problems.  I have now started continuous pings to google.com, our Firewall and our UK office Firewall (Internal numbers) and they all drop at the same time and come back up at the same time.  I have also done this on the other side and we get the same drops.  I can see the VPN route pings dropping but why would the firewall drop pings when I am sitting on the same network and it is happening on our other network as well? See screenshot. Your wisdom is needed!

Jae

The mystery deepens...

Off the top of my head, I wonder if there isn't an Ethernet loop somewhere that's creating an occasional network storm.  Maybe someone that brought in their own wireless router and has it plugged in incorrectly?

Cheers - Bob

My thoughts exactly Bob!  A phone, laptop, tablet or router with the same IP as our firewall.  Out of frustration I got a new PC, new network cards and reinstalled the UTM from scratch and restored our backup file to see if there is a hardware issue with our UTM.  I will let you know how it goes next week.

Cheers!

Jae

Hi Jae,

Which is Sophos Appliance/Model deployed on the 2 ends? Check the network usage graph, do they look normal or fully utilized?

If you do not see any drop from #1 from the Rulz by Bob then there's something else causing it.  Will you be able to raise a support query?

Thanks

I don't think that it is a loop because the reply times of the pings are all good. From my experience the reponse time goes straight up when someone created a loop.

Referring to the posted informations it looks like a generally problem with the UTM. But you also wrote, that both sites have the same problem and that's pretty unusal. Are the problem occure on both sites at the same time? Means you can't ping the UTM LAN interface from within the same subnet/LAN on both sites at the same time? That would point to a VPN problem, like same configured subnet on both sites or something like that.