This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Red15 disconnects after establishing RDP connection

Hi,

 

I have UTM SG210 with 2 RED tunnels.

From yesterday one of the tunnels disconnects immediately after someone in remote network trying to establish RDP connection to the head office.

And reconnect after couple of minutes.

The internet connection looks fine.

This branch was worked fine almost a year without any problems.

 

See RED log:

2017:07:31-15:34:20 mail red_server[14098]: A3501BB1E0573B3: command 'PING 0 uplink=WAN'
2017:07:31-15:34:20 mail red_server[14098]: A3501BB1E0573B3: PING remote_tx=0 local_rx=0 diff=0
2017:07:31-15:34:20 mail red_server[14098]: A3501BB1E0573B3: PONG local_tx=0
2017:07:31-15:34:34 mail red_server[14098]: A3501BB1E0573B3: command 'SYSSTATE unstable peer using stabilization timeout 30'
2017:07:31-15:34:34 mail red_server[14098]: A3501BB1E0573B3: command 'SYSSTATE last stable peer status:'
2017:07:31-15:34:34 mail red_server[14098]: A3501BB1E0573B3: command 'SYSSTATE 0 weight: 1 remote: 62.90.94.110 (dev 3), RX: miss 0/118, TX: miss 0/178'
2017:07:31-15:34:34 mail red_server[14098]: A3501BB1E0573B3: command 'SYSSTATE current peer status:'
2017:07:31-15:34:34 mail red_server[14098]: A3501BB1E0573B3: command 'SYSSTATE 0 weight: 0 remote: 62.90.94.110 (dev 3), RX: miss 0/118, TX: miss 0/240'
2017:07:31-15:34:34 mail red_server[14098]: A3501BB1E0573B3: command 'CON_CLOSE reason=unstable_peer'
2017:07:31-15:34:34 mail red_server[14098]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A3501BB1E0573B3" forced="1"
2017:07:31-15:34:34 mail red_server[14098]: A3501BB1E0573B3 is disconnected.
2017:07:31-15:34:38 mail red_server[14413]: SELF: New connection from 62.0.111.136 with ID A3501BB1E0573B3 (cipher AES256-GCM-SHA384), rev1<30>Jul 31 15:34:38 red_server[14413]: A3501BB1E0573B3: connected OK, pushing config
2017:07:31-15:34:44 mail red_server[14413]: A3501BB1E0573B3: command 'UMTS_STATUS value=OK'
2017:07:31-15:34:44 mail red_server[14413]: A3501BB1E0573B3: command 'PING 0 uplink=WAN'
2017:07:31-15:34:44 mail red_server[14413]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="A3501BB1E0573B3" forced="0"

Thanks.



This thread was automatically locked due to age.
Parents
  • Hi, Dima, and welcome to the UTM Community!

    This is a rare problem.  Before getting a ticket open with Sophos Support, try turning compressions off in the 'Advanced' section of the RED definition.

    If that doesn't fix your issue, check to see if fast_failover is enabled for this RED.  From the command line as root,

    cc get red servers

    The result of that will show you that the RED object has a reference like REF_RedReds1Example that you will use in the following command:

    cc get_object REF_RedReds1Example |grep fast

    If it is active (1) instead of inactive (0), ask Sophos Support to deactivate it to see if that fixes your problem.  They will probably run other tests before deciding that the RED is dead.  Please let us know your results.

    Cheers - Bob
    PS I found these ideas with the following Google:

    site:community.sophos.com/products/unified-threat-management/f "CON_CLOSE reason=unstable_peer"

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, Dima, and welcome to the UTM Community!

    This is a rare problem.  Before getting a ticket open with Sophos Support, try turning compressions off in the 'Advanced' section of the RED definition.

    If that doesn't fix your issue, check to see if fast_failover is enabled for this RED.  From the command line as root,

    cc get red servers

    The result of that will show you that the RED object has a reference like REF_RedReds1Example that you will use in the following command:

    cc get_object REF_RedReds1Example |grep fast

    If it is active (1) instead of inactive (0), ask Sophos Support to deactivate it to see if that fixes your problem.  They will probably run other tests before deciding that the RED is dead.  Please let us know your results.

    Cheers - Bob
    PS I found these ideas with the following Google:

    site:community.sophos.com/products/unified-threat-management/f "CON_CLOSE reason=unstable_peer"

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi BAlfson,

     

    I have the same issue, but when I ran the command 'cc get red servers' I get the below result.

    gw:/home/login # cc get red servers
    bash: cc: command not found

    Any advice would be much appreciated.

     

    Troy Choi

     

  • I Troy and welcome to the UTM Community!

    The cc command is not available to loginuser, you must become root.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA