Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 3200 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid TCP RST

Alex Harding1

Hi all

Bit of a strange one here.

So during the Virgin Media Outage on Thursday, we connected a 4G dongle to one of our XGs.
We were unable to get the 4G to connect so I disabled cellular WAN and deleted the cellular interface from the XG.

Virgin Media came backup, all appeared to be working as expected. Until Friday morning when the guest network stopped working.
The guest network is Vlanned off from the main network but runs over the same APs. As mentioned the Guest WiFi was working fine up until the point the 4G dongle was connected and removed. We have 2 other sites for the same customer with the same setup who are currently working without issue.

We are using Unifi APs.

The error I see in the log files is "invalid TCP RST"

I have tried the following;

Rebooted the APs
Rebooted the wireless controller
Updated and rebooted the Sophos XG (17.5.10)
Disabled and re-enabled DHCP on the XG for the Guest
Deleted and recreated the guest firewall rule
Set the Guest Firewall rule to any outbound

We have no Web filtering or IPS on this XG

Any help /Ideas would be appreciated. 

 

 

Regards



This thread was automatically locked due to age.
  • 0

    Hi  

    You have rebooted everything but the firewall.  I assume that the DHCP service for your Guest wireless is on the XG as per your post.  Thus the guest is able to get a DHCP response to its request.  Now we need to know where the traffic stops.  I doubt the 4G dongle would have caused any problems unless it gives the cellular interface the same IP as the XG DHCP for your guest wireless.  That would have caused the routes for that network to be deleted.  Simply deleting the interface and recreating it would recreate the routes required.  However this could cause you to not gain access to your XG except from the WAN side or another interface you have configured with a known IP.

    Could you post a screenshot of your interface list and output from "Advanced Console" of command "ip route show table all"?  You could PM it to me as well for privacy reasons.

    I would also investigate from your switch and setup port mirroring from the switch and wireshark dump the data to see where the traffic is going from/to.

    Thanks!

    KingChris
    Community Support | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to KingChris

    Hi KingChris!

    Thank you for your response but the issue is now resolved.
    I rebooted all APs again and left the XG off overnight and all is working as expected this morning :D

    The RST errors have also disappeared from the event log.

    Thankyou for your help

Unfiltered HTML