Intermittent VPN Issues

RE: Intermittent VPN Issues

Alan Spark — Mon, 07 Jun 2021 15:07:40 GMT

Ok, thanks for your quick reply. I will try to create a support case but from past experience I get much better support from you and your colleagues on here. I could wait weeks for a reply to a support case.

However, it will be very difficult to do what you suggest and take a packet capture as the issue is intermittent and it is happening for a remote colleague so I don't have control over the software.

Regards,

Alan

RE: Intermittent VPN Issues

FormerMember — Mon, 07 Jun 2021 15:04:32 GMT

Hi Alan Spark,

I think your original post only refers to the issue related to the ICMP timeout, which is internally identified with the ID (NC-69286 - ICMP times out when Firewall Acceleration is turned on). A fix for this issue would be tentatively included in firmware release 18.0 MR6.

However, the issue with the communication on TCP ports 445 and 10444 might not be related to the firewall acceleration; I'd suggest you investigate this issue separately, take a packet capture when the issue occurs, if you don't have a support case, open one for further investigation.

Thanks,

RE: Intermittent VPN Issues

Alan Spark — Mon, 07 Jun 2021 14:53:08 GMT

, I'm just following up on my last message to make sure that you received it. This case should no longer be considered resolved.

RE: Intermittent VPN Issues

Alan Spark — Tue, 01 Jun 2021 13:08:11 GMT

Hi Harsh,

We had the need to reboot the UTM today for some electrical work and soon after putting it back online I received a report from one of our users that they couldn't access one of the servers in the way described above.

I verified that the firewall acceleration option is still disabled and after checking the logs I saw a corresponding message: "Could not associate packet to any connection.".

This error message is reported on TCP ports 445 and 10444. Looking back through the logs, I can see similar errors from before our reboot so I think that can be discounted. However, I do see occurrences of at least 445 being allowed. So it is a bit random.

I would appreciate your feedback.

Regards,

Alan

RE: Intermittent VPN Issues

Alan Spark — Wed, 19 May 2021 13:21:51 GMT

[quote userid="81341" url="~/sophos-xg-firewall/f/discussions/127621/intermittent-vpn-issues/468663#468663"]I'd suggest you turn on the blog notification to get notified about the new releases & news here[/quote]

Thanks, noted.

Alan

RE: Intermittent VPN Issues

FormerMember — Wed, 19 May 2021 13:18:04 GMT

Hi Alan Spark,

This issue has been investigated internally with the ID (NC-69286 - ICMP times out when Firewall Acceleration is turned on). A fix for this issue would be tentatively included in firmware release 18.0 MR6.

The temporary workaround is to turn off the firewall acceleration.

I'd suggest you turn on the blog notification to get notified about the new releases & news here: Release Notes & News

Thanks,

RE: Intermittent VPN Issues

Alan Spark — Wed, 19 May 2021 11:06:36 GMT

Hi Harsh,

We have not experienced the issue again but we feel that it is too soon to say for certain that it has been fixed. We'll continue to monitor it.

However, we would still like the issue to be fixed so that we can enable the firewall acceleration option again.

I note that 18.0.5 MR-5 is now available. I don't see anything about this issue in it though?

Regards,

Alan

RE: Intermittent VPN Issues

FormerMember — Wed, 19 May 2021 03:04:03 GMT

Hi Alan Spark,

Are you still experiencing the same issue with firewall acceleration turned off?

Thanks,

RE: Intermittent VPN Issues

Alan Spark — Tue, 11 May 2021 09:29:36 GMT

Thanks. I don't think this is the problem as there was nothing in the IPS logs. It wasn't any particular port either, it seemed to be quite random.

So far with the firewall acceleration disabled we're not seeing the problem but as I said above, too early to draw conclusions.

RE: Intermittent VPN Issues

LHerzog — Tue, 11 May 2021 08:29:12 GMT

Have you checked ThomW's answer? If your VPN Protocol is UDP it is very likely that IPS/DoS Protection is pointing to your problem. You should review the IPS logs.

RE: Intermittent VPN Issues

Alan Spark — Tue, 11 May 2021 05:18:14 GMT

Hi Harsh,

I was notified that your answer had been verified. This was not me.

I have disabled firewall acceleration and we are monitoring it but I think it is too soon to mark this as verified. Even if it does "solve" the problem I would consider it a workaround as I don't think it should be necessary to disable the option.

We will continue to monitor over the coming days but in the meantime I have rejected your answer until we have more information at this end.

Regards,

Alan

RE: Intermittent VPN Issues

FormerMember — Fri, 07 May 2021 14:04:26 GMT

Hi Alan Spark,

No problem, I've rejected the answer. :)

The firewall acceleration uses the advanced data-path architecture allowing faster processing of data packets for known traffic.

Check out this thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/123785/disabled-firewall-acceleration

You can turn on the firewall acceleration with the following command:

system firewall-acceleration enable

Thanks,

RE: Intermittent VPN Issues

ThomW — Fri, 07 May 2021 13:28:25 GMT

Hi Alan Spark.

I had kind of same problems on SG UTM while using VPN on UDP and DoS activated and solved by putting a exception for that port.

Perhaps this is a problem wirh your XG configuration as well.

Regards,

Thomas

RE: Intermittent VPN Issues

Alan Spark — Fri, 07 May 2021 13:07:41 GMT

Hi Harsh,

I think I accidentally marked your answer as verified - I don't know how to undo it.

Before we make this change, can you please explain what the feature does and any impact of disabling it?

Thanks,

Alan

RE: Intermittent VPN Issues

FormerMember — Fri, 07 May 2021 12:44:41 GMT

Hi Alan Spark,

Thanks for the update!

Would it be possible for you to turn off the firewall acceleration, monitor the issue, and provide an update?

Run the following command to turn off the firewall acceleration:

system firewall-acceleration disable

Thanks,

RE: Intermittent VPN Issues

Alan Spark — Fri, 07 May 2021 05:15:51 GMT

Hi Harsh,

It is an XG 135 running SFOS 18.0.4 MR-4.

Here is the output from the command:

console> system firewall-acceleration show                                      
Firewall Acceleration is Enabled.

Regards,

Alan

RE: Intermittent VPN Issues

FormerMember — Thu, 06 May 2021 18:23:54 GMT

Hi Alan Spark,

Thank you for reaching out to the Community!

Could you please provide the model number and current firmware version of your firewall?

Is firewall acceleration turned on?

Please run the following command from the console and provide the output:

system firewall-acceleration show

Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

Type 4 to access the Device console

Thanks,