Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Answers 1 answer
  • Subscribers 42 subscribers
  • Views 9450 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Very Strange issue has anyone seen anything like this? - XGS RED 60

craig A

I can't make sense of this issue,  any help / ideas would be much appreciated because i feel like I'm taking crazy pills <insert Mugatu>

I have the following setup:


XGS 2100  Site 1  (Latest Firmware)

SG 115  Site 2

The sites are connected via IPSEC and I have servers at both sites and I can transfer files and ping with no issues.

A RED 60 at the users home is connected to the XGS.  It can ping and browse / transfer files at site 1 and 2.   

If the user Pings anything at site 2 the RED drops and loses connection completely, I can see this in the VPN logs as RED disconnecting and reconnecting. 


TLDR:   Ping / ICMP Traffic to remote subnet causes RED to reboot but browse and file transfer works fine?!




Only thing I can think of is that the ISP has provided a /31 address.

Does anyone have an XGS with a /31 connection and is also using REDs?





This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to craig A

    Since how long has the RED 60 tunnel been working?

    To find the root causing the issue troubleshoot is required by debugging logs with Sophos Support Team.

    red.log syslog.log networkd.log 

    Might RED require RMA as per the logs observed?

    Thanks and Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to Bharat J

    This setup is new and the hardware RED 60 is new,  I replicated the issue with another new RED 60 so I don't think it's the RED hardware.   

    I was wondering if anyone has a firewall with a /31 subnet and connected REDs successfully?         (I have another site with an XGS firewall and RED's on a  /29 subnet with no issues.)   

    I'll have a look through the logs above and see what i can find. 

  • 0 in reply to craig A

    Hi Craig O'Hanlon 

    Please share current firmware version running on Sophos XG under  System-->Admininstration --->Backup and Firmware -->Firmware

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    SFOS 19.0.1 MR-1-Build365

  • 0 in reply to craig A
    craig A said:
    I was wondering if anyone has a firewall with a /31

    Is it configured on Alias IP under Configure--->Network--> interface?

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    No Alias setup ,  it's a Static IP4 Physical Interface with gateway.  

  • 0 in reply to craig A
    craig A said:
    I'll have a look through the logs above and see what i can find. 

    Sure, it would be great if you raised the case with Sophos Support Team to investigate the issue further 

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Hi Bharat,

    i have seen a similar with RDP over UDP.

    RDP from SC-RED20 Network to Server behind a IPSec connection results in RED-Blocking (in one direction only ... we can hear the telephone-RTP-Stream at one location) ... when RDP try to switch to UDP.

    Configuring Firewall-rule to disable 3398UDP solved the problem within this environment.

    I am willing to work with a L2/L3 engineer or a developer onto this problem ... but opening a support call .. Really??


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Unfiltered HTML