Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 43 subscribers
  • Views 1542 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TCP Disconnect with IPS-Pattern updates ??

dirkkotte

We have some customers who use quite sensitive software.
We have had repeated session drops with one customer (always at noon on Tuesdays -GMT-)
The IPS patterns are said to have been updated at this time today.
IPS is only active for some external connections. Not for the "sensitive" internal ones.
They are running version 20.0.1 MR1
Could there be a connection?

Thanks Dirk



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Mayur Makvana

    Since this happens once a week (so far), it is not easy to capture the correct traffic.
    The only thing we see... the moment of disconnection (multiple devices losing connection to servers and devices at the same time) matches the time of an IPS pattern update (Timestamp of Last successful update of IPS and Application signatures)

    From SG we know the "Restart policy - Bypass IPS scan".
    Maybe there is something similar at XGS?
    But I have a lot of customers using this software and IPS for external connections and never I saw such problems before 20.0.MR1


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hello,

    It is advisable to raise the support ticket and share it with us to priotarize. We shall help you with the commands which you may run to collect the logs.

    Mayur Makvana
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Mayur Makvana

    Unfortunately, we have confirmation.
    With the IPS pattern update yesterday, the connections were disconnected again.

    Because support handling is not simple ... (isolated "critical infrastructure")
    What could the support engineer do?
    The relation to the IPS is clear. What else could be in a log file?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Unfiltered HTML