Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple LAN-to-LAN network issues after upgrade v15 to v16

Hi,

after upgrading our SG210 from v15 to v16 two weeks ago we encounter multiple LAN-to-LAN Network issues. Everything else (VPN, LAN-to-WAN, ...) works fine. We have not detected any degradation in performance on outbound traffic nor connection timeouts.

Setup
We have two subnets (say 10.1.2.1/255.255.255.0 and 10.1.3.1/255.255.255.0 on Port E0 and Alias PortE0:0) and a LAN-to-LAN Rule on top (LAN/LAN - Any Host/Any Host - Any Service).

Problem
Since the v16 upgrade

  • SSH connections from 10.1.2.x to 10.1.3.x die after one or two minutes (broken pipe) while SSH to external hosts or SSH originating from VPN zone stay alive for hours...
  • NFS mounts do not work (drop-packet-capture on console shows log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied fw_rule_id=0

As far as I understand the results of drop-packet-capture the LAN-to-LAN rule does not match (nor any other since log_subtype is »Denied« for »fw_rule_id 0«). Both services, SSH and NFS, worked flawless on v15, the setup did not change after the upgrade.

What we already tried

  • checked the »Troubleshooting guide for XG« by sachingurung
  • disabled all firewall rules
  • disable all rules but LAN-to-LAN
  • created rules on top for single host/single service in both directions for SSH/NFS and particular test hosts
  • moved the second subnet to physical PortE4 (in LAN zone) and again try with and w/o rules
  • created extra zone for PortE4 and added rules for LAN / new test zone

So far we were unable to solve this problems. Any advice to isolate the root cause of the problems is highly appreciated ;-)
Andreas



This thread was automatically locked due to age.