Hello,
I have a really weird problem here that I have very hard time troubleshooting.
We have a security device here that sends packets at port 30003 out to two IP-Adresse each second. It basically sends the status of the device to the security company.
The problem is that at some point, usually only 1-2 seconds after Midday (12:00), the company stops receiving the signal.
I did some network analysis:
I ran the tcpdump on the WAN-Port on the firewall, and could see that the device is sending the packets to two IPs.
Writing it to .pcap file, I found out that the packets turn to red at 12:00, and from normal PSH, ACK, I start getting Transmission Errors, and I see no ACK.
My understanding would be that this means that the remote server is not sending ACK after my firewall has sent the SYN.
I am a very beginner in Wireshark and these things, so bear with me please. I have trouble understand if this is a problem on our side or theirs.
The fact is if I change the WAN-Port (we have two different internet providers) from LTE to DSL, or vice versa, the signal returns to normal.
I'm using Multipath Rules to change the path, that seems to work well. I didn't notice any irregularities on the firewall too. We have IPS and Web-Filtering active, but that shouldn't interfere, or?
I would be very thankful for any idea.
Thanks
This thread was automatically locked due to age.