This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Randomly no connection to internet websites but could ping urls works.

Hi guys.
I know there are some thread similar, but this one is different and very strange.

Randomly, once or twice a day, for about one to 5 minutes, we are loosing connection to internet.
Right after that time every thing go back to normal again.

Few thing to noticed:

1. We still can ping Urls

2. DNS seems to work.

3. Accessing URL which are in the DMZ doesn't work as well.

4. I'm not sure if there are more fore shorter time, but this what i know of from my customers.

 

Any help will be appreciate.
[:)]

Goldy



This thread was automatically locked due to age.
Parents
  • Shalom Goldy,

    1. Not sure what you mean.  Are these pings to FQDNs on the Internet?

    2. My gut feeling is that cached FQDNs work but that your ISP has a problem and will not allow resolution of un-cached FQDNs.  How is DNS configured compared to DNS best practice?

    3. Are you running split DNS?  Is the Internal-to-DMZ traffic handled by the UTM's web proxy?

    4. Is this happening at multiple locations?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob.
    [:)]

    1. Ping to 8.8.8.8 or Youtube (for example) works.

    2. I don't think it's DNS issue sins dns work fine and resolving are ok. (Ping - google.com, Nslookup...)

    3. strangely, it's comes and go randomly, and for about few seconds to 2 minutes.

    4. When it's happens, it's effect all my Lan.

    5. When it's happens, I can't connect connect to the firewall (web) eather.

    6. When it's happens, I can't connect to to the web service of my mail (In the DMZ).

    7. In all cases, ping still works fine.

    It seems kind of issue with the TCP, since ICMP works.
    Very strange :)

    Thanks

    Yaron Gold

     

  • Since Snort is all the same, my suspect that there was an update in the snort that cause this issue.

  • Hi Guys.

    Not sure if it's the reason, but I have switched the antivirus from Sophos to Avira in the Firewall, and for about 6 hours all is quite....
    I'll keep monitoring and let you know. [:O]

  • Hi Guys.

    Just got it from Sophos Support:

    We had found http was reloading multiple times and as per the update from our GES Team, the below workaround solution should help resolve the issue :-

    1. <M> mhgate:/root # cc

    2. 127.0.0.1 MAIN > http

    3. 127.0.0.1 MAIN http > sc_local_db$

    4. 127.0.0.1 MAIN http/sc_local_db (LISTPICK) > none

    This should not be causing any impact to connections

     

  • Did this work for you? Sophos is working on our case for 2 weeks now, but they can’t find a cause and don’t have a solution yet. Do you have a case ID so that I can give that to Sophos support for more info?

  • Rather than going into cc as Support told Goldy, I prefer to make the change at the command line:

    cc set http sc_local_db none

    Franc, you can see what setting you have with:

    cc get http sc_local_db

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    this is the result:

    <M> firewall:/home/login # cc get http c_local_db
    0

    I haven’t used the set command (yet), since I don’t know what it does.

    Franc

  • Hoi Franc,

    Please see the correct version of that command above.  I first posted it with a typo, c_local_db, but the correct parameter is sc_local_db.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    then the result is:

    <M> firewall:/home/login # cc get http sc_local_db
    mem


    Franc.

  • This is a known complication, Franc.  You definitely should try with "none":

    cc set http sc_local_db none

    Working now?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    Thanks, changed it let's see what happens.

     

    But I have a couple of questions/remarks:

    - we had this setting for several years now, it was advised by then to speed up the web-proxy. Why should it be a problem now suddenly?

    - What known complications are there when using this setting?

    - Sophos has been looking into this issue for the last 2 weeks now on our system, wonder why they didn't come up with this...

     

    Franc.

Reply
  • Hi Bob,

     

    Thanks, changed it let's see what happens.

     

    But I have a couple of questions/remarks:

    - we had this setting for several years now, it was advised by then to speed up the web-proxy. Why should it be a problem now suddenly?

    - What known complications are there when using this setting?

    - Sophos has been looking into this issue for the last 2 weeks now on our system, wonder why they didn't come up with this...

     

    Franc.

Children
  • Hi Franc.

    Something someone wrote long time ago [:)]:

    Run HTTP proxy database localy
    1. ssh to SOPHOS-UTM and login with loginuser
    2. su – root
    3. cc set http sc_local_db [disk][mem][none] (Choose what you prefer)
         None - default, don't use local categorization at all use online query as default.
         Disk - use local Database, but use it only on disk. Useful for boxes with little RAM.
         Mem - use local Database, and keep it in memory for faster access.
    4. Reload the service:
        /var/mdw/scripts/httpproxy restart

    Verify first DB download (Web surfing will be stopped until done - about 370 MB):
    ls -lh /var/chroot-http/var/pattern/sfcontrol

    Web surfing will be extremely slow until the database has downloaded and been put into place. The time is link speed dependent.

    You must Reload the service!!!.

    As for the issue, it's a bug, and see Sophos answer:
    "In regards to your recent question about when and how this workaround will be fixed within the Web Proxy, I will have to escalate the case to GES ( Tier-3 ) Team"


    Goldy