Hi guys.I know there are some thread similar, but this one is different and very strange.Randomly, once or twice a day, for about one to 5 minutes, we are loosing connection to internet.Right after that time every thing go back to normal again.Few thing to noticed:1. We still can ping Urls
2. DNS seems to work.
3. Accessing URL which are in the DMZ doesn't work as well.
4. I'm not sure if there are more fore shorter time, but this what i know of from my customers.
Any help will be appreciate.[:)]
1. Not sure what you mean. Are these pings to FQDNs on the Internet?
2. My gut feeling is that cached FQDNs work but that your ISP has a problem and will not allow resolution of un-cached FQDNs. How is DNS configured compared to DNS best practice?
3. Are you running split DNS? Is the Internal-to-DMZ traffic handled by the UTM's web proxy?
4. Is this happening at multiple locations?
Cheers - Bob
Hi Bob.[:)]1. Ping to 18.104.22.168 or Youtube (for example) works.
2. I don't think it's DNS issue sins dns work fine and resolving are ok. (Ping - google.com, Nslookup...)
3. strangely, it's comes and go randomly, and for about few seconds to 2 minutes.
4. When it's happens, it's effect all my Lan.
5. When it's happens, I can't connect connect to the firewall (web) eather.
6. When it's happens, I can't connect to to the web service of my mail (In the DMZ).
7. In all cases, ping still works fine.
It seems kind of issue with the TCP, since ICMP works.Very strange :)
Hi Guys.Not sure if it's the reason, but I have switched the antivirus from Sophos to Avira in the Firewall, and for about 6 hours all is quite....I'll keep monitoring and let you know. [:O]
Just got it from Sophos Support:
We had found http was reloading multiple times and as per the update from our GES Team, the below workaround solution should help resolve the issue :- 1. <M> mhgate:/root # cc 2. 127.0.0.1 MAIN > http
3. 127.0.0.1 MAIN http > sc_local_db$
4. 127.0.0.1 MAIN http/sc_local_db (LISTPICK) > none
This should not be causing any impact to connections
Did this work for you? Sophos is working on our case for 2 weeks now, but they can’t find a cause and don’t have a solution yet. Do you have a case ID so that I can give that to Sophos support for more info?
Rather than going into cc as Support told Goldy, I prefer to make the change at the command line:
cc set http sc_local_db none
Franc, you can see what setting you have with:
cc get http sc_local_db
this is the result:
<M> firewall:/home/login # cc get http c_local_db0I haven’t used the set command (yet), since I don’t know what it does.
Please see the correct version of that command above. I first posted it with a typo, c_local_db, but the correct parameter is sc_local_db.
then the result is:
<M> firewall:/home/login # cc get http sc_local_dbmem
This is a known complication, Franc. You definitely should try with "none":
Thanks, changed it let's see what happens.
But I have a couple of questions/remarks:
- we had this setting for several years now, it was advised by then to speed up the web-proxy. Why should it be a problem now suddenly?
- What known complications are there when using this setting?
- Sophos has been looking into this issue for the last 2 weeks now on our system, wonder why they didn't come up with this...
Something someone wrote long time ago [:)]:
Run HTTP proxy database localy 1. ssh to SOPHOS-UTM and login with loginuser 2. su – root 3. cc set http sc_local_db [disk][mem][none] (Choose what you prefer) None - default, don't use local categorization at all use online query as default. Disk - use local Database, but use it only on disk. Useful for boxes with little RAM. Mem - use local Database, and keep it in memory for faster access. 4. Reload the service: /var/mdw/scripts/httpproxy restart Verify first DB download (Web surfing will be stopped until done - about 370 MB): ls -lh /var/chroot-http/var/pattern/sfcontrol Web surfing will be extremely slow until the database has downloaded and been put into place. The time is link speed dependent.
You must Reload the service!!!.
As for the issue, it's a bug, and see Sophos answer:"In regards to your recent question about when and how this workaround will be fixed within the Web Proxy, I will have to escalate the case to GES ( Tier-3 ) Team" Goldy