Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 10165 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Search for packet-loss and disconnect culprit

Antony Hawary

Hey community!

I'm pretty new to Sophos products so sorry for stupid questions in advance.

Our client is dealing with heavy packet loss, latency spikes and frequent disconnects onsite. It happens to different users at different times, their local network connection drops for a minute before it reconnects. Pingplotter and Wireshark shows heavy packet loss at the Firewall but not for every pinged host at the same time.
At first we suspected their fiber-provider but they quickly responded with results that "prove" their connection is absolutely stable.
While they're known to say that no matter what, we need to check our local infrastructure.
We have an SG105 onsite (Firmware 9.717-3) and first thing I wanted to do is check for dropped packets and high load and I'm not sure what exactly I should be looking for in the Logs. 

Thank you!



This thread was automatically locked due to age.
  • 0

    Hi Antony,

    Thanks for reaching out to Sophos Community.

    Some queries:

    -How many users/devices are there in the network? and what is the bandwidth speed on WAN Link? and how frequent this issue happens and when it happens are all users affected or just isolated cases?

    -Could you show Resource usage of the device?

    -Was there any change on the network setting (change of IP addressing, possible duplicate IPs in network, etc.) / firewall configuration (firmware upgrade etc.) prior the incident? 

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Raphael Alganes

    Thank you for your reply! That's our local environment:

    First floor
    <-> Internet 1&1 Glasfaser Premium 300 (300 MBit/s) <-> Cisco 800 Series 881-K9 Ethernet Security Router <-> RAD ETX-203AM EtherAccess Carrier Ethernet <-> Cisco Switch <-> Sophos SG105 (connected to Switch 1) <-> LAN [Switch 1(HPE 1820 Switch), Switch 2 (HPE 1820 Switch), Switch 3 (Aruba 1830 Switch)] <->

     Second floor
    Switch 1 connected per Fiber Optic Cable to <-> Switch 4(HPE 1820 Switch)<-> Switch 5 (Aruba 1830 Switch)

     Cisco 800 Series 881-K9 Ethernet Security Router
    RAD ETX-203AM EtherAccess Carrier Ethernet

     Sophos SG105 (Current firmware version > 9.717-3)

     HPE OfficeConnect Switch 1820 24G PoE+ (185W) J9983A
    172.16.93.58 HPE 1820 (Current firmware version > PT.02.18) Mainswitch
    172.16.93.54 HPE 1820 (Current firmware version > PT.02.18)
    172.16.93.56 HPE 1820 (Current firmware version > PT.02.18)

     Aruba Instant On 1830 24G 2SFP Switch JL812A
    172.16.93.104 Aruba 1830 (Current firmware version > 2.8.1)
    172.16.93.105 Aruba 1830 (Current firmware version >2.8.1)

    There are approx. 25 devices in the network, usually around 15-18 active at the same time.

    No changes were made, this issue persists since everything was set up a year ago. It just got much worse like two months ago.

    I will post the resource usage soon, we're currently investigating if the SG105's CPU is bottlenecking.

  • 0 in reply to Antony Hawary

    How do you measure your "packet loss"?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    By monitoring network traffic with Wireshark, PingPlotter and Pingman on various devices across the network. Our client reported connection drops and RDP-freezes aswell as disconnects and connectivity issues with Teams-Calls so we used the tools mentioned above to monitor and verfiy said issues.

  • 0 in reply to Antony Hawary

    "RDP-freeze" sounds like an IPS problem. Can you temporarily disable that, if you have it running?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    Thank you for the suggestion, we currently have no IPS active.

Unfiltered HTML