Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 1370 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall drops traffic from internal network

AWP

The UTM firewall just drops connections or disconnects itself from internal network, while we are able to access the firewall from external network side, at the same time internally their is no problem, connectivity between the internal network is normal. It happens randomly and may once in week, sometimes once in a month or 3. In all the cases restarting the firewall resolves the issue.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out, and welcome to the Sophos Community!

    Have you noticed a spike in resource utilization during the time of the issue? Are you able to ping the internal interface of the firewall? If yes, are you able to ping an external network with an IP address and with hostname? 

    Are there any interface level packet drops on the internal interface? You can check this by running  "ifconfig" from the CLI. 

    Thanks,

  • 0

    Check your Kernel Messages log for your adapter being reset or hanging.  You might be using an e1000 NIC, which no one seems to want to fix drivers for using it with a UTM.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    I have already looked at the logs, and could not find any triggers, the kernel log shows nothing during this time.

  • 0

    I was looking if someone have had similar issue. I could not troubleshoot when the issue happened, since its business hours, we needed to restart asap. 

  • 0

    do you use LACP or other options to connect more than 1 link to your switches?

    Ho many cables are between UTM and internal switch?

    Something within the switch logs?

    Tell us some more details about device-type, HA, Switches/Stacks, ...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    yes, LAG was configured just to see if that would resolve this issue, tried changing interface, but still having the issue. Switch log also shows no errors.

    No HA

  • 0 in reply to AWP

    Hala and welcome to the UTM Community!

    If this is not a Sophos hardware appliance, please tell us what NICs are in use.

    When this occurs, do you see any drops in the Firewall log?

    How is external traffic reaching inside your network? NAT rules?  Web Application Firewall?  Remote access?

    When you say "connectivity between the internal network is normal," do you mean that the devices being reached from the outside are in the internal LAN and not in a separate DMZ?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML