This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN, telephony and other services no longer working

Hello,

Following a reboot of our servers, we are no longer able to access several internal and external services (VPN, telephony, User portal)

I am neither a network expert nor an advanced user of Sophos solutions, but I will gladly provide you with more information if needed.

We have been using Sophos UTM 9 for several years without any problems. However, all of a sudden, here is what I see and can already pass on as information:

  • The User Portal site is no longer accessible externally, but is accessible from the internal network
  • The VPN connection does not work externally anymore, but works from the internal network
  • We can receive calls, but we can't hear the caller and he can't hear us.
  • We have access to the Internet from the internal network, but we can no longer connect or configure certain applications (impossible to connect to the telephony application / impossible to configure certain services, for example, the configuration of an email service on certain workstations, whereas when connected to another network it works).
  • No modification of the firewall has been done in the last months. We are updating it, but the configuration has remained the same.

I have tried to restart Sophos UTM several times with no results. The first few minutes everything works normally, then the telephony does not work anymore and the User Portal is inaccessible again. In the past, we have used the infrastructure several times without any problems.

All these problems are very sudden. I am aware that it is difficult for you to help me with this information, but I will gladly provide you with additional information if needed.

I think the reasons could be many things but I can't find any particular error in the UTM logs to help me correct the situation. If you have an idea of a problem that could make us suddenly face these issues I would be very grateful.

At your disposal,
Thanks in advance

FYI > VPN Client log :



This thread was automatically locked due to age.
Parents
  • Hi

    A couple of possibilities:

    1. Has your license expired? Features stop working if you are not licensed.
    2. If you have the Sophos UTM installed as a VM, Have you checked your Virtual Switch etc.
  • Hello,

    Thanks for your question,


    Licence is active and sophos UTM is installed as a VM. What do you mean by checking my virtual switch ?

  • As it's a sudden incident, following a reboot of the server hosting the VM, and all of the features are still actively licensed.

    Also, assuming you're not experiencing a DDoS attack.

    The issues your describing sounds, as previously mentioned by Amodin, more DNS & routing related.

    I would check the server hosting the VM / the virtual switch / physical switch port or cabling / DNS / routing.

    It could be NIC driver change that happened on reboot. Check the server NICs and test the cable runs to the physical switch. If possible try swapping cable routes and switch ports. A coincidental switch port starting to fail could be the culprit.

    The virtual switch is used by the VM to establish a connection to other VMs or to the physical network. So I would check that it is using a valid NIC and trace the route to the physical switch to see if the port/cabling is faulty.

    I hope this helps. Best of luck :-)

Reply
  • As it's a sudden incident, following a reboot of the server hosting the VM, and all of the features are still actively licensed.

    Also, assuming you're not experiencing a DDoS attack.

    The issues your describing sounds, as previously mentioned by Amodin, more DNS & routing related.

    I would check the server hosting the VM / the virtual switch / physical switch port or cabling / DNS / routing.

    It could be NIC driver change that happened on reboot. Check the server NICs and test the cable runs to the physical switch. If possible try swapping cable routes and switch ports. A coincidental switch port starting to fail could be the culprit.

    The virtual switch is used by the VM to establish a connection to other VMs or to the physical network. So I would check that it is using a valid NIC and trace the route to the physical switch to see if the port/cabling is faulty.

    I hope this helps. Best of luck :-)

Children
No Data