This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN, telephony and other services no longer working

Hello,

Following a reboot of our servers, we are no longer able to access several internal and external services (VPN, telephony, User portal)

I am neither a network expert nor an advanced user of Sophos solutions, but I will gladly provide you with more information if needed.

We have been using Sophos UTM 9 for several years without any problems. However, all of a sudden, here is what I see and can already pass on as information:

  • The User Portal site is no longer accessible externally, but is accessible from the internal network
  • The VPN connection does not work externally anymore, but works from the internal network
  • We can receive calls, but we can't hear the caller and he can't hear us.
  • We have access to the Internet from the internal network, but we can no longer connect or configure certain applications (impossible to connect to the telephony application / impossible to configure certain services, for example, the configuration of an email service on certain workstations, whereas when connected to another network it works).
  • No modification of the firewall has been done in the last months. We are updating it, but the configuration has remained the same.

I have tried to restart Sophos UTM several times with no results. The first few minutes everything works normally, then the telephony does not work anymore and the User Portal is inaccessible again. In the past, we have used the infrastructure several times without any problems.

All these problems are very sudden. I am aware that it is difficult for you to help me with this information, but I will gladly provide you with additional information if needed.

I think the reasons could be many things but I can't find any particular error in the UTM logs to help me correct the situation. If you have an idea of a problem that could make us suddenly face these issues I would be very grateful.

At your disposal,
Thanks in advance

FYI > VPN Client log :



This thread was automatically locked due to age.
  • I'm assuming you have UDP flood protection enabled if you are seeing this.  You can temporarily uncheck that box if you wish and try accessing your portal and sites.  That 108.xxx address, what address is that?  I tried to access it from here and it's giving 403 error.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • As it's a sudden incident, following a reboot of the server hosting the VM, and all of the features are still actively licensed.

    Also, assuming you're not experiencing a DDoS attack.

    The issues your describing sounds, as previously mentioned by Amodin, more DNS & routing related.

    I would check the server hosting the VM / the virtual switch / physical switch port or cabling / DNS / routing.

    It could be NIC driver change that happened on reboot. Check the server NICs and test the cable runs to the physical switch. If possible try swapping cable routes and switch ports. A coincidental switch port starting to fail could be the culprit.

    The virtual switch is used by the VM to establish a connection to other VMs or to the physical network. So I would check that it is using a valid NIC and trace the route to the physical switch to see if the port/cabling is faulty.

    I hope this helps. Best of luck :-)

  • Assuming not a routing issue, what does the UTM system log show for around the same time period?

    Some sort of disk failure/corruption?

  • Hello, thanks for your question.

    The UTM system logs don't seem to log anything in particular except for this line which seems suspicious to me? She appeared a few times today

    2023:03:16-11:31:29 vpn dns-resolver[4642]: DNS server failed to contact!

    What do you think about that ?


    Thanksfor your help