Issues After 9.405-5 update

Hi All.

x12Mike I do not have a Linux test system so it will be difficult for me to recreate this issue. My guess is that it cannot be an issue related to MTU(as suggested by others) because, only Linux client is facing the impact. Meanwhile, SladeWalter can you provide me the case# raised in support, I will look into the matter and revert back if it relates.

Thanks

Hi All.

x12Mike I do not have a Linux test system so it will be difficult for me to recreate this issue. My guess is that it cannot be an issue related to MTU(as suggested by others) because, only Linux client is facing the impact. Meanwhile, SladeWalter can you provide me the case# raised in support, I will look into the matter and revert back if it relates.

Thanks

Actually I can confirm that this is not a client side issue as I have experienced this issue with windows clients, media streaming devices, etc. I was most noticeably experiencing it with my daily windows PC. All connections would (as far as I could tell) work normally until I connected a unrelated VPN client that would passthrough the UTM gateway. This additional packet overhead apparently was enough to surpass the MTU and lead to excessive fragmentation, to the point of most connections not working at all. The problem was with the external interface and my ISP Comcast. Granted they should not be handing out the 576 MTU, it appears to be a problem with many service providers that unfortunately we have to deal with. Being able to modify my MTU when using DHCP, or just defaulting to 1500 unless specifically changed (as was the case prior to 9.405-5) would be the ideal solution.

For me, I am aware of the CLI modifications that can strip out the MTU setting. I chose not to follow this path however in hopes that Sophos would issue an update/fix. In the meantime I did follow the advice to turn OFF dhcp, though I am on a residential non-static ISP IP, so that I could modify the MTU in the WebUI. This resolved all of my issues. I know this isn't ideal and I certainly wouldn't recommend in a corporate environment, but for home, it's ok.

I do fully admit I am a Home license user and am not paying for this product. I am an experienced Firewall Engineer professionally though and am familiar with everything this product provides. I also regularly recommend Sophops UTM to colleagues as I've been using it since v7. It is for these reasons that I am sticking to the forums and hoping some solution comes from it. I don't expect Sophos to give me special attention or work with me directly but I am overall happy with the product and am not to the point of looking for something else.

PS - One last thing, I have my UTM running on dedicated, pretty high end hardware so I'm sure the excessive fragmentation issue is not due to my box. Perhaps it's overwhelming the ISP devices but I just wanted to rule that out. Using the correct MTU though is key.

I would have to concur that my issue is related to the MTU bug.  I just checked my outside interface, and yes, it's set to 576.

If there is a patch coming soon, I'll wait it out, but if not, I'll follow the thread above to try to resolve manually.

Hi,

Thanks for choosing Sophos. I will follow up on with the developers to provide a quick fix. I will update the thread as soon as I receive any associated information from the developers on this matter.

Cheers