This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM <--> RED Failover / Backup Problem: Is this a known problem and how do you do it? Link down = ok. Link up but ISP down = malfunction

Wir haben durch einen externen Dienstleister einen Fehler in der UTM VPN Funktion entdeckt, der die Failover Funktion betrifft.

Firmwareversion: 9.703-3

Test 1. Es soll geprüft werden, ob die RED die Verbindung zur UTM automatisch über die Backupleitung (WAN2) wiederherstellt, wenn der Link der Hauptleitung(WAN1) deaktiviert wird.
Ergbenis: Bestanden

Test 2. Es soll geprüft werden, ob die RED die Verbindung zur UTM automatisch über die Backupleitung (WAN2) wiederherstellt, wenn der die Verbindung Hauptleitung(WAN1) ausgefallen ist, der Link zur Hauptleitung jedoch bestehen bleibt.
Ergebnis: Fehler

Im Nachgang habe wir festgestellt, dass die RED50 es dann doch geschafft hat die Verbindung zur UTM über die Backupleitung herzustellen (nach ca. 20 Minuten!!). Jedoch können keine Daten durch den Tunnel geschickt werden. Im Red connection status wird die Verbindung zwar als Online angezeigt. Das Symbol ist aber mit einem gelben Ausrufezeichen versehen.

Kann dieses Problem jemand bestätigen? Wenn ja, handelt es sich hier um einen sehr ernsten Fehler, da hier die grundlegenden RED Basisfunktionen gestört sind ein ein fixen dringend erforderlich machen.
Uns selber ist der Fehler bei einem Standorten aufgefallen und wir konnten uns diesen nicht erklären. Daher hatten wir den Dienstleister beauftragt den Fehler zu untersuchen.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi Papi-Sanchez,

    Thank you for reaching out to the Community!

    Could you please tell us if you have noticed this issue after the firmware update, or was it also noticed on the previous firmware version of the UTM?

    If you have a support case number for this issue, please PM me the case number for further investigation.

    Thanks,

  • We have now investigated the case further and carried out many experiments.
    It turned out that there were actually errors in the firmware of the RED 50. And not just recently.
    We have made several videos as evidence that I would like to publish here. So the matter is very explosive. Especially with the background that this bug has existed for a long time. And that is the basic function for VPN RED.

    The test passed: UTM Ver 9.606-1 with RED50 FW 5317 (basis)

    The test failed: UTM Ver 9.606-1 and RED50 with USE_UNIFIED_FIRMWARE

    The test passed: UTM Ver 9.703-3 with RED50 FW 5214 (basis).

    The test failed: UTM Ver 9.703-3 with RED50 with current firmware.

    So it is clear that the firmware of the RED 50 is faulty.
    Can someone confirm that?

Reply
  • We have now investigated the case further and carried out many experiments.
    It turned out that there were actually errors in the firmware of the RED 50. And not just recently.
    We have made several videos as evidence that I would like to publish here. So the matter is very explosive. Especially with the background that this bug has existed for a long time. And that is the basic function for VPN RED.

    The test passed: UTM Ver 9.606-1 with RED50 FW 5317 (basis)

    The test failed: UTM Ver 9.606-1 and RED50 with USE_UNIFIED_FIRMWARE

    The test passed: UTM Ver 9.703-3 with RED50 FW 5214 (basis).

    The test failed: UTM Ver 9.703-3 with RED50 with current firmware.

    So it is clear that the firmware of the RED 50 is faulty.
    Can someone confirm that?

Children
  • So as you update the Firmware of the RED to the new unified Firmware, only the interface status will be checked, not the upper level of OSI? 

     

    As this KB state:https://community.sophos.com/kb/en-us/116573#Deployment%20scenarios

    Note:  If any interfaces go down, the interface will be checked until it is working again. The connection will be restored to the original interface if it becomes available again.

     

    It could be only the Interface as a hardware component. 

     

    I do not have any RED50/60 to test this right now, but you should open a support case to point this to the Support. 

    __________________________________________________________________________________________________________________