This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED15 Tunnel UP but UTM shows disconnected

I have a RED 15 which after being powered on work OK however after I start a Windows Update or similar file transfer. The connection to my UTM drops but the RED tunnel led still shows as on. This problem has been observed on two different RED devices at the site. Both REDs have been RMA but the replacement shows the same problem. I use Netgear D700 routers and REDs at over 10 sites and all work well except for this site. The configuration for the devices is identical. The only differences is that this site used Virgin as the ISP the others use BT and Virgin uses a cable modem rather than ADSL. The network equipment at the faulty remote site work reliably for all other network traffic except RED and I can use it to connect to the UTM site using a cisco host to site VPN with no problem. If I reboot the RED it works OK again until I try to send any significant traffic down the tunnel.

Has anyone else experienced this kind of trouble in conjunction with D700 and Virgin. Sophos support are no longer replying to my support ticket so this forum is my last hope.



This thread was automatically locked due to age.
Parents
  • Hi FraserSimon,

    Do you find any drops in the firewall logs? Check #1 in the amazing Rulz by Bob. Any finds?

    Also, provide me the case# from support, I will get the case escalated if that's needed. 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Thanks for your response the ticket number is #6913698. I checked the logs you suggest and can not see anything obvious although I am not sure exactly what I am looking for. THe same configuration works OK for my other RED sites, so I am not sure how firewall rules could be an issue.

    Regards

  • Hi, and welcome to the UTM Community!

    Have you tried asking your ISP to set fixed speed/duplex on their device?

    In #1 in Rulz, I thought you might find something in about Anti-DoS Flooding activity in the Intrusion Prevention log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • My setup at this site has a cable modem connected to the ISP and my router connected to the modem and then the RED connected to the router. Anything connected to the router work just fine. Its only devices that connect to the RED that experience problems when the RED disconnect from the UTM at my Office site. I cant see how speed or duplex enter into this since these are not configurable on the modem or router.

    As an experiment I changed my router for another Netgear model and the same problem re-occurred after about 20 mins of streaming video. I can stream video all day on a PC connected directly to the router.

    Intrusion prevention is switched off on this UTM so nothing in the logs.

    Regards

  • Hi Fraser,

    I checked the case# the device was RMAed on 15th Feb. I don't see any information that can help me to look into the case further. As it states the device is RMAed we cannot do anything further in that case. 

    Verify Bob's suggestion and also check the system graphs for network usage and the resource usage on the dashboard, during the time of disconnection.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Yes I said it had been RMAed at the start. My point is that this problem is clearly not being caused by faulty RED hardware. Something else is the underlying cause. I suspect a firmware problem because shouldn't the Red try to re-establish connection to the UTM if the connection goes down. In this case the RED is indicating it is connected when clearly it is not. I also have several other sites using the same router but BT as ISP. They are all performing correctly, I have observe no resource issues at the time of disconnect.

  • Don't know if this is relevant but setting tunnel compression appears to improve stability. Ive been streaming for the last hour and only had 1 disconnect during which the RED detected the drop and reconnected all on its own. The bandwidth available at this site is 100M in 6M out so I wouldn't normally use compression. 

  • "Intrusion prevention is switched off on this UTM so nothing in the logs."

    Did you actually look at the log to see that it was empty?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • "Intrusion prevention is switched off on this UTM so nothing in the logs."

    Did you actually look at the log to see that it was empty?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children