Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 2460 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Amazon VPC flapping after update to 9.601-5

tec admin

We ran UTM9 on SG450 for about 3 years on several patches and never had issues with Amazon VPC(site-to-site VPN).

Yesterday I had to update to 9.601-5 and it began to flap.

The only notification we get, is that message from IPS:

Message........: SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt

Details........: https://www.snort.org/search?query=37675

Time...........: 2019-03-28 10:49:46

Packet dropped.: yes

Priority.......: high

Classification.: Attempted Administrator Privilege Gain IP protocol....: 17 (UDP)

 

We got 4 VPC Connection running and it may affect only one of them, regarding the source.
It may take from 20min to several hours to get it stable again...

Is it normal for 9.601-5? Making an exception for IPS is not really an option.... Does anybody have an idea what could we do with it?



This thread was automatically locked due to age.
Parents
  • 0

    Hallo ta and welcome to the UTM Community!

    Is this a classic IPsec site-to-site VPN or is it the 'Amazon VPC' configuration imported from Amazon?

    Cheers - Bob
    PS Moving this thread from General Discussion to the VPN sub-forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi BAlfson,

    it is imported from Amazon.

     

    Cheers

    Felix

  • 0 in reply to tec admin

    Hi Felix,

    I think it's extremely rare, but sometimes an Up2Date mangles a part of the configuration database.  What happens if you restore the Configuration Backup made just prior to the last application of Up2Dates?  After that, sometimes rebooting several times will bring things back.  If those steps don't resolve this for you, I would open a case with Sophos Support.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    Support case was opened before that topic :) still didn't hear back from them after I asked to transfer the case to DACH support.

    We reinitialized all tunnels and it seems to be working.... but I still got some bad feeling...

    I thought that I can only restore configuration files to version from which they were made, e.g. I made a backup on 9.5 and I can only restore if HA-Cluster is on 9.5 and it won't work on 9.6. Am I right?

     

    Cheers

    Felix

  • 0 in reply to tec admin

    Thanks for reporting back, Felix.

    Reinitialized - you mean you disabled/enabled them?

    It's the other way around.  I know that, as late as V9.4, you could restore a backup as old as V8.3 - probably still could today.  What you can't do is restore a V9.6 backup to a UTM on V9.5.

    Chees - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    yep I mean it, via web UI.

    I will wait and monitor them, I guess if they remain stable, than no action will be required :)

    I'm still excited about what our premium support will say...

     

    Thanks Bob!

    Cheers

    Felix

Reply Children
No Data
Unfiltered HTML