At work, we use Teamviewer (version 10 currently) for remote support. All of our end-user PCs have Teamviewer Host installed, and the support staff's PCs have the full Teamviewer application.
Last Thursday morning I started getting reports of intermittent loss in network connectivity. After ruling out switch problems, I dug a little deeper. The outage only affected traffic attempting to traverse the UTM--traffic to and from the local subnet was not affected. The outages would last only a few minutes, then the problem would magically correct itself.
Prior to these outages, it had been probably two weeks since I had made any configuration changes on the UTM, so I wasn't sure why this was happening. There was a lot of troubleshooting, several UTM reboots, disabling security features, reviewing firewall rules, making sure IPS wasn't enabled, etc.
I contacted Sophos support, who seemed to think the problems were due to CPU spikes (there had been only one in the last 24 hours). He created some sort of cron job that was supposed to more accurately monitor CPU spikes and said to email him back if it happened again.
Thursday evening around 5 things seemed to have settled down, so I thought maybe one of the dozen or so desperate configuration changes I had made that day fixed the problem.
Friday morning it started happening again.
I did more troubleshooting, more log monitoring, fired up Wireshark a few times--I never could figure out why this was happening until about 4:30 Friday afternoon. I got a support call from a user on my subnet, so I opened up Teamviewer to establish a remote control session. Coincidentally, at the time this happened, I had an SSH session open with the UTM, I was running a continuous ping in a command window to a host on another subnet, and I had an RDP session open to a server on my local subnet. Teamviewer contacted the user's PC, started going through the authentication process, and boom--my SSH session to the UTM was disconnected, and my pings started failing. The user said her network stopped working at the same time. My RDP session stayed open, however, and its traffic was still able to traverse the UTM. I closed Teamviewer, and a few minutes later the UTM resumed passing traffic from both my PC and the user's PC. I tried it again--the same thing happened.
It was at this moment that I realized that the UTM was dropping all traffic from PCs which it observed communicating with the Teamviewer servers.
I repeated this process with two separate PCs and got the same result.
Teamviewer Host periodically "phones home" to their servers, so that explains the periodic loss of the users' connectivity.
I think a pattern update last Thursday is the cause of this problem.
I have sent all of this information to support, but they haven't responded. Has anyone else seen this?
This thread was automatically locked due to age.
