Solved

Too many open connections on TZ210

Posted on 2011-09-23
8
1,044 Views
Last Modified: 2012-05-12
I have a very strange problem. I have a 3 location network:
1- Main location w/ NSA 2400
2 - Remote1 w/ TZ210
3 - Remote 2 w/ TZ210
There is a VPN Tunnel from Remote 1 & 2 to the Main location. The TZ210 on one of the remote networks started having problems a day or so ago. Every so often, the max connections are reached. The system uptime as of now is 22 days, and this issue only started happening recently. This also happened at the Main location. It was using a TZ210, but was upgraded to the NSA 2400 about 2-3 weeks ago due to the amount of nodes on the network, and the two VPN Tunnels. I have scanned the network for virus' using Symantec Endpoint Protection 12 with the most current definitions, individually scanned each PC w/ malwarebytes, and manually checked each PC for open connections, and cannot find anything wrong on the network. Sonicwall support advised me there is nothing wrong with their device, and there has to be a computer on the network w/ a virus. I simply cannot find it. I am utilizing the UTM services on the Sonicwall, which drops the max connections to 10,000. Even if i disable it and raise the max connections to 30,000, it still gets maxed out. Anyone have any idea's what's going on? Anyone else have this problem before? Anyone have any suggestions for me for troubleshooting?
Thanks in advance.
0
Comment
Question by:mhdcommunications
  • 5
  • 3
8 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 36587145
If you go to System > Diagnostics, change the tool to Connections Monitor, then sort by source IP, which IP address has the most connections established through the sonicwall? If you're seeing a trend with the 210s, then it might not be malware. I know that was my first inclination. What firmware are you at on the 210s?
0
 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587173
SonicOS Enhanced 5.1.0.8-17o

Every time i try to look at the connection monitor while the problem is happening, the web interface locks up for so long, that the connections drop before it finishes sorting.
I should have mentioned, it's not consistant or regular. Very sporadic, and can last anywhere from 5-10 seconds, up to 5-10 minutes, then goes back to normal.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36587206
5.1 is a little outdated. The General Release is at 5.6 and the Early Release is at 5.8. My gut says bug in the firmware and you should try to upgrade.
0
 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587225
I also dont believe it's malware. The problem is i dont have a clue what the problem is. I can stick with its a hardware problem/limitation, but my client wants answers, and i cant tell them to buy another NSA 2400 without justification, and proof. With Sonicwall telling me it's something on the network, im stuck between a rock and a hard place. I have to figure out what is going on, why, and prove it/fix it, but im lost. When it happens again, ill attempt to check the connection monitor, but i doubt ill be able to. I am also monitoring all traffic from the LAN to the SWITCH w/ Wireshark and Windows Network Monitor. I did this at the main location prior to replacing it's TZ 210 w/ a NSA 2400, but never found anything malicious or even suspicious.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 33

Expert Comment

by:digitap
ID: 36587248
Update the firmware.
0
 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587868
Wont be able to update the firmware until 5pm EST. Will post back tomorrow.
Thanks.
0
 
LVL 1

Accepted Solution

by:
mhdcommunications earned 0 total points
ID: 37621713
Extensive testing confirmed (atleast i confirmed) overheating/defective unit was causing the firewall to go haywire, so to speek. After firmware upgrade, again and again, problem persisted. Cooling the unit stopped the issue. Maybe a defect? We switched to a larger firewall anyways, NSA2400 since, it was the corporate office. Connections dont go over 3000 now..
0
 
LVL 1

Author Closing Comment

by:mhdcommunications
ID: 37643621
Defective product
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now