Solved

Too many open connections on TZ210

Posted on 2011-09-23
8
1,065 Views
Last Modified: 2012-05-12
I have a very strange problem. I have a 3 location network:
1- Main location w/ NSA 2400
2 - Remote1 w/ TZ210
3 - Remote 2 w/ TZ210
There is a VPN Tunnel from Remote 1 & 2 to the Main location. The TZ210 on one of the remote networks started having problems a day or so ago. Every so often, the max connections are reached. The system uptime as of now is 22 days, and this issue only started happening recently. This also happened at the Main location. It was using a TZ210, but was upgraded to the NSA 2400 about 2-3 weeks ago due to the amount of nodes on the network, and the two VPN Tunnels. I have scanned the network for virus' using Symantec Endpoint Protection 12 with the most current definitions, individually scanned each PC w/ malwarebytes, and manually checked each PC for open connections, and cannot find anything wrong on the network. Sonicwall support advised me there is nothing wrong with their device, and there has to be a computer on the network w/ a virus. I simply cannot find it. I am utilizing the UTM services on the Sonicwall, which drops the max connections to 10,000. Even if i disable it and raise the max connections to 30,000, it still gets maxed out. Anyone have any idea's what's going on? Anyone else have this problem before? Anyone have any suggestions for me for troubleshooting?
Thanks in advance.
0
Comment
Question by:mhdcommunications
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 36587145
If you go to System > Diagnostics, change the tool to Connections Monitor, then sort by source IP, which IP address has the most connections established through the sonicwall? If you're seeing a trend with the 210s, then it might not be malware. I know that was my first inclination. What firmware are you at on the 210s?
0
 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587173
SonicOS Enhanced 5.1.0.8-17o

Every time i try to look at the connection monitor while the problem is happening, the web interface locks up for so long, that the connections drop before it finishes sorting.
I should have mentioned, it's not consistant or regular. Very sporadic, and can last anywhere from 5-10 seconds, up to 5-10 minutes, then goes back to normal.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36587206
5.1 is a little outdated. The General Release is at 5.6 and the Early Release is at 5.8. My gut says bug in the firmware and you should try to upgrade.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587225
I also dont believe it's malware. The problem is i dont have a clue what the problem is. I can stick with its a hardware problem/limitation, but my client wants answers, and i cant tell them to buy another NSA 2400 without justification, and proof. With Sonicwall telling me it's something on the network, im stuck between a rock and a hard place. I have to figure out what is going on, why, and prove it/fix it, but im lost. When it happens again, ill attempt to check the connection monitor, but i doubt ill be able to. I am also monitoring all traffic from the LAN to the SWITCH w/ Wireshark and Windows Network Monitor. I did this at the main location prior to replacing it's TZ 210 w/ a NSA 2400, but never found anything malicious or even suspicious.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36587248
Update the firmware.
0
 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587868
Wont be able to update the firmware until 5pm EST. Will post back tomorrow.
Thanks.
0
 
LVL 1

Accepted Solution

by:
mhdcommunications earned 0 total points
ID: 37621713
Extensive testing confirmed (atleast i confirmed) overheating/defective unit was causing the firewall to go haywire, so to speek. After firmware upgrade, again and again, problem persisted. Cooling the unit stopped the issue. Maybe a defect? We switched to a larger firewall anyways, NSA2400 since, it was the corporate office. Connections dont go over 3000 now..
0
 
LVL 1

Author Closing Comment

by:mhdcommunications
ID: 37643621
Defective product
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question