Solved

Too many open connections on TZ210

Posted on 2011-09-23
8
1,057 Views
Last Modified: 2012-05-12
I have a very strange problem. I have a 3 location network:
1- Main location w/ NSA 2400
2 - Remote1 w/ TZ210
3 - Remote 2 w/ TZ210
There is a VPN Tunnel from Remote 1 & 2 to the Main location. The TZ210 on one of the remote networks started having problems a day or so ago. Every so often, the max connections are reached. The system uptime as of now is 22 days, and this issue only started happening recently. This also happened at the Main location. It was using a TZ210, but was upgraded to the NSA 2400 about 2-3 weeks ago due to the amount of nodes on the network, and the two VPN Tunnels. I have scanned the network for virus' using Symantec Endpoint Protection 12 with the most current definitions, individually scanned each PC w/ malwarebytes, and manually checked each PC for open connections, and cannot find anything wrong on the network. Sonicwall support advised me there is nothing wrong with their device, and there has to be a computer on the network w/ a virus. I simply cannot find it. I am utilizing the UTM services on the Sonicwall, which drops the max connections to 10,000. Even if i disable it and raise the max connections to 30,000, it still gets maxed out. Anyone have any idea's what's going on? Anyone else have this problem before? Anyone have any suggestions for me for troubleshooting?
Thanks in advance.
0
Comment
Question by:mhdcommunications
  • 5
  • 3
8 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 36587145
If you go to System > Diagnostics, change the tool to Connections Monitor, then sort by source IP, which IP address has the most connections established through the sonicwall? If you're seeing a trend with the 210s, then it might not be malware. I know that was my first inclination. What firmware are you at on the 210s?
0
 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587173
SonicOS Enhanced 5.1.0.8-17o

Every time i try to look at the connection monitor while the problem is happening, the web interface locks up for so long, that the connections drop before it finishes sorting.
I should have mentioned, it's not consistant or regular. Very sporadic, and can last anywhere from 5-10 seconds, up to 5-10 minutes, then goes back to normal.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36587206
5.1 is a little outdated. The General Release is at 5.6 and the Early Release is at 5.8. My gut says bug in the firmware and you should try to upgrade.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587225
I also dont believe it's malware. The problem is i dont have a clue what the problem is. I can stick with its a hardware problem/limitation, but my client wants answers, and i cant tell them to buy another NSA 2400 without justification, and proof. With Sonicwall telling me it's something on the network, im stuck between a rock and a hard place. I have to figure out what is going on, why, and prove it/fix it, but im lost. When it happens again, ill attempt to check the connection monitor, but i doubt ill be able to. I am also monitoring all traffic from the LAN to the SWITCH w/ Wireshark and Windows Network Monitor. I did this at the main location prior to replacing it's TZ 210 w/ a NSA 2400, but never found anything malicious or even suspicious.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36587248
Update the firmware.
0
 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587868
Wont be able to update the firmware until 5pm EST. Will post back tomorrow.
Thanks.
0
 
LVL 1

Accepted Solution

by:
mhdcommunications earned 0 total points
ID: 37621713
Extensive testing confirmed (atleast i confirmed) overheating/defective unit was causing the firewall to go haywire, so to speek. After firmware upgrade, again and again, problem persisted. Cooling the unit stopped the issue. Maybe a defect? We switched to a larger firewall anyways, NSA2400 since, it was the corporate office. Connections dont go over 3000 now..
0
 
LVL 1

Author Closing Comment

by:mhdcommunications
ID: 37643621
Defective product
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now