?
Solved

Too many open connections on TZ210

Posted on 2011-09-23
8
Medium Priority
?
1,069 Views
Last Modified: 2012-05-12
I have a very strange problem. I have a 3 location network:
1- Main location w/ NSA 2400
2 - Remote1 w/ TZ210
3 - Remote 2 w/ TZ210
There is a VPN Tunnel from Remote 1 & 2 to the Main location. The TZ210 on one of the remote networks started having problems a day or so ago. Every so often, the max connections are reached. The system uptime as of now is 22 days, and this issue only started happening recently. This also happened at the Main location. It was using a TZ210, but was upgraded to the NSA 2400 about 2-3 weeks ago due to the amount of nodes on the network, and the two VPN Tunnels. I have scanned the network for virus' using Symantec Endpoint Protection 12 with the most current definitions, individually scanned each PC w/ malwarebytes, and manually checked each PC for open connections, and cannot find anything wrong on the network. Sonicwall support advised me there is nothing wrong with their device, and there has to be a computer on the network w/ a virus. I simply cannot find it. I am utilizing the UTM services on the Sonicwall, which drops the max connections to 10,000. Even if i disable it and raise the max connections to 30,000, it still gets maxed out. Anyone have any idea's what's going on? Anyone else have this problem before? Anyone have any suggestions for me for troubleshooting?
Thanks in advance.
0
Comment
Question by:mhdcommunications
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 36587145
If you go to System > Diagnostics, change the tool to Connections Monitor, then sort by source IP, which IP address has the most connections established through the sonicwall? If you're seeing a trend with the 210s, then it might not be malware. I know that was my first inclination. What firmware are you at on the 210s?
0
 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587173
SonicOS Enhanced 5.1.0.8-17o

Every time i try to look at the connection monitor while the problem is happening, the web interface locks up for so long, that the connections drop before it finishes sorting.
I should have mentioned, it's not consistant or regular. Very sporadic, and can last anywhere from 5-10 seconds, up to 5-10 minutes, then goes back to normal.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36587206
5.1 is a little outdated. The General Release is at 5.6 and the Early Release is at 5.8. My gut says bug in the firmware and you should try to upgrade.
0
WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587225
I also dont believe it's malware. The problem is i dont have a clue what the problem is. I can stick with its a hardware problem/limitation, but my client wants answers, and i cant tell them to buy another NSA 2400 without justification, and proof. With Sonicwall telling me it's something on the network, im stuck between a rock and a hard place. I have to figure out what is going on, why, and prove it/fix it, but im lost. When it happens again, ill attempt to check the connection monitor, but i doubt ill be able to. I am also monitoring all traffic from the LAN to the SWITCH w/ Wireshark and Windows Network Monitor. I did this at the main location prior to replacing it's TZ 210 w/ a NSA 2400, but never found anything malicious or even suspicious.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36587248
Update the firmware.
0
 
LVL 1

Author Comment

by:mhdcommunications
ID: 36587868
Wont be able to update the firmware until 5pm EST. Will post back tomorrow.
Thanks.
0
 
LVL 1

Accepted Solution

by:
mhdcommunications earned 0 total points
ID: 37621713
Extensive testing confirmed (atleast i confirmed) overheating/defective unit was causing the firewall to go haywire, so to speek. After firmware upgrade, again and again, problem persisted. Cooling the unit stopped the issue. Maybe a defect? We switched to a larger firewall anyways, NSA2400 since, it was the corporate office. Connections dont go over 3000 now..
0
 
LVL 1

Author Closing Comment

by:mhdcommunications
ID: 37643621
Defective product
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question