Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1342
  • Last Modified:

intermittent network outage after firewall change

Ok...so here are some things I'm having trouble sorting out. I'm including as much info as possible that may affect how you answer:

Me:
I've had my own IT company for the last 8yrs. I'm not formally trained in this but I have a knack for it and enjoy the challenge. I'm usually successful but there are times like this I am baffled and need some more "eyes" on the target.


Problem:
I have a 45 computer network running on an NT4 Domain. After changing/upgrading our firewall my clients lose internet connectivity about every 10 minutes for a period of about 2 minutes. (i.e. network goes down for 2 min or so, comes back up, runs for 10min or so, then goes down again for another 2min...cycle continues)


What:
Cable Modem (Comcast) 25Mbps down, 4.5Mbps up
Old Firewall - Netgear FVS-318 (network was working fine)
New Firewall - Dell Sonicwall TZ215 (with latest firmware)
45 computer clients and 6 servers (client OS - XP Pro.....Servers are Win2003ent except for NT4 Domain ctrl which is virtualized)


What changed when it stopped working:
I switched out the FVS-318 Netgear firewall to improve security and throughput. When I did this I lost connectivity to a number of machines on the network. I set Sonicwall with the same basic settings as the previous firewall (DHCP - enabled, same IP range etc.). So, I set the DHCP range from 192.168.0.15 to 192.168.0.254. I noticed though that the machines that had static IP's (mainly the servers) were NOT getting internet/connectivity. The only way I could get them to attain access was to manually reserve their IP's in the Sonicwall and set the servers to "obtain IP automatically". That got them access but now every machine on the network, to my knowledge, loses internet connectivity (I lose remote connection when working on them) every 10min or so for 1-2min at a time. The time interval is sometimes more than 10 minutes and there's been times it's been up for 30min or more, but then it goes back down. Also I have set the DNS servers on the Firewall to OpenDNS's servers (208.67.220.220 and 208.67.222.222)


What I've done:
I've tried isolating different machines to determine if it's ALL machines on the network or if it's just some. To the best of my knowledge, it's all of them, and they lose connectivity to the outside world but the inside network continues to function. I am able to ping the servers and other machines when connectivity goes down, so I am assuming this is a Firewall issue, I just have no idea what's causing the problem. I've done some looking into DDoS attacks, but haven't found anything that points to that as being the problem, not to mention it didn't start until AFTER I changed the firewall out.

take your best shot please!
0
wartan02
Asked:
wartan02
  • 7
  • 4
  • 4
  • +3
3 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
Let's start with the (to me) obvious first step. Please re-install the old firewall and determine if the problems go away.

It is probably your new firewall and it may have a fault.

.... Thinkpads_User
0
 
smckeown777Commented:
The sonicwall - is it staying up during the outage? Sounds to me like a power cycle issue, i.e. all is working fine, then a 2 minute 'outage' - possibly cause the sonicwall is resetting/power cycling due to a config issue/hardware fault/etc...

During the outage can you ping the sonicwall? Or can you check the logs on the sonicwall to see if you see anything during the outage?
0
 
captainCommented:
I would also look at the connectivity to the outside world. But in order of events I trouble shoot starting from after thinkpads_user's advice and assuming it is n issue with the new firewall only.

During outtage, do an IPCONFIG on the client machine, check for IP address and gateway address being correct/present. If wrong/no IP it is a DHCP issue

Ping the firewall, if you can ping the sonicwall during the outtage it is probably the connection to your ISP or DNS server issue. Are there ISP DNS servers that you should be using

Is the connection to your DSL/lease line set correctly? MTU values, reconnect times etc.

Post back with your findings. Ultimately this is just narrowing the symptoms, from what you said I agree that if it is not power, that it could be a reboot of the Sonicwall, but the logs should provide more info and also look for the heartbeat page if your Sonicwall has that and see if uptime intervals coincide with your outages.

hth
capt.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Sarang TinguriaSr EngineerCommented:
I would first check logs on Firewall
0
 
Brad BouchardInformation Systems Security OfficerCommented:
My first test would be simpler and easier to help isolate than all of these suggestions.  Plug a laptop/desktop into the firewall so that all that is plugged in is:

Outside DMARK (your ISP) line running into your modem > plugged into the SonicWALL's WAN port > with just one cable plugged into the laptop

If you can keep your Internet and it doesn't drop then it's more than likely not the firewall itself, but rather some sort of DHCP/DNS issue.  If the connection drops it's almost defintely a firewall issue, defect rather, that does as smck suggested and loses power for a period of time.  

Let me know the results and we can move forward from there.
0
 
John HurstBusiness Consultant (Owner)Commented:
My first test would be simpler and easier to help isolate than all of these suggestions

That is precisely what I suggested in the very first post here.  .... Thinkpads_User
0
 
wartan02Author Commented:
ok...I haven't done any of the other stuff because I can't get onsite yet, but I DID have one of my savvy users on the network type in google's IP address on their browser when it was down...and they COULD see google, but nothing else. Also, they did an ipconfig /all and got all the correct information. So it's definitely a DNS thing...question is, is it a config issue or a faulty Firewall!
0
 
John HurstBusiness Consultant (Owner)Commented:
I really think the simplest thing to do is try a different firewall. You have one that works according to your first post. Then you will know better what the situation is.

If you really wish to test DNS first, put 4.2.2.2 in as a secondary DNS and see what you get.

... Thinkpads_User
0
 
smckeown777Commented:
Following on from Thinkpads line, the next simplest thing to do is ping tests...

Have you remote access to the site?
I'd open 3 command prompts from a machine
1 to ping your internal firewall/router's IP
1 to ping 8.8.8.8(Google's DNS server)
1 to ping www.google.co.uk

Like follows...

ping -t <firewall ip>
ping -t 8.8.8.8
ping -t www.google.com

When the connection drops one of these will drop(or 2 or 3)
If the first one times out you have a firewall hardware fault
If 2nd one times out I'd say the same
If only the third one times out its DNS...
0
 
wartan02Author Commented:
smck - I'm currently doing the test. Over the last 5 minutes 2 and 3 both dropped out at the same time....1 stayed solid the whole time (so far)....will keep monitoring and will report back soon.
Thinkpads_User - I appreciate needing to establish a starting point, however, I just changed from the working firewall a couple of days ago and I know it was working. I'll take it out there in a few days and give it a try, but I expect to see it function as it did just a few days ago. I'll report back then regarding that should it still be an issue.
0
 
smckeown777Commented:
Great.

2 and 3 dropping means ur connection to ur isp is down, since pinging by ip shouldn't ever fail bar the actual connection drops
That takes dns out of equation

So either the wan circuit\hardware has a fault or maybe ur connected to an external cable modem?
0
 
wartan02Author Commented:
I am connected to an 8yr old (or older) Motorola Surfboard Cable Modem. I would assume this is bad and not the WAN on the new Firewall...thoughts? Or is that not what you were getting at?
0
 
smckeown777Commented:
Well yes its either that or the wan port on new firewall
Thinkpads test will confirm though
Put back old firewall and if same issue u have ur answer
If not then new firewall is faulty

Only other thing is a mis config on the settings between firewall and cable modem

New firewall logs should in the logs show more details
0
 
wartan02Author Commented:
ok...update (sorry took so long, was in the hospital)

1. I replaced the cable modem

2. I had the coax line re-terminated and then tested for good by the ISP onsite

3. tested the network with the New Firewall (Sonicwall) still in place

4. got the same results. The pings to "www.google.com" and "8.8.8.8" would drop fairly frequently and at the same time

5. I replaced the new firewall with the old one and the problem stopped.

6. I took the Sonicwall (new) home and reproduced the problem on my network

7. I reset the Sonicwall back to Factory Defaults and the results vary a little now:
[ping to 192.168.0.1] - no change...doesn't drop
[ping to www.google.com] - once in a blue moon drops once (comes back "no reply" then continues with "Reply from")
[ping to 8.8.8.8] - once in a blue moon drops once (like the one above, but not at the same time)

8. I should mention that I had setup the firewall here at home as a new LAN on my current network...so it went from my modem>my router/firewall>switch>Sonicwall (device in question)>test laptop

9. I ran concurrent tests on my desktop on the root LAN of my network and I got the same sort of results, but it never dropped its connection at the same time the test laptop did.
0
 
John HurstBusiness Consultant (Owner)Commented:
I replaced the new firewall with the old one and the problem stopped.

So then as we were thinking, the problem is with your new Sonicwall. You might wish to contact Sonicwall Support to see if they have any suggestions and/or firmware patch.

... Thinkpads_User
0
 
wartan02Author Commented:
Felt quite sure from the beginning that the new firewall was part of the problem since the problem started as soon as I put in the new firewall. I've actually been trying to figure out exactly what the problem is, whether it's a defect in the firewall, a setting issue in the firewall, a coinciding problem in the network, or a problem with the ISP...OR a conglomerate of more than one issue.

I began by updating to the newest firmware from the beginning and have contacted Sonicwall for assistance.
0
 
wartan02Author Commented:
The resolution:

1.) I inserted a switch in between the cable modem AND the Sonic Firewall which fixed an apparent negotiation issue between the two devices

2.) I also UNCHECKED these boxes in the firewall settings:
"Network>DHCP Server>DHCP Server Settings"...uncheck the following:
"Enable Conflict Detection"
and
"Enable DHCP Server Persistence"


This resolved my issue, however, the support at Sonicwall was not able to tell me exactly why there was a negotiation issue between the firewall and the modem. I hate resolutions that I don't understand!
0
 
wartan02Author Commented:
Of course the old Firewall was working and would have worked again, it was the only thing that changed in the mix. , but SonicWall is not very quick to just send you out a new unit when you complain. This is a GOOD troubleshooting method, but one that I already knew the answer to. smckeown gave the most helpful solution which helped me determine exactly what was happening, I just didn't know why.

thanks for the help, the additional things I had done were good troubleshooting steps as well, too bad SonicWall couldn't tell me exactly why there is a negotiation issue with a $900 piece of equipment!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 7
  • 4
  • 4
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now