Solved

Intermittent VPN Pinging Issue - Sonicwall TZ210

Posted on 2013-11-14
4
1,525 Views
Last Modified: 2013-12-03
This issue is a bit different than other posts I've seen.  I recently upgraded the firmware on this TZ 210 to 5.8.1.13-1o.  This is a "remote" firewall that is connected via VPN to the "primary" firewall.  
  The problem is that I lose the ability to ping this remote firewall at approx. 10 pm every night, and also at that time the core monitor utilization begins to climb from negligible to upwards of 30%.  
  I've determined that when I reboot this TZ 210 in the morning the core monitor utilization drops back to virtually nothing, and the ability to ping the X0 (LAN) interface returns.
  This same pattern repeats itself every night at approx. 10 pm after I perform a reboot.
  In the TZ 210 logs I find the following entry begins occurring every minute or so at roughly the same time I find the pings stop responding:
Notice - Network Access - ICMP packet dropped due to policy - xxx.xxx.xxx.xxx, 512 X1, <machine sending pings> - xxx.xxx.xxx.xxx, 8, XO - ICMP Echo, Code: 0

Any ideas?
Thanks.
Chuck
0
Comment
Question by:chenegar
  • 2
  • 2
4 Comments
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39648814
Hi chenegar,

RE: CPU Utilization - 30% is nothing. Furthermore that is the CPU utilization in aggregate so you might have backup services running backups offsite or any other network activity. Even at 90% utilization ping will work fine. Rebooting that frequently should also not be needed.

RE: Pinging, why are pinging all the time...is traffic failing or is the tunnel failing? Is the tunnel stable and just not passing traffic intermittently.

RE: time (10pm) make sure Access Rules are not running on a schedule.

Let me know so I can provide more details about resolution.

Thanks!
0
 

Author Comment

by:chenegar
ID: 39649113
Thanks for your response.  Here's some more info.
1.  I've confirmed no access rules are on a schedule
2.  The regular pings are generated by What's Up monitoring software from the subnet of the primary Sonicwall
3.  The remote location is staffed 8:30-5 by 3 people.  There is no activity (backups or otherwise) happening when the office is not in use.
4.  I check logs, diags, etc at least weekly on this Sonicwall
5.  At essentially the same time the following 3 things occurred:
        a.  What's Up began showing the remote Sonicwall (pinging to it's LAN port) down
        b.  My diags check began showing the spike in core processor utilization
        c.  Staff in that office, using Citrix to connect back to the main office, began experiencing latency issues
6.  The latency issues disappear when the core processor utilization is low (0-10%), and reappear when that utilization spikes
7.  This specific pair of Sonicwalls have been in place & working w/o lost pings, spiked utilization or latency related issues for over a year prior to the current issues.
8.  Even when the pings are failing, the tunnel is open, I can login to the remote Sonicwall using its LAN ip address, and Citrix & printing traffic flows (albeit w/ the above-mentioned latency issues).  
9.  And, when I can't ping the remote Sonicwall, I can ping from the primary location/subnet thru the VPN tunnel to workstations & printers that sit on the subnet of the remote Sonicwall

Hope this provides some additonal useful info.  Again, thanks.
Chuck
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39654466
Did this issue occur shortly after your SonicOS upgrade or has this been unrelated?

Upgrade the firmware to 5.9.0.2 (the latest release).

Let me know if this fixes it. If it doesn't I'll provide the next steps.
0
 

Author Comment

by:chenegar
ID: 39692333
I have now updated the firmware to a subsequent release (5.8.1.13-68o) & the problem appears to be fixed.  Thanks for your help.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port 808 is being blocked 9 55
asset management of client side devices laptops/computers 1 43
P2P and MPLS 3 42
Microsoft VPN Client error 7 29
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now