Solved

Some servers dropping network connectivity intermitantly, other servers are fine

Posted on 2013-12-10
7
577 Views
Last Modified: 2013-12-16
Starting on Sunday, our network started reporting a handful of servers and devices dropping network connectivity, then coming back up, and all at the same time. We have a SQL server, two servers for Solarwinds Orion, and a couple other devices that are having the issues. Using the SQL server as an example, when it drops, I am unable to ping the default gateway, which is a Sonicwall NSA 2400, or outside to the internet. This happens with either the primary or secondary Sonicwall. Internally, our terminal server can connect to the SQL server without any issues, and our Exchange server has had no issues. I can connect to it no problem from my desk as well, but other users in the building cannot connect directly to the SQL server. The general manager can, at his desk, ping it by its DNS name, but cannot ping the IP address itself. (Yes I said that right, it will respond with the DNS name, but not IP address). Other users cannot ping either. I have checked all of the servers for potential viruses, all came back clean. I have rebooted the switch, both Sonicwalls, the DHCP server and the DNS servers. Cleared ARP cashes and flushed DNs on the servers. The servers connect to a Cisco 2930 switch, and from the switch to the Sonicwall. And this happens with both LAN and DMZ connections. There have been NO changes done over the weekend that could be the culprit. Any thoughts?
0
Comment
Question by:signaltelcom
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Assisted Solution

by:sharjeel ashraf
sharjeel ashraf earned 250 total points
ID: 39709449
i have seen the same problem on another site the problem (believe it or not), was a rule in the sonicwall pointing back to the internal LAN, it took us days to work it out and even sonicwall support didn't find it the first 10 times we called them.

from memory , the rule had the internal range, sub-net mask, and then the internal interface as the gateway, after this was removed the the unit was rebooted and so far (1 year) no problems.
0
 

Author Comment

by:signaltelcom
ID: 39709476
Did you remove the rule entirely, or just the internal interface as the gateway?
0
 
LVL 6

Expert Comment

by:sharjeel ashraf
ID: 39709481
the whole rule had to be deleted. there is a way to show hidden or old rules as well, im not a sonicwall expert by any means. check both of them.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 6

Expert Comment

by:sharjeel ashraf
ID: 39709484
please take a full backup of the config before trying anyhting.
0
 
LVL 24

Accepted Solution

by:
diverseit earned 250 total points
ID: 39712397
Hi signaltelcom,

Verify the Interfaces have the correct IP addresses & subnets (Network > Interfaces).

Make sure Ping is enabled on the WAN, LAN and DMZ Zones. Check in Network > Interfaces click on configure for the aforementioned Interfaces and Ping should be enabled...if not that's your issue. Then verify the Access Rules (Firewall > Access Rules) are in-place. By design this should be an automatic function of selecting the "enable Ping" within the Network > Interfaces area but we must always verify! You should see tje auto-created Access Rules under LAN > LAN, WAN > WAN, etc.

There are no such "hidden rules" that I'm aware of in SonicWALLs. All Access Rules are plainly viewable at all times.

Let me know how it goes!
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39715941
Any updates with this?
0
 

Author Comment

by:signaltelcom
ID: 39721637
We checked all the rules and everything was fine. We did another simultaneous reboot of both Sonicwalls (that I found out are set up as High Availability units) and it helped. We still havent found the root cause, but so far the issue seems to have resolved itself. My Network tech is looking into it now that hes back.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now