Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

outlook imap connections broken

Hello

I am not quite sure if it is even problem od my 790 appliances, but it happens only in our offices. Every so often Outlook IMAP connections get blocked on sending / receiving emails. When it happens, progress bar freezes in half. After that I cannot close Outlook in ordinary way and I have to do it by task manager killing process. Next start everything works correct but only until next stop.

It started many months ago, but first I thought it will go with next MS Office update. Time is running out and still many different versions of Outlook perform not better.

This does not happens outside office, not on every station but in all offices where we have 7x0 appliances.

Our mail server is hosted by ISP.

I have IPS, Anti-Virus, Anti-Bot and Applications & URL Filtering activated while Anti-Spam, Threat Emulation, QoS not and SSL Inspection set to HTTPS Categorization. I have also standard policy set on FW and other blades. I block security risk categories and "other undesired applications".

Does anyone suffers from similar problem and knows solution, please?

0 Kudos
8 Replies
Highlighted
Admin
Admin

What do your Security Logs say when these issues are happening?
0 Kudos
Highlighted

Sorry for the delay but i tried to hunt for error and corresponding logs. No luck. I cannot find anything interesting in the logs.
I was looking for entries about my computer's IP and mail server IP. I found only something like:

Today 21:49:01
Piotr Wasilewski (pwasilewski)
 
URL Filtering
LAN1
 
Allow
192.168.0.121
79.96.193.51
TCP/993
1 (Outgoing)
home.pl was allowed
Today 21:09:00
Piotr Wasilewski (pwasilewski)
 
Application Control
WAN
 
Allow
192.168.0.121
79.96.193.51
TCP/993
1 (Outgoing)
SSL Protocol was allowed


but not exactly at the time of the connection break. There is no blocked traffic between the two.
How can I get closer to the problem?

0 Kudos
Highlighted
Admin
Admin

The behavior seems to be that the connection gets interrupted somehow and the client doesn't quite know how to deal with it.
I was thinking it could be an IPS signature that was triggering it...and that may still be happening.
You'd have to get some debugs from the appliance while the problem is happening to understand.
TAC should be able to assist with this.

Another, simpler thing to try would be increasing the TCP timeout for IMAPS and possibly SMTP, depending on how your client is sending mail.
For most TCP services, this is usually 3600 seconds (1 hour).
For some reason, IMAPS has a very low timeout (like 40 seconds) and you may want to change it:

Screen Shot 2019-10-01 at 1.27.15 PM.png

0 Kudos
Highlighted

Thank you very much for hint. I take it as a suggestion to extend that time.

However I have already 60 seconds sessions timeout for IMAPS while 3600 for IMAP and enabled aggresive agging by default. I put 120 seconds and report back what happened. Is aggresive agging something I should bother with?

0 Kudos
Highlighted
Admin
Admin

Aggressive Aging happens when the appliance is operating at close to its max connection capacity.
Basically, once the threshold is passed (80%, I believe), existing connections are "aggressively aged" until the number of connections is again below the threshold.
In general, the exact number of connections supported will depend on the amount of memory in the appliance, blades, etc.
However, SMB appliances do not have expandable memory.
In my 750, the limit is 150k.
0 Kudos
Highlighted

Unfortunatelly extended to 120 seconds IMAPS sessions timeout doesn't do the job.

Do you know any other parameters to tune up or maybe some blades to switch off?

Or should I call TAC directly?

0 Kudos
Highlighted
Admin
Admin

Perhaps fw ctl zdebug drop | grep a.b.c.d might help you understand why packets are being dropped.
The TAC should be able to help as well.
0 Kudos
Highlighted

Thank you very much. I will try with the command first.

0 Kudos