Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Leader
Leader

Getting frequent disconnection on R80.20

Hi,

I am on R80.20 with HFA 141 and mgmt on R80.30. Users are suddenly started experiencing disconnection is sessions. Mostly RDP or SAP connections are getting disconnected. 

I immediately have stopped fwaccel due to which the frequency of session disconnection is very less now however in about 4-5 hours their session gets disconnected.

Any clue what to debug?

TIA

Blason R

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
7 Replies
G_W_Albrecht
Legend
Legend

I would suggest to get help from TAC !

CCSE CCTE CCSM SMB Specialist
0 Kudos
Blason_R
Leader
Leader

Yes I have started with it.

 

Thanks

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Timothy_Hall
Champion
Champion

Any time certain connections seem to randomly die, enabling TCP state logging can be helpful to see why a connection died/ended:

sk101221: TCP state logging

You can enable it from the SmartConsole here:

tcpstate.jpg

SecureXL has slightly different timing rules for connections which may explain why the behavior changed when SecureXL was disabled.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Kim_Moberg
Advisor

I am not sure if this relates

I have seen IPS preventing some traffic over RDP for example from remote access to it-ressources at the office.

Could it be related to this frequent disconnection?

Best Regards
Kim
0 Kudos
Blason_R
Leader
Leader

Nah I feel this is related to multi-queue/corexl or may be secureXL. Anyways I am upgrading to R80.30 and latest HFA lets see if that disappears.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Timothy_Hall
Champion
Champion

Maybe, but I'd verify first that the connection is not somehow getting killed by good ol' stateful inspection before trying to dive any deeper.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Blason_R
Leader
Leader

Hi there,

I developed some progress and found that we created dyanmic_objects to fetch certain IP addresses from web server. This is happening if we enable those in rule base. And if we stop or delete those rule it does not happen.

I really don't see any logic behind this or would really appreciate if any few debug commands provided? or should I debug kernel or fwd daemon to pinpoint the issue?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events