Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dyslexic155
Participant

VPN connection dropped / First packet isn’t SYN

Hello Experts,

We were running on R80.20, but after we upgraded to R80.30 T217 we experienced a behavior that didn't happen before.

The sitiation was that we were able to initiate the SSLVPN connection, but every 7 minutes or so, the connection broke and the TCP stack had to re-initiate.

During this re-initiation, the VPN connection is dropped for 10 – 30  seconds, though in most cases, it got re-established without having to  re-authenticate to the VPN. It was as if the firewall apparently “forgets” certain sessions related to SSLVPN, at
which point the connection is no longer known in the session table and the traffic is dropped. (First packet isn’t SYN).

A failover solved the issue, and it didn't happen again.

So is there a known bug the reason for this behavior in T217? As I believe it's not related to a configuration thing as just the failover solved the issue and till now it didn't happen again.

We need to make sure it doesn't re-occur.

 

Best Regards,

 

 

0 Kudos
Reply
1 Reply
PhoneBoy
Admin
Admin

I would get the TAC involved, especially if this worked without issue in R80.20.

0 Kudos
Reply