4 Replies Latest reply on Nov 25, 2010 4:42 AM by DaveHillDL

    IPSec failures on V4 SG580 ("firewall" implicated?)

      Hi

       

      I'm just trying to get a handle on this to work out what's going on, so I thought I'd tap into the Communities first...

       

      We're running an SG580 (4.0.8) MacAfee unit here in Cambridge which handles our IPsec connections, plus also handles PPTP VPN connections.

       

      We have IPSec connections to Taiwan (using a Draytek unit), USA (using a Juniper) and Poland (using an older SG575 v3.2.2).

       

      The Poland IPsec connection is unstable compared with the other two connections, it regularly goes down and has to be restarted (usually from the Poland end as they notice first).

       

      I have tried reducing the IPsec MTU to 1300 bytes at both ends, this doesn't seem to have made any difference.

       

      I have noticed that the failures seem to coincide with PPTP connections starting or finishing, the running of the firewall process/script seems to cause lots of lost packets (I assume as the rules are updated) and sometimes seems to cause PPTP sessions to be terminated which then seems to start an avalanche of messages saying

       

      firewall[nnnn]: executing firewall rules
      
      firewall[nnnn]: received signal while executing: 15

       

      Is this similar to what other people have seen with V4 software?


      Dave Hill