A TZ Series Firewall and users stop being able to access the internet

Disconnected

Users complain of not being able to access the internet, multiple times through out the day.

Pings to google.com fail from their computer

Pings to 1.1.1.1, 8.8.8.8, 1.0.0.1 all fail

Ping to firewall lan port succeeds.

IPSec VPN tunnel from remote office is up and we can ping devices at problematic location. (continual ping during problem period shows the IPSEC tunnel remains up & no packets were dropped).

Pings out from the remote firewall to 1.1.1.1 and google.com both work.

Verified DNS on computer at remote office has same DNS the firewall is using.

Log shows several lines of IP spoof dropped, but the source is 10.0.191.255 which is not part of that local network. The MAC resolves to a local MikroTik router. That router allows a cloud line of business app to print to local printers.

Anyway, I'm mentioning that in case that may be related to the numerous open connections.

Ideas to isolate?

Saravanan

Hi @DISCONNECTED,

Thank you for visiting SonicWall Community.

The symptom reported by you is something to check with number of connections on the firewall. I recommend you to verify the connections monitor on the SonicWall during the issue time and verify if all are legitimate connections. This should isolate the issue.

Disconnected

I should have proof-read better :-/ The last line should have read: I'm mentioning the IP spoofing in case that may be related lack of internet connectivity on the devices. (Restarting the firewall does resolve the issue for a random period of time).

Disconnected

More info... After restarting the system seems to be more and more frequently reporting that the cache is full; 2317144284 open connections; some will be dropped.

Disconnected

Thanks I will try this tomorrow and report back.

Disconnected

Thanks for the tip. The firewall was being attacked via automated brute force attempt on the ssl vpn portal page, with about 2000 attempts in roughly minutes.