Not something you'd want to see
Larry All-Knowing Sage ✭✭✭✭
TZ600 syslog entry:
Gateway Anti-Virus Status: Server error. This firewall is sending packets too fast for it to reassemble.
Any idea of what this really means and what the implications are?
Category: Entry Level Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Does this Event message appear for Capture ATP events?
If true, usually, this message appears when the buffer used to store the entire number of packets of the file gets full before Capture ATP can reassemble the file at the "Data Center Location" for inspection.
These are the 3 actions you can take to fix this issue:
1 - Ensure that you are using the closest Data Center for the location the FW is installed.
2 - Ensure that you are using the latest firmware on the FW.
3 - Follow this KB article to increase the buffer size on the FW side:
If the issue persists, the next step would be to select an alternate Data Center Location.
If you continue experiencing the message after all the mentioned steps, please open a support ticket mentioning all the steps taken and attaching the logs and we will be glad to troubleshoot further.
Technical Support Advisor, Premier Services
I would like to go through these one by one.
Starting with "Ensure that you are using the closest Data Center for the location the FW is installed." How - exactly - would I do that long after the license has been established? And if it not the closest, how would I change it?
The device is using the latest firmware, SonicOS Enhanced 188.8.131.52-83n
The settings mentioned in the KB article are set.
I cannot refresh the cache items until the weekend - and I'll have to schedule this with the business owner - because of all the work from home users log in to their desktops at all hours of the day and night.
But the "server error" came after several PDF files were received as email attachments. It was the next to last one that had the reported message. I no longer have the active log (this TZ 600 only manages to retain about 30 minutes of activity), so I can't say what the others were... However, looking at Capture ATP in the device it only reports on 2 files at that time. Now I'm wondering about any others.