Issue still persists 2+ months later with latest 7.1.1 code on TZ270s. 3 more sites with similar issues this month alone, again with Bell Hub 2000 router/modems (Canada). Fixing X1 to 1G/FD made no difference, but adding a dumb little gig switch between them seems to help, another spof.
Now I suspect it may be code, either on the SonicWall side or the ISP modem/router side. I now have an NSa2700 which just experienced the same symptom. I put a little 5 port HP Gig switch between the X1 interface and the ISP, the problem goes away.
Same issue here. Newest firmware 7.1.1-7051 on a TZ270. Customer will complain of no internet. Reboot modem and the issue is corrected. Before the reboot I can ping their static but it has almost 98% packet loss after the reboot the connection is stable. I placed a small 5 port unmanaged switch between the modem and the SW yesterday. So far no more drops . The modem is a Hitron Coda-4589 with software version 7.2.4.5.2b5 from Breezeline (formerly atlantic broadband). I should also note that we had breezeline come out and naturally they blame the SW. The tech insisted that a full hard reset of the modem would fix it. Well the next day the issue occurred again. The signal levels on this modem are almost perfect and there are no SNR issues on the node at all. This issue seems to have started at least for this customer in Feb 2024. Firmware in February was 7.0.1. We updated to the 7.11-7051 hoping the issue would be resolved but it was not so I am leaning now towards the modem being the issue. We have customers with Breezeline and a TZ270 with an Arris S33 with no issues.
Currently about ready to try this 5-port switch solution with two clients. MSP here and we have an ISP, Blue Ridge Cable, in NE Pennsylvania that is claiming there is a known issue with SonicWall and Cable Modems causing these issues. They want us using something else other than a SonicWall. We did get them to replace cable modems, wiring, we even replaced a TZ400 with a new TZ 370 firewall at one site. Same issues. ISP sees nothing wrong. We don't have this issue with any other ISPs right now, but just like the OP states the issue is spot on, WAN flapping on two TZ 370s. Latest Firmware installed on both: 7.1.3-7015-R6965. We have a tech on-site now troubleshooting this and he did bring a 5 port switch due to this very thread. Will update if issues resolves.
Wow…I can't believe I came across this thread. I am also in Northeast Pennsylvania and have Blue Ridge Cable as my ISP. I just swapped out my Cisco ASA 5505 for a TZ370. The ASA 5505 was rock solid and I never had any issues (it just couldn't support anything higher than 100M). I have 300Mb/10Mb service. I simply swapped the ASA for the TZ370 and now my Internet is randomly cutting out. It seems to cut out for about 20 seconds. This seems to occur 2-3 times within an 8 hour period of time. I work remotely so I notice any Internet blips as it causes Web-Ex, Teams, and RDP sessions to all drop. I've worked in IT for 20+ years so troubleshooting these type of issues is my day job.
Model: TZ370
Firmware: 7.1.3-7015-R6965
Modem: Arris SB6183 (plugged into X1)
LAN Switch: Cisco 2960L-24PS-LL (plugged into X0)
Behavior: Internet randomly drops. I have the TZ370 setup to send syslogs to my Synology NAS. I do not have any X1 interface related messages logged. Therefore, my X1 port doesn't appear to be going down. However, when the Internet "drops" out, I have a gap of about 20 seconds in which no syslogs are generated. I would think even if X1/WAN went down, the syslogs should still be sending to the X0/LAN port. It is almost like the firewall is freezing for a short period of time and stops passing all traffic on X0 and X1. This theory is further supported by the fact that PRTG Network Monitor sees a spike in traffic on the internal LAN (SNMP traffic monitor on Cisco 2960 switch). This would suggest that internal clients are trying to reach the SonicWALL IP Gateway and not getting a response. This causes a lot of ARP requests causing network traffic. I haven't taken the next step in port mirroring my X0/LAN port from my Cisco switch to the SonicWALL.
I did create a static ARP entry in the Sonicwall for my internal Cisco switch. However, this has not resolved the issue. I'm almost thinking this is a firmware or hardware related issue. I know my cables and modem are fine.
Amazing to see this. We just did the 5-port switch test I mentioned in my previous post for a client in Tobyhanna PA and it didn't fix ANYTHING. Monitored it overnight and like you said, periods of drops as described continued. Client has already complained this morning, more drops. We have a tech going on-site now who is going to try connecting directly to the 5-port switch in-front of the SonicWall, see if he pulls a random WAN IP, which usually gets handed out normally without the Blue Ridge / PTD MAC reservation nonsense. While he is connected, we hope, directly to the 5-port switch, we are going to be monitoring our pings…..if the office PCs drop, but he does not, then that all but confirms a SonicWALL issue. If they both drop, then I'm once more assuming ISP. Interestingly, in this case, the client has a second WAN connection coming off the Technicolor 4400-am Cable Modem going directly into a VOIP switch…no firewall. When they have the drops, their VOIP also goes to hell with connectivity and echoing….and again there is NO sonicwall in that VOIP path. Will keep updated here as we find out more.
Following up from my previous comment. We lucked out this morning with the ability to have a technician laptop connected directly to the cable modem. Due to the way the service was dropping, the client just closed the office for the day. So with cable modem and only a laptop connected, the pings still dropped as described above. We had two solid 10-20 second drops over an hour period. Got parent ISP on phone, PTD, which works with Blue Ridge, and they confirmed flapping / dropped packets from their NOC. Sent screenshots of packet loss on laptop and now simply waiting for escalation from our PTD tech who is going to be dealing with Blue Ridge directly. Ironically, the client main site in East Stroudsburg PA, on a PTD FIBER line had a full outage this morning for about 3 hours. Oddly coincidental. Regardless, we were told to put everything back, Cable Modem to SonicWall, and call it a day. At this point again, just waiting now.
Update here. I just had the Internet cut out. I immediately checked the logs and it showed an X1/WAN ARP timeout to the ISP Gateway IP. I was actively logged into the SonicWALL GUI at the time. The SonicWALL GUI was responsive and not locked up or frozen. By default, the ARP cache timeout is set to 10 minutes. If I had to guess, the ARP entry ages out of the table and fails to renew. Without a valid ARP entry, WAN traffic has nowhere to go.
Answers
Issue still persists 2+ months later with latest 7.1.1 code on TZ270s. 3 more sites with similar issues this month alone, again with Bell Hub 2000 router/modems (Canada). Fixing X1 to 1G/FD made no difference, but adding a dumb little gig switch between them seems to help, another spof.
Freddy...
I'm back!!
Now I suspect it may be code, either on the SonicWall side or the ISP modem/router side. I now have an NSa2700 which just experienced the same symptom. I put a little 5 port HP Gig switch between the X1 interface and the ISP, the problem goes away.
Same issue here. Newest firmware 7.1.1-7051 on a TZ270. Customer will complain of no internet. Reboot modem and the issue is corrected. Before the reboot I can ping their static but it has almost 98% packet loss after the reboot the connection is stable. I placed a small 5 port unmanaged switch between the modem and the SW yesterday. So far no more drops . The modem is a Hitron Coda-4589 with software version 7.2.4.5.2b5 from Breezeline (formerly atlantic broadband). I should also note that we had breezeline come out and naturally they blame the SW. The tech insisted that a full hard reset of the modem would fix it. Well the next day the issue occurred again. The signal levels on this modem are almost perfect and there are no SNR issues on the node at all. This issue seems to have started at least for this customer in Feb 2024. Firmware in February was 7.0.1. We updated to the 7.11-7051 hoping the issue would be resolved but it was not so I am leaning now towards the modem being the issue. We have customers with Breezeline and a TZ270 with an Arris S33 with no issues.
Update : Placing an unmanaged switch between the Modem and SW fixed the issue.
Currently about ready to try this 5-port switch solution with two clients. MSP here and we have an ISP, Blue Ridge Cable, in NE Pennsylvania that is claiming there is a known issue with SonicWall and Cable Modems causing these issues. They want us using something else other than a SonicWall. We did get them to replace cable modems, wiring, we even replaced a TZ400 with a new TZ 370 firewall at one site. Same issues. ISP sees nothing wrong. We don't have this issue with any other ISPs right now, but just like the OP states the issue is spot on, WAN flapping on two TZ 370s. Latest Firmware installed on both: 7.1.3-7015-R6965. We have a tech on-site now troubleshooting this and he did bring a 5 port switch due to this very thread. Will update if issues resolves.
Wow…I can't believe I came across this thread. I am also in Northeast Pennsylvania and have Blue Ridge Cable as my ISP. I just swapped out my Cisco ASA 5505 for a TZ370. The ASA 5505 was rock solid and I never had any issues (it just couldn't support anything higher than 100M). I have 300Mb/10Mb service. I simply swapped the ASA for the TZ370 and now my Internet is randomly cutting out. It seems to cut out for about 20 seconds. This seems to occur 2-3 times within an 8 hour period of time. I work remotely so I notice any Internet blips as it causes Web-Ex, Teams, and RDP sessions to all drop. I've worked in IT for 20+ years so troubleshooting these type of issues is my day job.
Model: TZ370
Firmware: 7.1.3-7015-R6965
Modem: Arris SB6183 (plugged into X1)
LAN Switch: Cisco 2960L-24PS-LL (plugged into X0)
Behavior: Internet randomly drops. I have the TZ370 setup to send syslogs to my Synology NAS. I do not have any X1 interface related messages logged. Therefore, my X1 port doesn't appear to be going down. However, when the Internet "drops" out, I have a gap of about 20 seconds in which no syslogs are generated. I would think even if X1/WAN went down, the syslogs should still be sending to the X0/LAN port. It is almost like the firewall is freezing for a short period of time and stops passing all traffic on X0 and X1. This theory is further supported by the fact that PRTG Network Monitor sees a spike in traffic on the internal LAN (SNMP traffic monitor on Cisco 2960 switch). This would suggest that internal clients are trying to reach the SonicWALL IP Gateway and not getting a response. This causes a lot of ARP requests causing network traffic. I haven't taken the next step in port mirroring my X0/LAN port from my Cisco switch to the SonicWALL.
I did create a static ARP entry in the Sonicwall for my internal Cisco switch. However, this has not resolved the issue. I'm almost thinking this is a firmware or hardware related issue. I know my cables and modem are fine.
SysLog Drops
Amazing to see this. We just did the 5-port switch test I mentioned in my previous post for a client in Tobyhanna PA and it didn't fix ANYTHING. Monitored it overnight and like you said, periods of drops as described continued. Client has already complained this morning, more drops. We have a tech going on-site now who is going to try connecting directly to the 5-port switch in-front of the SonicWall, see if he pulls a random WAN IP, which usually gets handed out normally without the Blue Ridge / PTD MAC reservation nonsense. While he is connected, we hope, directly to the 5-port switch, we are going to be monitoring our pings…..if the office PCs drop, but he does not, then that all but confirms a SonicWALL issue. If they both drop, then I'm once more assuming ISP. Interestingly, in this case, the client has a second WAN connection coming off the Technicolor 4400-am Cable Modem going directly into a VOIP switch…no firewall. When they have the drops, their VOIP also goes to hell with connectivity and echoing….and again there is NO sonicwall in that VOIP path. Will keep updated here as we find out more.
Following up from my previous comment. We lucked out this morning with the ability to have a technician laptop connected directly to the cable modem. Due to the way the service was dropping, the client just closed the office for the day. So with cable modem and only a laptop connected, the pings still dropped as described above. We had two solid 10-20 second drops over an hour period. Got parent ISP on phone, PTD, which works with Blue Ridge, and they confirmed flapping / dropped packets from their NOC. Sent screenshots of packet loss on laptop and now simply waiting for escalation from our PTD tech who is going to be dealing with Blue Ridge directly. Ironically, the client main site in East Stroudsburg PA, on a PTD FIBER line had a full outage this morning for about 3 hours. Oddly coincidental. Regardless, we were told to put everything back, Cable Modem to SonicWall, and call it a day. At this point again, just waiting now.
Update here. I just had the Internet cut out. I immediately checked the logs and it showed an X1/WAN ARP timeout to the ISP Gateway IP. I was actively logged into the SonicWALL GUI at the time. The SonicWALL GUI was responsive and not locked up or frozen. By default, the ARP cache timeout is set to 10 minutes. If I had to guess, the ARP entry ages out of the table and fails to renew. Without a valid ARP entry, WAN traffic has nowhere to go.