TZ370 - Strange Behavior; traffic flow becomes inconsistent shortly after install
Good day everyone,
I've been seeming to have issues with the TZ370 units we've been deploying. Shortly after the initial setup, they seem to become unreliable - the WebUI being unreachable seems to be the 'canary in the coal mine', but traffic will end up slowing over time, DNS queries don't get forwarded to public servers...the thing basically becomes unusable, even before I start adding firewall rules or NAT policies or implementing security functions. The problem seems to be exacerbated the more people are on the network, but I am 100% sure it's not a network loop, or an issue with the switches - everything works fine when I switch out the router and make no other changes.
Sometimes it's minutes, sometimes it's hours. A reboot seems to clear it up for a while, but the problem seems to return. I've set the unit up as basic as possible - only defining a WAN and a LAN network with no other changes, same problem.
Ordinarily, I would try a firmware upgrade/downgrade, but there's only an RTM build of the firmware available in the MySonicwall portal.
Hopefully there's a button somewhere I'm missing. Until then, I appreciate whatever information can be provided.
Answers
Hi @PROSYSCON,
Thank you for visiting SonicWall Community.
If you are exhibiting the sluggish issue with firewall GUI and for traffic passing via the firewall with only LAN and WAN configured, try performing a factory reset of your TZ 370.
I have also verified on our end and confirmed that no such issues are reported so far. If still the issue persists, I would recommend you to open a support case with our support team and take necessary help on this matter.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Have they not released 7.0.0.906 for the 370 yet? The first releases of OS7 are buggy as hell. I'd wait to deploy with a new release if you can otherwise youre stuck.
Welcome to SonicOS7! Take a seat, the issue's are only beginning. This week I already had to take a TZ270 out of service for having too many similar issue's directly affecting the clients services.
Reach out to their support to see if they have a Hotfix firmware available. They sent me one that really helped out.
@TKWITS , the 906 release for the 370 is the initial release, and is the version on which I'm having the issues.
@Saravanan , it sounds like RobW has experienced similar issues to what I found. If you're able to point me in the direction of a hotfix firmware for the 370, I'd be most appreciative of not having to go through the support ticket rigamarole =).
Thanks!!
We rolled this out to a client and we're starting to find issues little by little.
In particular, we have a client with issues with the WiFi calling.
So, I went about following the instructions from Sonicwall: https://www.sonicwall.com/support/knowledge-base/unable-to-call-via-apple-wifi-calling/170505913456806/
I had to open a ticket to find out the new diag page, which FYI: https://<MGMT-IP>/sonicui/7/m/mgmt/settings/diag
However, now, the firewall will not accept the change made via the diag page.
We recommended this device to our client. When can we expect at least a Beta to address these issues. The device is still on the Initial Release despite all of these issues.
@DIBK , glad it's not just us.
So, the GA release of the 1262 firmware was released on my birthday...and I thought it was a birthday gift to me to have stable TZ370s!
But alas, there's zero consistency....
Client #1 has been perfectly fine on the RTM build. I'm not touching a blessed thing there.
Client #2 was having the issue, but I got a beta release in late March from support that solve their issue. Yay.
Client #3 was having the issue, and the issue was somewhat addressed with the beta build, but the RTM build seemed to stabilize their environment. Yay.
Client #4 continues to have the issue, despite the latest firmware, to the point where we put an old NSA220 in place just to keep their internet stable. Their TZ370 is sitting on my desk, waiting for support to parse my 'show run' command and see if there's anything they can see that would cause this.
Client #5 has their 370 on the side waiting for me to be comfortable with the results of client #4.
Client #6, #7 (a 270), and our internal TZ470 are all camping out in boxes, untouched, because I'm too scared to upgrade.
@Prosyscon I spend the whole evening setting up a site-to-site VPN from my NSA2650 that has more than 20 VPNs configured. So that is not my first ...
The partner is a fresh TZ370 with Fw 1262.
I have no action in the packet monitor, apparently the TZ370 does not respond to VPN.
Any experience with it?
I failed. now has to get a decommissioned tz300 back on the road so that the customer can work.
its now 1:13 am -- oh man...
--Thomas
so back on lab with the TZ300 opening VPN tunnel took 2 minutes. Firmware 6.5.4.7-83 Connected to the 2650 in the office.
Switched back on the TZ370 Firmware 1262. new try to get up the vpn . no connection possible.
Next i imported the TZ300 config to the TZ370 it seems very slow to manage but the tunnel is right up before i could log in to the management.
So what is this? a fresh , naked TZ370 not possible to set up a simpel side2side vpn.
Import the old config and it runs the same tunnel config !???
--Thomas , another night for tech...
@DIBK
My NSv270 SonicOSX 7.0.1-1219
also can not accept the change made via the diag page.
Same behavior like your SW-Diag.gif shown.
Can anyone confirm this is a known issue?
Has anyone been able to get a fix for this? The June 3 release 7.0.1-R1456 fixes the issue for some but not all. The only thing that is different with my client is they have Comcast internet. The firewall seems to work fine then bandwidth degrades from 500mbps to 12mbps then the gui disconnects etc, computers lose internet. This is very frustrating. Any assistance would be greatly appreciated.
I have a feeling there is a memory leak in OS7. We have a TZ570 that needs to be rebooted on an almost monthly schedule. SNMP reports the memory has gone up 3% week over week since the last reboot two weeks ago...
I have the VERY SAME ISSUE! I am on my second TZ 370 and has the same issue. I have been testing at my office with a spare ISP address I have available and it seems to run fine for just under 24 hours and then it locks up (also overheats).
I have this issue on two units (so far, as I have not rolled out the latest firmware elsewhere because of this), both of which I rolled back to the RTM firmware version. The problem is that one unit is at a client that fails their PCI scan for TLS1.1 with the RTM version even though all the ciphers are blocked and the setting to disable it is turned on in the diag page. I have been waiting to see if there is an update after seeing a post about a hotfix that resolved it and was hoping Sonicwall would deploy it to the public
I'm having the same issue, and it's now October. Hasn't there been a resolution yet?
We continue to see this monthly with our TZ470 as well,
We’ve updated the firmware several times over the last 6 months, and this happens pretty much monthly.
Symptom: Network throughput to internet slows to a crawl, and eventually fails altogether.
A hard reset fixes it.
Current FW is:
7.0.1-5080
Upgrade to a newer firmware. I dont remember which one fixed it, but its best to keep your firmware up to date.