Firewall blocking internet access sporadically

colm_c

In the office over the last few weeks we've noticed that our internet connection just drops for a few minutes and then works again five minutes later. This usually happens on a daily basis, but sometimes it will be a week without any issues. The entire office experiences the outage.

The LAN is all working fine during this outage - server/file/print access etc.

We have a firewall setup on the perimeter of the network and I can login to that and from it's diagnostics I can connect to external websites and DNS servers no problem during the outage. I don't see anything in particular in the logs.

Where should I start looking here to get to the bottom of it? Any tools that might help me determine a root cause?

The firewall is a sonicwall NSA 2400, and it's a relatively small office (20-30 people).

Cerco

Why do you say there is an Internet outage when you can log into external websites? Are you bypassing the firewall ?

What are the symptoms of the outage?

colm_c

Cerco wrote: »

Why do you say there is an Internet outage when you can log into external websites? Are you bypassing the firewall ?

What are the symptoms of the outage?

To be specific.

From my computer (on the LAN) I can't get internet access (browser, ping, ssh, nslookup etc.), but I can access the firewall control panel (from the LAN) which has a diagnostics section where you can ping and do DNS lookup on the public internet, all of which works ok.

So I'm thinking that since the firewall can get to the internet, but I can't, there must be something on the firewall blocking internet access albeit temporarily.

gctest50

overheating maybe ? been warmer these last few weeks

& it has fans on the back to hoover up all the dust it can

colm_c

gctest50 wrote: »

overheating maybe ? been warmer these last few weeks

& it has fans on the back to hoover up all the dust it can

Unlikely, it's in an air-conditioned comms room, but will check it out.

wandererz

For a bit of clarity:

- When the problem occurs and you cannot ping/ssh/nslookup etc.; are you trying these connections via IP address or URL/name?
- If they respond to a ping via IP but not via name then it would lean towards a DNS problem.

When the problem re-occurs, try pinging googles servers:
173.194.116.184
173.194.116.191
173.194.116.175
173.194.116.183

If that's OK but cannot ping www.google.ie then would suggest to an internal DNS problem.

Also, check if your PC is using the same DNS server as the firewall is using.
>nslookup
>server <DNS SERVER IP ADDRESS that your FW is using>

Then ping via url name and see if that works. (assuming of course that the firewall rules allow outbound DNS).


And please excuse me if i'm providing a basic response, but without more concise info that would be a starting point.

colm_c

wandererz wrote: »

For a bit of clarity:

- When the problem occurs and you cannot ping/ssh/nslookup etc.; are you trying these connections via IP address or URL/name?
- If they respond to a ping via IP but not via name then it would lean towards a DNS problem.

When the problem re-occurs, try pinging googles servers:
173.194.116.184
173.194.116.191
173.194.116.175
173.194.116.183

If that's OK but cannot ping www.google.ie then would suggest to an internal DNS problem.

Also, check if your PC is using the same DNS server as the firewall is using.
>nslookup
>server <DNS SERVER IP ADDRESS that your FW is using>

Then ping via url name and see if that works. (assuming of course that the firewall rules allow outbound DNS).


And please excuse me if i'm providing a basic response, but without more concise info that would be a starting point.

Happened again this morning after not happening for almost a week.

nslookup -- timed out
ping -- timed out

Noticed an invalid DNS server in the DHCP client config which I've removed, don't think that's the cause but worth removing just to be sure.

Cuddlesworth

I'd start with upgrading the firmware on the firewall.

Bog Standard User

Cuddlesworth wrote: »

I'd start with upgrading the firmware on the firewall.

yeah sounds like buggy firmware or a bad cert verification problem where the firewall invalidates all certs on websites

check for a firmware update