Firewall stops connecting but still logs everything as ok

[Piloria]

Nokia IP350 3.5.1 FCS6
NG FP3 (HFA309 tried and removed)

Aprox 9am and sometimes at 1,3 and 5ish we have to reboot our firewall. it stops passing connections between out internal and external interfaces. the logs continue to log every as ok (accept) but no connection is passed.
a reboot clears the problem.

we have tried replacing the Nokia IP350 to eliminate the problem being hardware but the new box retains the same problem (clean install with nothing coming from old box)

The only other area we are currently focusing in on is that we use session authentication this has been removed (temp) to see if it clears the problem

if anyone else has any ideas help will be appreciated

 

[Piloria]

nope it wasnt session authentication.
traffic between internal interfaces still works (most of the time)
we know the problem isnt out internet connection

 

[BlueScr33n]

Having the same problem on an IP120. Every so often it'll just stop passing connections between internal and external interfaces - currently have a ticket open with Nokia now & will update when they find the cause.

 

[kmills]

Experienced the same problem when there were about 4000 connections. Running NG FP3 with SecurePlatform on a Compaq DL380 with the Management Server on a separate machine. Will be interested to hear the resolution.

 

[tkpsimon]

Hi blueScr33n,

have you got a reply from Nokia about your problem, i just experienced something exactly the same as you did this morning. I would really appreciate if you could give me some hint on what is going on with the Nokia.
Thanks in advance.

Simon

 

[Piloria]

nothing so far we replaced the Nokia with an NT box using an identical configuration (but on fp2) and it worked fine. we then split the firewall in 2 usinf the nokia for al internal network traffic and email and it runs fine no crashes. we use the nt box for web traffic to our web server. our next step is to use fp3 on NT as the single firewall. after this we can then go back and say it is fp3 on nokia that is the problem but until we have gone through this Nokia and CP wont acknowlage there is a problem.

 

[whostolemyhandle]

Seen the same problem on a Nokia IP440, not particularly high traffic. Suspecting the interface card, but that's a hunch.

 

[BlueScr33n]

tkpsimon:
Found out what was going wrong - turns out this was a licensing issue. The problem over here was that the number of seat licenses we purchased couldn't keep up with the number of users.....


...using the AOL client to connect to AOL to read their personal email. AOL, upon connection will assign a machine a second IP that connects to time.windows.com to (I'm assuming) keep track of the amount of time a user spends hooked up to AOL. This AOL assigned IP steals one of the seat licenses from the firewall each time someone conencts up (AOL doesn't assign the same AOL IP twice to the same machine) - so basically you'd need an infinite # of licenses to keep up with users connecting.

Solution here was to enable antispoofing on the internal port - it blocks all outgoing traffic that doesn't originate from our internal IP address scheme. AOL users CAN still connect to the service, but may not be able to browse web pages through the AOL browser.

That was the fix that worked here, best of luck to the rest of you.

- Bluescr33n

 

[Piloria]

After we upgraded to IPSO 3.7 B23 and HFA316 the problem seems to have dissapeared