Issue with LAN port falling off network

[Glessner]

I have a TZ190 that periodically (about once a day) will lose its connection to the local network. I have 5 VPN connections that go to this core site, and they all lose connection to the Terminal Server. All local LAN connections can still connect to the appropriate devices, but they can not access the internet. It seems like just communication from the LAN to the sonicwall (port X0)is being affected. We have moved the cable to a different switch. We have recieved an RMA from sonicwall and hand programmed the new TZ190 from scratch and it is still doing this. We are consistantly getting between 75% and 100% CPU utilization, but it only has about 200 connections which per sonicwall says that this thing should handle thousands. Has anyone ran into this before or have any suggestions on this. Thanks.

 

[joepc]

Well if the CPU is going that high then something is going on. With the CPU being that high too that is most likely your problem with the disconnects. What process is taking up most of the CPU cycles? I think the sonic all will shut off an interface if it thinks it's getting a dos attack????

Does the switch the sonicwall is connect to support stp? Maybe the switch is disabling the port?

Try using a packet capture too.

 

[Glessner]

We have moved the sonicwall from a cisco catalyst switch to a hp procurve switch. Same problem happens. the tnettask is the one that has the highest value, and sonicwall says that is the service that is associated with moving data across the network. I have 2 Tier 3 techs involved with this, and they can not explain why this is happening because the service doesnt seem to fail as it shows nothing in the console port. They are thinking something on the network is causing this, but when it goes down and I ping the sonicwall from the network and get no response, it shows 00-00 under the mac address when I do an arp command, so nothing is answering for the sonicwall. It just seems weird that the cpu would be that high when there isnt that many connections. Any other thoughts?

 

[joepc]

If it were me I would put a small 5 or 8 port "dumb" switch between the sonic wall and the cisco/hp switch. Next I would put a laptop or pc with a static ip also In the small switch. Then next time you loose access to the sonic wall,unplug the small switch from the cisco/hp switch. Then try and ping the sonic wall from the laptop/pc and see if you get response. If you do then you know it's something on your network.

If you don't get a response I would look into enabling port mirroring on the uplink port to the sonic wall and using wireshark to run a packet capture. Perhaps an internal virus or some type of outbound traffic is trying to escape via the gateway and just killing the sonic wall.

I would look into the high CPU issue too. See if the CPU drops if you disconnect the sonic wall from the network.

 

[Gizer]

Did you ever find a resolution to your issue? I am also experiencing the same issue, and it has been driving me nuts. Thanks.

 

[Glessner]

We had not figured out this issue. The only thing that we could come up with is that some services were failing in the unit to stop the LAN side of the router from functioning. We even had a new router from Sonicwall and it did the same thing. We have since lost this customer, and I believe their new company switched out the TZ190 and went with a larger model. Unfortunatly that is all I know.

 

[Gizer]

I was able to resolve the issue. The culprit was the Verizon Fios ARP Bug. Did you client using Verizon Fios as their ISP?

 

[Glessner]

No...they were using Comcast Business Cable and as a backup they had a bonded T1 connection. Unfortunatly I have no other information for this, so I am considering this matter closed. Thanks for all information and assistance.