Sonicwall resetting connections (For no apparent reason)
If you read the document that Evan referenced in his post you'll see that one of the components that will issue a reset is in fact, a Cache Cleanup function related to expired connection timers. This is the "idle session" clean up that I'm referring to. That's my bet as to the cause of the problem.
Related videos on Youtube
Josh Brower
Information Security. SANS GSE #143. Course author of LearnOsquery.com. Lover of History & Coffee.
Updated on September 17, 2022Comments
-
Josh Brower over 1 year
We have a Sonicwall Pro 3060 that is transparently bridging traffic to the Internet and a VPN to another site. We are having connections being reset for no apparent reason. For instance, connecting Outlook to our Exchange server at the other site. Once every 2-3 minhutes on average, the connection is being reset, and Outlook looses connectivity. Through packet captures, I have confirmed that the Sonicwall is generating a reset packet, and sending it to the client, as if coming from the exchange server.
We have gone through everything we can think of, and have so far come up with nothing.
Any thoughts on why the sonicwall would be doing this?
Josh
-
Admin over 14 yearsHow are you determining from the packet captures that the Sonicwall is issuing the reset? Also, does the Sonicwall have an "idle session" timer that might be kicking in and sending the reset?
-
Admin over 14 yearsThe Sonicwall has a built in packet capture utility, which also says whether or not it was denied, consumed, forwarded, or generated. The reset packet was "generated."
-
Admin over 14 yearsOK, how about an idle session timer?
-
Admin over 14 years@ Womble: Yes, well, it is an EOL device, with no support contract, for a non-profit. In other words, no Sonicwall support. As for idle session timer, I am not seeing an option for it.
-
Admin over 14 yearsHow about a public user forum, have you looked for one? AFAIK, all firewalls have some mechanism for dealing with idle sessions, otherwise they'd eventually run out of resources (especially memory) to handle new and established sessions.
-