Zywall VPN Down (high cpu / buffer ??)

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Hi
We have a zywall 70 on sdsl with 11 branch offices on ipsec vpn.
These have been up for 6 month without any trouble, the link is used
to host citrix app's.

From yesterday we experiment hard troubles on it.
Every 15-20 mn, vpn are down and we must reboot the zywall because it
freeze.
The cpu indicate high % usage.

Indications for diagnostique
- These troubles has begun after a 10 mns cut on the links by our
operator "for technical intervention on dslam"
- We have change the zywall (standard exchange) yesterday so the one
in use is brand new
- The conf has not been changed, and worked fine before.
- The number of vpn and traffic is the same...
- The cut in vpn seems to be linked with citrix activities : during
night, we did test of download on the vpn, and did'nt observe any
cuts.
- We have last zywall firmware

any suggestion will be apreciate.. can it be linked to operator
technichal modification on the link (mtu change ?) ? DDOS ? is there
knows buffer problems with zywall and citrix ?
(sory for my english)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

On 24 Jun 2004 05:06:49 -0700, mrique@hotmail.com (mrique) wrote:
>
>Hi
>We have a zywall 70 on sdsl with 11 branch offices on ipsec vpn.
>These have been up for 6 month without any trouble, the link is used
>to host citrix app's.
>
>From yesterday we experiment hard troubles on it.
>Every 15-20 mn, vpn are down and we must reboot the zywall because it
>freeze.
>The cpu indicate high % usage.
>
>Indications for diagnostique
>- These troubles has begun after a 10 mns cut on the links by our
>operator "for technical intervention on dslam"
>- We have change the zywall (standard exchange) yesterday so the one
>in use is brand new
>- The conf has not been changed, and worked fine before.
>- The number of vpn and traffic is the same...
>- The cut in vpn seems to be linked with citrix activities : during
>night, we did test of download on the vpn, and did'nt observe any
>cuts.
>- We have last zywall firmware
>
>any suggestion will be apreciate.. can it be linked to operator
>technichal modification on the link (mtu change ?) ? DDOS ? is there
>knows buffer problems with zywall and citrix ?
>(sory for my english)
>

Wow, that's a tough one.

Do you have the watchgod (CLI "sys wdog") feature enabled? If the
ZyWALL freezes, that feature will reboot it which is better then
freezing. Doesn't solve the main problem but it's a work around until
you diagnose the problem.

Also, leave a terminal connected to the console to capture any
possible debug messages. You might have to enable them, though (CLI
"sys errctl".)