0

We have a Sonicwall Pro 3060 that is transparently bridging traffic to the Internet and a VPN to another site. We are having connections being reset for no apparent reason. For instance, connecting Outlook to our Exchange server at the other site. Once every 2-3 minhutes on average, the connection is being reset, and Outlook looses connectivity. Through packet captures, I have confirmed that the Sonicwall is generating a reset packet, and sending it to the client, as if coming from the exchange server.

We have gone through everything we can think of, and have so far come up with nothing.

Any thoughts on why the sonicwall would be doing this?

Josh

Josh Brower
  • 1,659
  • 3
  • 18
  • 29
  • How are you determining from the packet captures that the Sonicwall is issuing the reset? Also, does the Sonicwall have an "idle session" timer that might be kicking in and sending the reset? – joeqwerty Jan 07 '10 at 00:36
  • The Sonicwall has a built in packet capture utility, which also says whether or not it was denied, consumed, forwarded, or generated. The reset packet was "generated." – Josh Brower Jan 07 '10 at 00:39
  • 1
    Talk to Sonicwall support. – womble Jan 07 '10 at 00:47
  • OK, how about an idle session timer? – joeqwerty Jan 07 '10 at 00:48
  • @ Womble: Yes, well, it is an EOL device, with no support contract, for a non-profit. In other words, no Sonicwall support. As for idle session timer, I am not seeing an option for it. – Josh Brower Jan 07 '10 at 01:09
  • How about a public user forum, have you looked for one? AFAIK, all firewalls have some mechanism for dealing with idle sessions, otherwise they'd eventually run out of resources (especially memory) to handle new and established sessions. – joeqwerty Jan 07 '10 at 01:35

2 Answers2

0

Apparently SonicOS can embed "reason codes" into TCP RST packets. You might look at this doc and compare it to what you're seeing in your packet captures.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
0

If you read the document that Evan referenced in his post you'll see that one of the components that will issue a reset is in fact, a Cache Cleanup function related to expired connection timers. This is the "idle session" clean up that I'm referring to. That's my bet as to the cause of the problem.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • This would also be my best guess, but we could never figure it out; so we moved the VPN up to the router, and it fixed it. – Josh Brower Jan 12 '10 at 13:13