Problem after firmware update on a USG flex 500
All Replies
-
Ok... will do. Will post results.
Thanks,
...Darryl0 -
Just an update... it's been three days without an outage since I made the changes you recommended. Thank you!!!
...Darryl0 -
Hello @Darryl,It's glad to hear good news. Thanks for @PeterUK suggestion. Let's monitor it for one more week.However, the diag-info shows the WAN connectivity check failed, resulting in the WAN interface was considered dead. To look into the root cause, we have to check the ping behavior, check if the device didn't accept the ping response from the target IP address, or anything else. Thank you.James0
-
Not able to pin point here but testing with no-ip.org and bounceme.net that have low TTL one odd thing was if I block DNS the last known ping IP's would still happen but at 30 seconds apart.
My setting was ICMP period 5 timeout 1 fail tolerance 2 with probe succeed any one
So next test @Darryl to try is to use DNS IP's by your ISP and see if that work.
0 -
@James, I'm not quite following you here when you say:
"To look into the root cause, we have to check the ping behavior, check if the device didn't accept the ping response from the target IP address, or anything else."
Which device? The FW? How would I do that... the logs roll pretty fast and furious when this happens, as connections can't be made outbound.
@PeterUK, One of the addresses I was trying to ping (not for the connectivity check, but when the event occurred, was the DNS IP address. Normal conditions: Minimum = 10ms, Maximum = 34ms, Average = 22ms pinging 75.75.75.75 just now. I also tried pinging my first DNS address of 9.9.9.9 and get these timing results (just now) Minimum = 9ms, Maximum = 38ms, Average = 25ms
Traceroute of the first shows:
Tracing route to cdns01.comcast.net [75.75.75.75]over a maximum of 30 hops:
1 1 ms <1 ms <1 ms 10.3.1.49 2 10 ms 12 ms 10 ms 96.120.28.69 3 10 ms 8 ms 9 ms 96.110.166.241 4 9 ms 9 ms 9 ms be-32-ar01.area4.il.chicago.comcast.net [68.85.176.73] 5 13 ms 13 ms 11 ms be-33-ar01.area4.il.chicago.comcast.net [68.85.177.85] 6 14 ms 19 ms 10 ms ae100-ur02-d.area4.il.chicago.comcast.net [68.87.210.6] 7 10 ms 11 ms 10 ms dns-sw02.area4.il.chicago.comcast.net [68.86.188.78] 8 10 ms 11 ms 8 ms cdns01.comcast.net [75.75.75.75]
Traceroute of the second shows:
Tracing route to dns9.quad9.net [9.9.9.9]over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.3.1.49 2 10 ms 11 ms 9 ms 96.120.28.69 3 10 ms 10 ms 10 ms 96.110.166.241 4 9 ms 9 ms 9 ms be-32-ar01.area4.il.chicago.comcast.net [68.85.176.73] 5 11 ms 11 ms 11 ms be-33-ar01.area4.il.chicago.comcast.net [68.85.177.85] 6 11 ms 11 ms 10 ms be-32241-cs04.350ecermak.il.ibone.comcast.net [96.110.40.61] 7 12 ms 11 ms 11 ms be-2404-pe04.350ecermak.il.ibone.comcast.net [96.110.37.46] 8 11 ms 11 ms 11 ms 66.208.216.62 9 11 ms 10 ms 10 ms dns9.quad9.net [9.9.9.9]
So one hop difference, similar times.
I use one DNS outside of my ISP incase their DNS fails (it's happened).
...Darryl
0 -
I read you used devanno.com and comcast.net for the connectivity check? So my idea was try IP's only not domain name in case its a DNS to get the IP to ping problem.0
-
Darryl said:@James, I'm not quite following you here when you say:
"To look into the root cause, we have to check the ping behavior, check if the device didn't accept the ping response from the target IP address, or anything else."
Which device? The FW? How would I do that... the logs roll pretty fast and furious when this happens, as connections can't be made outbound.0 -
@PeterUK Gotcha on both, thank you. It's been a long week. ;-) Right now I have the connection check turned off, per your prior suggestions. This weekend, when I'm going to be around I'll turn it back on using IP addresses as you suggest for said connectivity check. Thanks again for your help and support!!!
...Darryl0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight