- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
5.6.5 Upgrade, sporadic ERR_CONNECTION_RESET with IPS enabled
Hi, I just upgraded a HA pair of 100D's from 5.2.13 to 5.6.5 and for some reason Im now sporadically getting "ERR_CONNECTION_RESET" browsers errors (chrome) on the initial inbound connections to various web servers (VIP) when I have IPS enabled (tried updating to the built in profiles post upgrade with same issue).
Once the site finally loads everything seems to work fine, it just appears to be the initial connection hangs up about 50% of the time. Any ideas? Im not sure if this an issue with the engine, or perhaps and issue with the IPS being offloaded to the slave unit?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello there,
you should have used the official upgrade path = 5.2.13 -> 5.4.9 -> 5.6.5.
If possible go back to 5.2.13 and then follow the upgrade path.
sudo apt-get-rekt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes this is the path I followed, you can't directly go to 5.6.5 from 5.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hmm what is the ips engine ver. number?
are you browsing through an ipsec tunnel?
sudo apt-get-rekt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
looks like:
IPS Attack Engine Version: 3.00532
AV Engine Version: 5.00361
I've confirmed it's the same on both units.
The issues occurs on INBOUND http/https connections from the WAN zone (via VIP), not outbound.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
witch utm features are enabled?
sudo apt-get-rekt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I think I may have figured out the issue. It appears that my original customized v5.2 IPS policy which was upgraded may have been causing issues. I created a new policy from scratch and applied it and now it seems to be much more robust and stable. I will continue to monitor. I do have an open ticket with TAC who has identified this same issue with prior builds, just not in 1600 (5.4.5). So I will continue to monitor.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nice to hear and thanks for the hint, i have to upgrade one of our older devices soon :)
sudo apt-get-rekt