RE: [SonicWALL]- Intro & question

[johndean]

Title: Intro & question

I had exactly the same problems with my Pro-VX.  Sonicwall ended up sending me a new Pro-300 to replace it.  Then the Pro-300 started having similar issues.  Yesterday they gave me a new firmware to address some of the issues (6.3.1.2), but since I only upgraded it this morning again I have yet to see if it works long term.    My only fix with the Pro-300 going crazy was to revert back to 6.2.0.0.  But with so many users running XP and using VPN, it wasn't a solution because only 6.3.1.0 supported the new version 8 VPN client that you need if you run XP.  I'm crossing my fingers, but meanwhile have ordered a new Watchguard 2500 to replace the sonicwall - it's just been too unstable to trust for my business anymore.   Some things with the Pro-VX that have helped me, and some others - don't leave the ports on the firewall set to autodetect.  Hard code them for your switches' speed.  Mine are all 100MB half duplex.  That seemed to help mine some, and a few others.  Also, I'd avoid the 6.3.1.0 firmware and stay at the 6.2.0.0 until they officially release a successor to 6.3.1.0.   Good luck!   John     -----Original Message----- From: Colin Irwin [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 19, 2002 10:36 AM To: [EMAIL PROTECTED] Subject: [SonicWALL]- Intro & question   Hi there, I'm the Managing Director of a web solutions and hosting company in the UK. We have 2 x Sonicwall Pro VX. Until recently we had only one running on the 6.2.0.0 firmware - the other was boxed up as we had not yet got round to setting up High Availability. A few weeks ago we upgraded to the latest firmware and have been having nightmares ever since. The Pro VX kept restarting itself or locking completely. Looking around Usenet we saw no messages that suggested this was a common problem with the new firmware and so we decided our first option would be to set up the 2 Pro VXs as a High Availability pair to offer better resiliency. The results of this were mixed. The HA pair worked fine, with the Secondary kicking in after 10s and relinquishing control back to the Primary when it came back online. However, one of our server stacks on the DMZ became invisible on the net when the secondary firewall was active. I believe this is because the IP/MAC addresses associated with the firewall were stuck in caches in switches, hubs and NICs and the servers were looking for IP/MAC1 and seeing IP/MAC2 (IYSWIM). At present we have rolled back to the 6.2.0.0 firmware on a single firewall and (touch wood) things are stable again. Before we set up HA again I would like input as to whether my diagnosis of the problem is correct and what we should be doing to ensure the failover process works smoothly in future. The servers are 2 pairs of load balancing Win2k Servers that all go through the same hub and then on to another hub on the way to the DMZ port of the Pro VX. Cheers, Colin --- CONFIDENTIAL NOTICE This communication contains information that is confidential and may also be privileged. The information in this message is intended for the addressee only unless explicitly stated. If you have received this message in error it must be deleted and the sender notified. Please note that any distribution, copying or use of this communication or the information in it is strictly prohibited unless explicitly stated. Emails sent to or received from Spex Internet Limited may be intercepted and read by the system administrator. Interception will only occur to ensure compliance policies, procedures or regulatory obligations, to prevent or deter crime, or for the purposes of essential maintenance or support of the email system.