2 Replies Latest reply on Apr 20, 2018 2:48 PM by yredovich

    Port scan with 3140 seems to trigger a firewall lockdown

    james-in-ca New Member

      I switched providers today. New Fiber DATA and replaced VOIP phone service too.

      Part of the install was a new Switch and router on my side. The router is a 3140 which I bought a few years back preparing for this.

       

      Our IT vendor took the router and the new Netgear 52 port POE switch and configured it all in their lab. The 3140 is preforming our DHCP.

      Comcast came in, The 3140 is configured, The switch is configured, we ported our phone numbers, tested the Fiber and external IPs and all went well.

       

      Everything works(ed). However as we were testing internally we are having intermittent loss of connection internally.
      After much testing the Network Tech found that certain operations or network activity is triggering what he says appears to be the 3140 thinking it's facing an attack or a security issue and it shuts off access entirely. He can reproduce this by running a port scan, which we were running to check the ports I wanted forwarded.

      He runs a PING, starts a port scanner and the router immediately stops responding to pings.

      He is now looking for a way to dial that down or at least toggle it for now. What setting or feature might we be looking for? Or, is there some other action we should be taking?

      Thanks!

      James

        • Re: Port scan with 3140 seems to trigger a firewall lockdown
          james-in-ca New Member

          As a test and to just get things running well, we reinstalled the 3120 I had been using.
          No issues with that. It always ran well for me previously anyhow.

          Curious though if the 3140 would give me more bandwidth make better use of the speed. I do want to put it into service if possible if it makes any sense.

          • Re: Port scan with 3140 seems to trigger a firewall lockdown
            yredovich New Member

            Hi James,

             

            I don't have an answer for you, but I do have a 3140 that I port scanned on the LAN side using Angry IP Scanner. I can see the 3140's firewall wasn't too happy about zero byte connections, so a number of messages popped up on my CLI session while the port scan ran. I did not, however, ever lose the ability to ping or administer the 3140.

             

            About my setup

            NV3140, running R12.3.2

            Angry IP Scanner 3.3.3

                 Port range 1-1024

                 Default port connect timeout 20ms

                 Adapt timeout to ping - checked

                 Minimal adapted connection timeout 10ms

             

            Perhaps your 3140 is running out of firewall policy sessions or hitting max CPU during your port scanning. Check both by using "show ip policy-sessions peak" and "show proc cpu realtime" commands. If all looks good, I'd compare the configuration between your 3120 & 3140.

             

            Hope this helps,

            Yan