#41  
Old April 9th, 2012, 08:03 AM
dbadave dbadave is offline
Senior Member
 
Join Date: Feb 2011
Posts: 390
Default

Yeah, setting up a Syslog server might be the right next step. I don't have one now because I haven't needed one and I have to carefully manage every machine with continuous network access due to aggregious audit requirements (so I can't just be setting up machines willy-nilly). When I can somehow get that 25th hour in a day, I'll spend some time buying/setting up a Syslog server so I can better troubleshoot this.

As for the correlation to signature updates, anecdotally I don't think so, but I really have no idea since I have to power-cycle to see the logs again (and then the old logs are purged).
Reply With Quote
  #42  
Old April 10th, 2012, 05:20 AM
MrFixit MrFixit is offline
Senior Member
 
Join Date: Jul 2010
Posts: 261
Default

dbadave,

To check for correlation set the updates to occur at a specific time of day. If the UTM locks up around that time then I guess you have correlation .

It seems (to me at least) that downloading signature updates is stressful for the UTM, particularly if memory usage is running high (>75%) - CPU goes to 100% often during the download. I work around this by having the IPS switched off, which reduces the memory footprint significantly, and have not had a lock up since (touch wood).

You may be able to run a SysLog server (software) on a (physical) server already available on your network. You can install one on most Linux distros. I use the one packaged with my QNAP storage box. I am sure they are available on Windows also.
Reply With Quote
  #43  
Old April 10th, 2012, 06:25 AM
adit's Avatar
adit adit is offline
Moderator
 
Join Date: Jan 2009
Location: USA
Posts: 3,033
Default

Kiwi Syslog is free, and for Windows. It'll work on a PC.
__________________
-
64bit SSL VPN How-To - LAN Subnets NOT to Use and SA Lifetime Guidelines

Support Pages - UTM - STM
-
FYI - I am a Reseller and not employed by Netgear
Reply With Quote
  #44  
Old April 10th, 2012, 09:03 AM
dbadave dbadave is offline
Senior Member
 
Join Date: Feb 2011
Posts: 390
Default

When I get some time, I'll setup Kiwi Syslog somewhere temporarily. Believe it or not, the audit requirements I'm saddled with require seperation of functionality on machine boundaries, so eventually I'll have to dedicate a whole machine to syslog, but I can rig something for the short term. Don't tell anyone
Reply With Quote
  #45  
Old April 11th, 2012, 12:50 AM
MrFixit MrFixit is offline
Senior Member
 
Join Date: Jul 2010
Posts: 261
Default

So you can't even use VMs for separation? Sheeesh!
Reply With Quote
  #46  
Old April 11th, 2012, 02:41 PM
dbadave dbadave is offline
Senior Member
 
Join Date: Feb 2011
Posts: 390
Default

I could use a VM, but then the host machine wouldn't be allowed to do anything but host VMs. The actual audit requirements are written a little broader than that, but tell that to the auditor who doesn't quite understand the technical language of the spec and you'll be in for some fun. Audits are fun.
Reply With Quote
  #47  
Old April 26th, 2012, 11:24 AM
jeepguy jeepguy is offline
Junior Member
 
Join Date: May 2011
Posts: 10
Default SSL VPN issues (UTM25 and UTM50)

I have been monitoring this post and I thought I'd put my experiences in as well. I have been experiencing the same issue with the SSL VPN causing the UTM box to become inaccessible for management or new SSL VPN connections. I have been steadily upgrading the firmware over time to hopefully fix this issue, but it still is a problem. There are no specific time of day correlations and I only have 2-3 SSL users connected at any specific time.

I am currently at 1.3.15-28 on both the UTM25 and UTM50 with the same issues others have reported. There really IS a problem with this. Like others within this thread, my users are becoming more frustrated when I am not available to HARD RESET the firewall to fix the problem.

I would strongly urge Netgear to review this so that this condition can be corrected. I am very pleased with everything else I've experienced with both the performance as well as the feature set. I just am disappointed that this issue has been continuing for a year or so without any fix.
Reply With Quote
  #48  
Old April 26th, 2012, 03:15 PM
dbadave dbadave is offline
Senior Member
 
Join Date: Feb 2011
Posts: 390
Default

jeepguy, I have something for you to try. I've been up for 20 days so far with more than usual SSL VPN usage, so I'm optimistic. It appears that somewhere along the line, a new SSL VPN client may have been included in the UTM firmware (without showing up in any release notes). I noticed it after upgrading to v1.3.15-28 and installing the client on a new laptop -- there was a different tray icon than before. Grasping at straws, I've since uninstalled the SSL VPN client from all of the existing machines and re-installed from the UTM. So far, so good (fingers crossed).

Maybe someone from Netgear or adit can verify that the client was indeed updated in a recent UTM firmware (containing more than just a new tray icon). Anyone?
Reply With Quote
  #49  
Old April 26th, 2012, 04:21 PM
adit's Avatar
adit adit is offline
Moderator
 
Join Date: Jan 2009
Location: USA
Posts: 3,033
Default

What does your system tray icon look like? Post a screenshot if you can.
__________________
-
64bit SSL VPN How-To - LAN Subnets NOT to Use and SA Lifetime Guidelines

Support Pages - UTM - STM
-
FYI - I am a Reseller and not employed by Netgear
Reply With Quote
  #50  
Old April 27th, 2012, 07:52 AM
jeepguy jeepguy is offline
Junior Member
 
Join Date: May 2011
Posts: 10
Default SSL Clients

Thanks, Dave! I am asking my remote VPN users to try the uninstall/reinstall procedure to see if the new SSL Client will change things. It is a bit frustrating that there are no change-log descriptions for the SSL clients nor are there any versions to reference.

I will let you know if this changes the stability of the VPN connectivity for me.

Can someone at Netgear look into the specific changes for the SSL clients in the 1.3.15-28 software? It would be comforting to know that the stability of the firewall was corrected with a client change. It would also be VERY helpful if there was a version number that was included with the status page for the SSL client tray icon.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 03:29 PM.