Hello hive mind,
Recently migrated over an NSA from a SonicWALL NSA 2600 to a Fortigate 300E. Migration went well, but an issue has cropped up in the past few days.
The SonicWALL (and now, Fortigate) has a bunch of IPSec VPN tunnels that all point to a windows server located on one of the subnets behind the NSA. Each tunnel has a separate virtual IP NATed to the internal IP of that server. These tunnels have a super specific purpose to send/recieve really small amounts of data to an EMR system and they have extremely low usage at any moment. They're all working, but the most data I've seen go through any of them in a single day is 100kb max. Not 100kb/s, 100kb over the course of a 24 hour period.
Here's where the issue starts - since the migration, the server those tunnels point to regularly grinds to a halt throughout the day. Normally I'd be suspicious but literally no other servers in the environment are experiencing this, and it just so happens to be the one with all of these NAT IPs that the tunnels all point back to. I've run packet captures on these tunnels and there isn't really a whole lot going on at any moment yet the server grinds to a halt with all resources maxed out about 3-4 times a day. I've changed the SSL inspection rules and checked DPI but can anyone think of something that could be causing this? I did a brief experiment and putting the old SonicWALL back in cleared up the issue. I've checked the MTU size and made sure the tunnels are 1-1 and still no dice. Any tips you guys/girls can share would be greatly appreciated!
No comments:
Post a Comment