I have 3 subnets. the largest one looses packets when going tru the Untangle gateway.
Is there a limit to the amount of simultaneous connections to the Untangle gateway? the other 2 subnets are A OK .

From my personal opinion, I think, SIZE DOES MATTER.

At least with the current 5.0.2 version of Untangle. I was having some "issues" due to the fact that one of my firewalls doing NAT was generating a lot of traffic going from the internal network to the outside via the Untangle bridge and it was the Attack Blocker.

Why don't you give it a try disabling the attack blocker:

To Disable your AttackBlocker.

modify your untangle-vm configuration file under /etc/default/
and make sure you have a line that says:

UVM_ARGS="-Dargon.shield.enabled=false"

then do a /etc/init.d/untangle-vm restart

you will see a 1 or 2 seconds hiccup on your internet connection, but that's it.

juank...thanks!

olumt ... WELCOME! I just responded via email to your support request, but in case you look here first, here it is!

Your large subnet and your specific network topology are likely causing our attack blocker to limit throughput on the one subnet while allowing the other two to function normally. It is seeing the significantly higher traffic volume as a denial of service attack and limiting based on that. The Attack Blocker event log will display IP addresses that are being limited, and show you a "reputation" score. That score is how one machine compares to another in terms of throughput demands. By entering those addresses as exceptions, they will no longer be considered as a potential threat and traffic should pass normally.

MDH,

Please excuse me for adding my 2 cents here, but putting those IP numbers in the exception list under the Attack Blocker is NOT going to fix the problem.

We did that, and keeping an eye on the event log, we saw that even though the IP was in the exception list, the Attack Blocker was indeed dropping packages.

Richie said "it will be fixed in the new release" so I guess it's some kind of "bug".

So, dear olumt, if you add the IPs to the exception list and you continue having problems, give my recommendation a try, you won't be disappointed.

Thanks

juank,

You MAY be right, but it pays to see if the recommended way works first. Your method could (in worst case) leave a user vulnerable to a true DOS attack, and its also possible that it may be the best way to handle it. I think a measured response is better. Just my opinion!

MDH,

I totally agree, as I said, try the Exception list first. ;)