Resinstall Premium

[JeffVCS]

Any gotchas that I should be aware of if I were to do a reinstall of a Premium install of Untangle?

I've been having trouble with the UT Box in the form of slowdowns. A reboot fixes the issue, but within 24 to 48 hours the connect speed slows to a crawl again.

I know the issue lies somewhere within the UT box.

[dmorris]

http://wiki.untangle.com/index.php/A_Reboot_Fixed_It

[JeffVCS]

Touché.



However, I didn't expect a reboot to "fix" the issue, I actually did the reboots to run a series of diagnostics on the hardware, which turned out fine.

The upside of that was after the reboot the problem subsides for awhile, a bandaid if you will.

So I'm going with the theory that there's a software issue and I'm going to blow away the box and reinstall.

[dmorris]

relevant part:

First, classify the problem very specifically. The problem isn't that "My computer doesn't work" or "The internet is down." What specifically isn't working? Second, collect as much relevent information as you can and then some. Often "irrelevent" information is quite relevent as the core cause is not always where one expects. Finally, Troubleshoot the issue. If you are unsure how to troubleshoot the issue - DO NOT REBOOT. If you want to fix the issue go find someone who can help you and describe the problem very specifically and give them your gathered information. If you do reboot, you've erased all the symptoms and made finding the problem much more difficult.

[JeffVCS]

Internet speed is horribly slow to non-existant. We bundle 2 Internet connections, both of which work just fine when not run through the UT box.

The setup has been working fine for weeks, then starting Wednesday of last week, with no changes made to any settings, this problem started.

Which is why I rebooted to test hardware, because it's always been suspect to me. Server is cobbled together from parts.

Also, there have been issues with updates getting stuck or not installing properly.

[sky-knight]

Open the Untangle UI, check the attack blocker, sort by reputation score, and make note of any machines with reputation over 100 points. These machines are likely infected.

Another thing to try, get on Untangle's physical console and try the internet from there while things are "slow". If the internet performs properly you're experiencing a DOS from your LAN that's taking down your local connection. This happens VERY frequently in my experience with Untangle, it only takes 1 or 2 badly configured torrent clients to cause this. Dell and HP workstations are SHIPPING with bad torrent clients on them... no end to frustration there.

A reinstall isn't likely to help, it'll just come right back under load. The key with managing any UTM is to isolate the cause of the load.

[JeffVCS]

Open the Untangle UI, check the attack blocker, sort by reputation score, and make note of any machines with reputation over 100 points. These machines are likely infected.

Hmm...I have to go 5 pages deep to get to a machine that's under a score of 100when I sort lowest to highest score, and they start around 4-11...interesting. I'll have to track down which machines these IPs tie to. I'm hoping student PCs, I haven't been seeing any virus problems from my AV console.

Another thing to try, get on Untangle's physical console and try the internet from there while things are "slow". If the internet performs properly you're experiencing a DOS from your LAN that's taking down your local connection. This happens VERY frequently in my experience with Untangle, it only takes 1 or 2 badly configured torrent clients to cause this. Dell and HP workstations are SHIPPING with bad torrent clients on them... no end to frustration there.

Interesting thought on the torrents. On PCs I manage there are no torrent clients, but we do allow students to bring their PCs and they connect on a guest net. I have seen penalty box hits on torrents on bandwidth control, I posted about that a few weeks ago, but since then, none.

The part that was totally confusing me and leading me to the hardware side is that we're actually using less bandwidth now. We're in standardized testing, so students aren't using school PCs, except for a few small labs, 80-90ish PC as opposed to the 200 we normally have going at peak times.

[sky-knight]

Are the student laptops on thier own IP range segmented from school equipment? If so, you may consider moving them to their own Untangle interface. That will prevent them from DOS'ing "Internal" off the network.

Of course, I'm operating under the assumption that that is indeed what is going on. I've seen several Untangle servers over time that appear to "crash" but when accessed via remote admin over my cellular link work fine. That's a dead giveaway that Internal is simply running out of steam.

[JeffVCS]

Everything on the student/guest net is seperated on it's own VLAN and both VLANs are brought together on a core switch, then funneled into the gateway. It isn't on it's own interface, but that's not a bad idea.

The max amount of devices on the interface would be 230 school owned devices, plus up to...100(?) student devices (Laptops, iPads, iPods, etc...) so I'd guess that the interface isn't being overloaded, but who knows.

I've actually got a lot of work to do this summer to better segment the network, I was hired on right before the start of the school year, and things were a mess...and sort of still are.

On the physical console idea from before, I did notice that if I used the browser on the console while speeds were slow it worked fine, so I'll have to really examine things that might have changed network-wise around Wednesday of last week to see if I can figure out the issue.