Results 1 to 3 of 3
  1. #1
    Untangler
    Join Date
    Oct 2014
    Posts
    40

    Default Troubleshooting guidance

    Hi all,

    I have a really weird issue that I could do with some thoughts/guidance on how to troubleshoot.

    We have a client who has an Untangle as their gateway, with a private cloud connected up via IPSec tunnel. They have a wired LAN in the office, along with 2 x Datto wi-fi access points.
    It's all been very stable.

    In the last 3 weeks we've been having reports of wi-fi users losing connectivity at random. Their connection has an IP but can't reach the DNS server. The DNS server is in the private cloud. It seemingly 'fixes' itself after an undetermined time, but usually at least 5 minutes. It happens multiple times per day.

    We've been able to troubleshoot with a couple of users who also have a 4G connection and have established the following:

    - When a user loses their connection it's always when they are on the Wi-Fi SSID that is bridged to the main LAN (so they have a local LAN IP)
    - The user can ping local resources, and other devices on the physical LAN, but not the cloud services
    - Another user, also on the same Wi-Fi (and connected to the same access point) CAN ping the cloud services at the same time, along with the LAN devices

    The fact that 2 users on the same connection at the same time are getting different results makes me think it's got to be something happening at the Untangle, but I'm a bit lost at what to look for next. It's also tricky to troubleshoot as I have to get remote access with a user with multiple WAN connections and at the time when it's being odd.

    Any bright ideas?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,728

    Default

    I've seen case where the access point has a feature to check if it is online. Some apps (Threat Prevention and IPS) on NGFW could case issues with these features. Unifi access points have this feature and I turn it off. You could look at the reports to see if the access point or their controller is having blocked sessions.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,228

    Default

    It's not Untangle, it's Datto. I stopped supporting those WAPs for exactly this reason. They'd just stop at random... and then restart.

    But you should at least verify your WAPs are on reserved or static IP addresses, and then bypass anything sourced from their IPs on Untangle. Because JCoffin is right, several Untangle features will muck with the Datto networking gear phoning home to the control system, and if they cannot get home they stop routing Internet bound stuff. That's how they enforce their licensing.

    They're better than Meraki in this case, which simply stops everything. But what you're describing is very much a Datto WAP going into limited access mode due to a lack of licensing.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2