Results 1 to 8 of 8
  1. #1
    Newbie
    Join Date
    Oct 2016
    Posts
    10

    Default Unexplained bandwidth between Untangle & Cloudflare

    Over the last week, I've noticed a decent jump in bandwidth usage (Normal usage is around 1gb/day and now is between 5-8gb/day). I have tracked this down to Untangle, itself receiving data in ~71Mb chunks every minute for several minutes, then repeats again at the top of the next hour. This normally starts around 8am and goes the rest of the day. The sessions are on 443 and come from a cloudflare IP address.

    -Wasn't sure if anyone else had seen this or not and had any clues what it might be. The issue is not so much the amount of data its using however the anomaly, itself. -For as long as I can remember, my usage has been steady, with few exceptions, all the sudden, untangle is pulling data and I am not sure how to go about evaluating it.

    I'm running Untangle in Addressed mode where nodes behind it are not NAT'd, but have public IPs and I am on version 16.3.2.20210603T121845.d3309eb6a9-1buster.

  2. #2
    Untangler sheck's Avatar
    Join Date
    May 2020
    Posts
    59

    Default

    Can you DM me your UID so we can take a look at whats happening? Also please send me the IP you are seeing these sessions to as well so we can investigate further.

  3. #3
    Newbie
    Join Date
    Oct 2016
    Posts
    10

    Default

    Sheck, I sent you a DM with my information.

    I created a new install in my home lab and restored my config to it. I was able to see the device go out to "database.clamav.net" and it appears to be doing this in one-hour intervals. I haven't seen this behavior before and am wondering if there's a misconfiguration on my untangle or some other error.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,387

    Default

    Quote Originally Posted by memphis1776 View Post
    Sheck, I sent you a DM with my information.

    I created a new install in my home lab and restored my config to it. I was able to see the device go out to "database.clamav.net" and it appears to be doing this in one-hour intervals. I haven't seen this behavior before and am wondering if there's a misconfiguration on my untangle or some other error.

    That's normal if you have AV Blocker Lite installed. It's getting AV definitions.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Oct 2016
    Posts
    10

    Default

    Does it make sense that it would be downloading 5-8gb of these definitions every day, though?

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,387

    Default

    Quote Originally Posted by memphis1776 View Post
    Does it make sense that it would be downloading 5-8gb of these definitions every day, though?
    Yes, if you're running an out of date Untangle with several known bugs. Please make sure you're on a current release. And that there is no other firewall between Untangle and the world preventing the download from completing.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Newbie
    Join Date
    Oct 2016
    Posts
    10

    Default

    This began happening on my instance before it was at the most-current version, but persisted after updating to 16.3.2.20210603T121845.d3309eb6a9-1buster. It also began immediately on a brand-new 16.3.2 install as soon as I restored the original device's config.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,387

    Default

    Quote Originally Posted by memphis1776 View Post
    This began happening on my instance before it was at the most-current version, but persisted after updating to 16.3.2.20210603T121845.d3309eb6a9-1buster. It also began immediately on a brand-new 16.3.2 install as soon as I restored the original device's config.
    Then you'll need to open a support case because that sounds like a bug.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2