cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
james-in-ca
New Contributor III

Port scan with 3140 seems to trigger a firewall lockdown

I switched providers today. New Fiber DATA and replaced VOIP phone service too.

Part of the install was a new Switch and router on my side. The router is a 3140 which I bought a few years back preparing for this.

Our IT vendor took the router and the new Netgear 52 port POE switch and configured it all in their lab. The 3140 is preforming our DHCP.

Comcast came in, The 3140 is configured, The switch is configured, we ported our phone numbers, tested the Fiber and external IPs and all went well.

Everything works(ed). However as we were testing internally we are having intermittent loss of connection internally.
After much testing the Network Tech found that certain operations or network activity is triggering what he says appears to be the 3140 thinking it's facing an attack or a security issue and it shuts off access entirely. He can reproduce this by running a port scan, which we were running to check the ports I wanted forwarded.

He runs a PING, starts a port scanner and the router immediately stops responding to pings.

He is now looking for a way to dial that down or at least toggle it for now. What setting or feature might we be looking for? Or, is there some other action we should be taking?

Thanks!

James

Labels (1)
0 Kudos
2 Replies
james-in-ca
New Contributor III

Re: Port scan with 3140 seems to trigger a firewall lockdown

As a test and to just get things running well, we reinstalled the 3120 I had been using.
No issues with that. It always ran well for me previously anyhow.

Curious though if the 3140 would give me more bandwidth make better use of the speed. I do want to put it into service if possible if it makes any sense.

Anonymous
Not applicable

Re: Port scan with 3140 seems to trigger a firewall lockdown

Hi James,

I don't have an answer for you, but I do have a 3140 that I port scanned on the LAN side using Angry IP Scanner. I can see the 3140's firewall wasn't too happy about zero byte connections, so a number of messages popped up on my CLI session while the port scan ran. I did not, however, ever lose the ability to ping or administer the 3140.

About my setup

NV3140, running R12.3.2

Angry IP Scanner 3.3.3

     Port range 1-1024

     Default port connect timeout 20ms

     Adapt timeout to ping - checked

     Minimal adapted connection timeout 10ms

Perhaps your 3140 is running out of firewall policy sessions or hitting max CPU during your port scanning. Check both by using "show ip policy-sessions peak" and "show proc cpu realtime" commands. If all looks good, I'd compare the configuration between your 3120 & 3140.

Hope this helps,

Yan