NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

JorisN's avatar
JorisN
Initiate
Mar 21, 2017

SRX5308 dhcp & login problems

Our company has 6 sites, each with a SRX5308 firewall and VPN connections between them.

These firewalls also have dhcp enabled since there is only 1 site that has a windows server, this is our main site which is the largest (~80 users).

 

Last week we started having problems with the firewall in the main site...

It stopped handing out new IP-adresses, and it won't let me login to the management console.

However it is still routing internet traffic for the clients that already had an IP and the VPN connections between the sites remain active, though they seem to be a bit unstable.

 

It's running the latest version of the firmware (4.3.4-2)

I've tried restarting it several times by turning it off and back on, but they problem remains. (web-interface won't load so I can't login, telnet won't work either)

 

Is there anything I can try besides doing a factory reset and configuring all the settings again?

 

The other firewalls are still running an older version of the firmware ( 3.0.7-29) and they are not having any problems...

Should I downgrade the firmware of the affected firewall?

 

 

Troubleshooting

4 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Mar 22, 2017

    Hi JorisN,

     

    You may try to downgrade the firmware of the SRX5308 of the main site to v4.3.4-1.  Be sure to perform a factory reset after downgrading the firmware then reconfigure it from scratch.  Check if same problem occurs.

     

    You can download firmware v4.3.4-1 here

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

  • SamirD's avatar
    SamirD
    Prodigy
    Mar 25, 2017
    JorisN wrote:

    Our company has 6 sites, each with a SRX5308 firewall and VPN connections between them.

    These firewalls also have dhcp enabled since there is only 1 site that has a windows server, this is our main site which is the largest (~80 users).

     

    Last week we started having problems with the firewall in the main site...

    It stopped handing out new IP-adresses, and it won't let me login to the management console.

    However it is still routing internet traffic for the clients that already had an IP and the VPN connections between the sites remain active, though they seem to be a bit unstable.

     

    It's running the latest version of the firmware (4.3.4-2)

    I've tried restarting it several times by turning it off and back on, but they problem remains. (web-interface won't load so I can't login, telnet won't work either)

     

    Is there anything I can try besides doing a factory reset and configuring all the settings again?

     

    The other firewalls are still running an older version of the firmware ( 3.0.7-29) and they are not having any problems...

    Should I downgrade the firmware of the affected firewall?

     

     

    I wouldn't touch the srx until you find out if any changes have been made by the isp at that location.  If nothing has changed on your network and something like this happens, generally the problem is outside your network.

    • JorisN's avatar
      JorisN
      Initiate
      Mar 26, 2017

      No changes have been made to the ISP or internet connection.

       

       I already did a factory reset of the firewall last week, and reconfigured it from scratch, but the next day the problem occured again. Still have to try downgrading the firmware to see if this helps.

       

      In the log there's also a bunch of error messages like the ones below:

       

      Thu Mar 23 15:25:13 2017((GMT)) [SRX5308][Kernel][KERNEL] ERROR: miiSwitchRegisterRead: Timeout at page 0x1 addr 0x0
Thu Mar 23 15:24:21 2017((GMT)) [SRX5308][Kernel][KERNEL] ERROR: miiSwitchRegisterRead: Timeout at page 0x1 addr 0x0
Thu Mar 23 15:22:19 2017((GMT)) [SRX5308][Kernel][KERNEL] ERROR: miiSwitchRegisterRead: Timeout at page 0x1 addr 0x0
Thu Mar 23 15:22:13 2017((GMT)) [SRX5308][Kernel][KERNEL] ERROR: miiSwitchRegisterRead: Timeout at page 0x1 addr 0x0
Thu Mar 23 15:20:57 2017((GMT)) [SRX5308][Kernel][KERNEL] ERROR: miiSwitchRegisterRead: Timeout at page 0x1 addr 0x0
Thu Mar 23 15:20:12 2017((GMT)) [SRX5308][Kernel][KERNEL] [key_add:6082]: time(secs): 1490282354 inconsistent SA detected, Access denied for outbound SA for peer: 0x988d77ee

       

      I've also found this thread where someone suggests it's because of heavy load (maxed out traffic)

      I guess that's the case for us too. Maybe it's time to look for a new firewall with higher throughput...

       

       

      • SamirD's avatar
        SamirD
        Prodigy
        Mar 27, 2017

        The log messages here could possibly indicate a hardware issue as well.  I'd try the firmware downgrade and then get in touch with netgear support as these have lifetime support and warranty afaik.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More