NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connections too
I saw a simlar posting from 6/2015 that was not answered and closed "due to inactivity". I have (5) SRX5308 and they all exibit the same issue. In some cases I have RIP protocol enabled and in others I am using the SRX5308 as a standard firewall with a cable modem uplink. Sporatically and completely random and apparently the higher the firmweare version the more often it happens, the router becomes completely non-responsive for 2-12 seconds, and in most cases VPN connections if any are dropped. Weirdly enough, earlier firmware versions may have had entries in the logs about an exception with register values but newer firmware has absolutely nothing in the logs. I replaced the router with a Cisco 1841 router and the problem goes away compltely but obviously my netgear clients cant VPN in. Does not appear to be volume related either as it happens when the traffic is very low as well as when its averaging 20-30 Mbps. I opened a case with netgear but so far they havent any ideas and suggested it could be a device on the network causing a problem. I agree, its the netgear on the network thats causing the porblem. I like the firewall, especially its VPN thougthput but the constant hang even with its short duration prevents me from keeping this device on the network. Any suggestions? and since I suspect many of you will immediately start asking see the notes below:
- Currently running firmware: 4.3.4-2, also tried 4.3.3-6, 4.3.3-5, and I beleive an earlier one that came on the router when I bought it.
- 3 routers have VPN configured between them and one is completely stand alone (the one running RIP is stand alone at anothe location)
- The 3 with VPN are setup with NAT and the RIP is setup "Classical routing"
- All are configured for IPv4 only
- One of the 3 with VPN and NAT has a cable modem on WAN 1 and is configured for failover to DSL on WAN 2, the non-resposiveness still impacts WAN and LAN ports
- The NAT routers have public WAN IP's and private LAN IP's, the RIP one has public WAN and public LAN ip's.
- None have DMZ's configured
- The NAT has firewall rules for specific ports from WAN to LAN, no restrictions on outbound, the RIP router has no rules, all in and out permited, working as a router not a firewall.
- All have "respond to pings on internet ports" enabled
- All have "enable stealth mode"
- None have any blocking enabled (UDP or TCP flood)
- They all have VPN pasthrough checked
- None have session limits or throughput/bandwidth limits set
- None have content filtering enabled
- None have DHCP server enabled
Hope that eliminates most initial questions...
12 Replies
Hi dajohnso,
Welcome to the community! :)
I believe the online case you have with NETGEAR Support is going to be escalated to the engineering team. The engineering team will do further investigation as to why the issue occurs on not just one but five SRX5308.
I suggest you to keep us posted here on the community about the updates coming from the engineering team in order for the benefit of other community members who might be experiencing the same issue.
Regards,
DaneA
NETGEAR Community TeamAs an update, just so were all clear its not the local network or the WAN, I have replaced one SRX5308 with a cisco 1841 and it has had literally 0 packets lost in 4 days.
Also, please look into what the router does if many, many hackers are trying to login to the router remotely? The SRX5308 had nothing in the log files but the Cisco logging did indicate a large number of failed login attempts from the wan port. Is it possible the SRX5308 locks up for a few seconds on too many login failures? Can you turn off login on the wan ports all together? (i.e. add a check box, ingrore all telnet/ssh/rlogin attempts to the routers IP (unless its in NAT mode and there is port forwarding on these ports to another computer or DMZ)
Hi,
this kind of problem is a common one. There are several posts about srx5308 hanging without logging anything.
Some post is two years old.
I expected a more professional approach by the technical support.
I had to throw away the Srx, because of dropping vpn randomly to my customers, hanging for about 12 seconds.
Yes, one of my biggest concerns is the lack of logging. Obviously there is an issue since it impacts all my SRX5308's no matter how they are configured. I suspect this is a bigger issue but most people dont notice or undertsand that there is a significant packet loss going on. I am continuing to investigate but for some of my locations, like you, I have had to take the SRX5308 out because it was dropping VPN users and had noticable packet loss to all users.
I just want to follow-up on this. Are there any updates from the online case you have with NETGEAR Support about your concern?
Regards,
DaneA
NETGEAR Community TeamNo, apparently they are waiting on me to do thier work. They want me to turn on a sniffer and packet logging. They want me to enable a syslog server because the router logs are empty. I dont have time for that, I just took it out and put in a cisco 1841 router and the problem went away (completely, not a droppedpacket in 10 days 22 hrs). I really like the SRX5308 in general but I cant use it if its going to drop my connections so often. The problem got worse with every new firmware I installed. Although the duration of the "lockup" got shorter and was typically down to about 5 seconds the outages were occring a few times an hour. I still have a few SRX5308 in production that are having the same issue and if I find the time will try to get a sniffer on it but its not going to be soon. Thier dropped packets arent causing a lot of greif right now because they are going un-noticed by the customer.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
