FVS336GV3 Services Have Dropped (HTTPS admin interface, DHCP)
We have a FVS336Gv3 at work.
We have been having a very hard time getting people's devices connected over wifi as well as a hard line. It may take 5 minutes to acquire an IP, or as long as half an hour or several hours. Basically, people can't do work from the office sometimes.
We use the built-in DHCP server, and recently expanded the top of our DHCP IP range from 10.10.0.255 to 10.10.1.255 (please forgive me if I'm off by one). Today I resorted to going around and setting static IPs on people's laptops just so that they could work.
We're an 80-seat office, which means that on top of network devices, printers, and smart TVs, if each chairr has wifi, eth0, a phone and another device, we'll have ~350 devices connected.
I've noticed that sometimes the admin interface won't load at all. If the login page doesn't time out, it won't always get past authentication. It almost seems like the device can't handle the traffic.
Packet captures using Wireshark show that devices send multiple DCHP Discover requests and Request requests repeatedly.
I copied the config over to a brand new identical FBS336v3 last night, and made sure that the firmware was upgraded, so I know that the issue is not limited to just that one piece of hardware.
Are we maxing-out this firewall/router? Is there another reason that this device would have terrible response times for HTTPS and DHCP requests? Does this sound like something in the confg. is jacked up?
Model: FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
Re: FVS336GV3 Services Have Dropped (HTTPS admin interface, DHCP)
Hey,
More likely to be the config or your network I'd say. What is the lease time set to? 24 hours? (default).
That you see clients making several requests may be an indication that the DHCP pool is exhausted... Do you have a lot of people coming and going? If so you might want to lower the lease time to make sure people aren't holding on to IPs when they are no longer there. Do you have any WiFi setup that's unprotected (a guest network or so?).
350 is quite a lot, if the FVS336Gv3 would be enough depends a lot on what the clients are actually doing.
When you can't access the GUI, can you telnet to the unit?
Re: FVS336GV3 Services Have Dropped (HTTPS admin interface, DHCP)
Thanks, @Danthem, for your pointers. We already had the lease time reduced to 12 hours, and our wifi networks are protected.
Telnet, but it was almost as slow as HTTP(S), so I'm guessing it was simply too much traffic to the device overall, which resulted in a self-inflicted DoS.
I had another demo device collecting dust at home that had higher throughput (200Mbps vs. 60) and offered more connections (30K instead of 10K), so I configured it and installed it overnight.
Perhaps I should get started working on an app. that surveys actual network traffic and tells you which devices can support your traffic load 😉
