Orbi WiFi 7 RBE973
Reply

SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connections too

dajohnso
Aspirant

SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connections too

I saw a simlar posting from 6/2015 that was not answered and closed "due to inactivity". I have (5) SRX5308 and they all exibit the same issue. In some cases I have RIP protocol enabled and in others I am using the SRX5308 as a standard firewall with a cable modem uplink. Sporatically and completely random and apparently the higher the firmweare version the more often it happens, the router becomes completely non-responsive for 2-12 seconds, and in most cases VPN connections if any are dropped. Weirdly enough, earlier firmware versions may have had entries in the logs about an exception with register values  but newer firmware has absolutely nothing in the logs. I replaced the router with a Cisco 1841 router and the problem goes away compltely but obviously my netgear clients cant VPN in. Does not appear to be volume related either as it happens when the traffic is very low as well as when its averaging 20-30 Mbps. I opened a case with netgear but so far they havent any ideas and suggested it could be a device on the network causing a problem. I agree, its the netgear on the network thats causing the porblem. I like the firewall, especially its VPN thougthput but the constant hang even with its short duration prevents me from keeping this device on the network. Any suggestions? and since I suspect many of you will immediately start asking see the notes below:

 

  • Currently running firmware: 4.3.4-2, also tried 4.3.3-6, 4.3.3-5, and I beleive an earlier one that came on the router when I bought it.
  • 3 routers have VPN configured between them and one is completely stand alone (the one running RIP is stand alone at anothe location)
  • The 3 with VPN are setup with NAT and the RIP is setup "Classical routing"
  • All are configured for IPv4 only
  • One of the 3 with VPN and NAT has a cable modem on WAN 1 and is configured for failover to DSL on WAN 2, the non-resposiveness still impacts WAN and LAN ports
  • The NAT routers have public WAN IP's and private LAN IP's, the RIP one has public WAN and public LAN ip's.
  • None have DMZ's configured
  • The NAT has firewall rules for specific ports from WAN to LAN, no restrictions on outbound, the RIP router has no rules, all in and out permited, working as a router not a firewall.
  • All have "respond to pings on internet ports" enabled
  • All have "enable stealth mode"
  • None have any blocking enabled (UDP or TCP flood)
  • They all have VPN pasthrough checked
  • None have session limits or throughput/bandwidth limits set
  • None have content filtering enabled
  • None have DHCP server enabled

Hope that eliminates most initial questions...

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 1 of 13
DaneA
NETGEAR Employee Retired

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

Hi dajohnso,

 

Welcome to the community! 🙂 

 

I believe the online case you have with NETGEAR Support is going to be escalated to the engineering team.  The engineering team will do further investigation as to why the issue occurs on not just one but five SRX5308. 

 

I suggest you to keep us posted here on the community about the updates coming from the engineering team in order for the benefit of other community members who might be experiencing the same issue. 

 

 

Regards,

 

DaneA
NETGEAR Community Team

Message 2 of 13
dajohnso
Aspirant

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

As an update, just so were all clear its not the local network or the WAN, I have replaced one SRX5308 with a cisco 1841 and it has had literally 0 packets lost in 4 days.

 

Also, please look into what the router does if many, many hackers are trying to login to the router remotely? The SRX5308 had nothing in the log files but the Cisco logging did indicate a large number of failed login attempts from the wan port. Is it possible the SRX5308 locks up for a few seconds on too many login failures? Can you turn off login on the wan ports all together? (i.e. add a check box, ingrore all telnet/ssh/rlogin attempts to the routers IP (unless its in NAT mode and there is port forwarding on these ports to another computer or DMZ)

Message 3 of 13
giusiof
Aspirant

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

Hi,

this kind of problem is a common one. There are several posts about srx5308 hanging without logging anything.

Some post is two years old.

I expected a more professional approach by the technical support.

I had to throw away the Srx, because of dropping vpn randomly  to my customers, hanging for about 12 seconds.

Message 4 of 13
dajohnso
Aspirant

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

Yes, one of my biggest concerns is the lack of logging. Obviously there is an issue since it impacts all my SRX5308's no matter how they are configured. I suspect this is a bigger issue but most people dont notice or undertsand that there is a significant packet loss going on. I am continuing to investigate but for some of my locations, like you, I have had to take the SRX5308 out because it was dropping VPN users and had noticable packet loss to all users.

Message 5 of 13
DaneA
NETGEAR Employee Retired

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

@dajohnso,

 

I just want to follow-up on this.  Are there any updates from the online case you have with NETGEAR Support about your concern?  

 

 

Regards,

 

DaneA
NETGEAR Community Team

Message 6 of 13
dajohnso
Aspirant

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

No, apparently they are waiting on me to do thier work. They want me to turn on a sniffer and packet logging. They want me to enable a syslog server because the router logs are empty. I dont have time for that, I just took it out and put in a cisco 1841 router and the problem went away (completely, not a droppedpacket in 10 days 22 hrs). I really like the SRX5308 in general but I cant use it if its going to drop my connections so often. The problem got worse with every new firmware I installed. Although the duration of the "lockup" got shorter and was typically down to about 5 seconds the outages were occring a few times an hour. I still have a few SRX5308 in production that are having the same issue and if I find the time will try to get a sniffer on it but its not going to be soon. Thier dropped packets arent causing a lot of greif right now because they are going un-noticed by the customer.

Message 7 of 13
SamirD
Prodigy

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...


@dajohnso wrote:

I just took it out and put in a cisco 1841 router and the problem went away (completely, not a droppedpacket in 10 days 22 hrs).


And that's where the saying 'no one ever got fired for buying Cisco' comes from. 🙂

Message 8 of 13
SMarkG
Aspirant

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

I've recently taken delivery of two brand new SRX5308 units to replace a pair of FVX538s that have been working fine for over 6 years.

 

I updated the firmware on the SRX as soon as I unpacked it pretty match and certainly before I added all my rules. Within days of them going live I have seeing the EXACT same issues with the device freezing up for 30 seconds or so at randon intervals. This is happening on BOTH units so is clearly a fault with the SRX5308. I must say I am extremely unhappy that this problem (which has been known about for a long time it seems) has still not been fixed.

 

It's very disappointing but I can't see any reason to keep these devices as the prospect of this problem getting fixed any time sson seems remote. I can't have our entire organisation's internet access and remote connections interrupted like this all the time.

Message 9 of 13
dajohnso
Aspirant

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

I gave up. I am still lookingfor a good solution. I liked the SRX5308, they were easy to setup and I had 10 VPN client licenses with 5 of these units (one in my office and 4 at clients). Each new firware the problem seamed to get worse and the logging showed even even less details. No matter what I did I couldnt get the connections to stabilize. Netgear kept wanting me to performa all sorts of tests and debugging with sniffers (wireshark) but I dont have the time. I see notes in the forums dating back to 2015 with the same issue so I dont understand why support cant see the problem and diagnose it themselves? I bought these because they had great VPN throughputs listed but I never got anywhere near what they claimed as I couldnt seem to get it past about 16-20Mbps on site-2-site VPN? Nearly identicle trhoughput as when I had the 336G in place so a much wasted upgrade. Now all 5 sit on a shelf, I guess i'll sell them on ebay "as is". From what little testing I performed, it seemed like the units themselves just hung for a few seconds (I suspect it has something to do with hackers on the web trying to login to the routers over and over and some internal setting blocks the traffic and resets?) The entire unit would be nonresponsive (even on the console) when it happened. An earlier verison of the firewall showed some stack trace details in a log but several versions after that showed absolutely nothing in the log when it happened? Wasnt really noticable until I tried switching to VoIP phones, then it was very apparent.

Message 10 of 13
giusiof
Aspirant

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

I gave up too.

I setted up Pfsense to handle the 4 ip wan e the Vpn

It's a shame

Message 11 of 13
SMarkG
Aspirant

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

I've also given up. If this problem has been going on for so long then I can't see a fix ever happening. I've ditched my SRX5308 now and am using a ZyXel ZyWall which works flawlessly. I'm still very disappointed though as the Netgear units were SO easy to setup. The ZyWall is nowhere near as easy but works like a dream once you get your head around it.

 

You need to sort this out Netgear. This is supposed to be your flagship firewall yet it is deeply flawed to the point of being unusable. 😞

Message 12 of 13
dajohnso
Aspirant

Re: SRX5308 non responsive 2-12 seconds LAN/WAN sporadically through day, drops all VPN connectio...

Thanks for the feedback, I had just purchased the Zywall as well  it should arrive today. Looked very similar to the srx5308. I hope its not too hard to setup.

Message 13 of 13
Discussion stats
  • 12 replies
  • 5123 views
  • 0 kudos
  • 5 in conversation
Announcements