Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2020-04-16 10:10:22 +0000

woter gravatar image

TCP Retransmission between VLANs

Hi,

I have installed a new Sophos XG firewall on my network and I have an issue with packets being dropped due to "bad TCP" between two devices that reside on different VLANs.

In network terms, the current setup is rather convoluted and I'm hoping someone might be able to help analyse the packet capture, taken from the firewall, to determine the root cause.

The issue seems to be coming from the VMware Virtual Server Appliance (VCSA) which is hosted in VMware Workstation that runs on a physical Windows Server 2016 box. The network interfaces in question are teamed (LACP) and presented to VMware Workstation as a bridge. In turn, they are connected to a Cisco switch (SG300) where the two relevant switchports are LAG'd.

As I said, rather convoluted, so here is a diagram: https://tinyurl.com/ydcew4xz (I can't attach files yet).

If anyone can spare some time to analyis the capture, and share any insights, I'd be most grateful.

T. I. A.

W.

TCP Retransmission between VLANs

Hi,

I have installed a new Sophos XG firewall on my network and I have an issue with packets being dropped due to "bad TCP" between two devices that reside on different VLANs.

In network terms, the current setup is rather convoluted and I'm hoping someone might be able to help analyse the packet capture, taken from the firewall, to determine the root cause.

The issue seems to be coming from the VMware Virtual Server Appliance (VCSA) which is hosted in VMware Workstation that runs on a physical Windows Server 2016 box. The network interfaces in question are teamed (LACP) and presented to VMware Workstation as a bridge. In turn, they are connected to a Cisco switch (SG300) where the two relevant switchports are LAG'd.

Every now and then a packet gets through, however, traffic is typically dropped from the VCSA to the ESX hosts. Sometimes the allow rule denies the packet with the message "Invalid TCP state".

As I said, rather convoluted, so here is a diagram: https://tinyurl.com/ydcew4xz (I can't attach files yet).

If anyone can spare some time to analyis analysis the capture, and share any insights, I'd be most grateful.

T. I. A.

W.

TCP Retransmission between VLANs

Hi,

I have installed a new Sophos XG firewall on my network and I have an issue with packets being dropped due to "bad TCP" between two devices that reside on different VLANs.

In network terms, the current setup is rather convoluted and I'm hoping someone might be able to help analyse the packet capture, taken from the firewall, to determine the root cause.

The issue seems to be coming from the VMware Virtual Server Appliance (VCSA) which is hosted in VMware Workstation that runs on a physical Windows Server 2016 box. The network interfaces in question are teamed (LACP) and presented to VMware Workstation as a bridge. In turn, they are connected to a Cisco switch (SG300) where the two relevant switchports are LAG'd.

Every now and then a packet gets through, however, traffic is typically dropped from the VCSA to the ESX hosts. Sometimes the allow rule denies the packet with the message "Invalid TCP state".

As I said, rather convoluted, so here is a diagram: https://tinyurl.com/ydcew4xz (I can't attach files yet).

If anyone can spare some time to analysis the capture, and share any insights, I'd be most grateful.

Although my current setup now uses Sophos XG, in the last two weeks, I've had the same issues with OPNsense and pfSense firewalls.

T. I. A.

W.

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2