Options

Azure ViF no traffic passing through intermittently

cyberbozzocyberbozzo
in Firebox - VPN Branch Office

Dear,

We have a ViF to Azure since about 8 months. It has been working like a charm for about 7 months.

Since 1 month we're having this issues:

  • The tunnel does not pass traffic through anymore after a while of inactivity.
  • When we run a continous ping from Azure to Firebox: the tunnel keeps alive forever.
  • When we disable this continuous ping, tunnel goes down after +/- 1 hours activity.

After we launch a ping from Firebox to Azure (so opposite direction), the tunnel passes through traffic immediately again.

I've done a lot of troubleshooting (ticket Azure, ticket Watchguard, played around with DPD, recreated the tunnel from scratch, converted it from ikev2 to ikev1: nothing seems to help and tunnel stays unreliable).

I've gathered a lot of logs (Wiresharks, Tunnel diagnostics reports, Azure feedback from my support ticket and so on).

As soon as I've gathered all the information and send it to my ticket on Watchguard support, I don't get any feedback anymore since 1 week?!

Do you guys have any possibility to escalate the ticket?

We're relying heavily on this tunnel, so it's very unconvenient for us when it goes down.

We are thinking of migrating this tunnel for a while to a temporary Fortigate device...

Thanks!
Pieter

Comments

  • Options
    Bruce_BriggsBruce_Briggs

    You can request that your case be escalated

  • Options
    cyberbozzocyberbozzo

    My case has been escalated previous week by first line engineer.
    Since monday I've sent them all the logs, but since monday no response anymore.

    How can I escalate the case further? Or is it normal to don't get a reply for a week?

    Tnx.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    @cyberbozzo If you can reply with the case number, I can look into where the case is.
    If a case has been assigned to a technician, it will generally be replied to inside the hours that technician works. They usually post their hours in their signature in each post they make.

    -James Carson
    WatchGuard Customer Support

  • Options
    cyberbozzocyberbozzo
    edited March 3

    Thanks, case 02006282. The engineer didn't reply for almost 5 working days.
    If there's no reply within acceptable time, I'll escalate this case via our local vendor.

    Thanks.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    @cyberbozzo I've asked the support lead to get an update or requeue the case for you.

    For support cases, if you do not get a response, I would always suggest calling (877) 232-3531 (or +1.877.232.3531 for international.) You're welcome to ask via your sales/local vendor -- but calling via the phone is generally faster.

    -James Carson
    WatchGuard Customer Support

  • Options
    cyberbozzocyberbozzo

    Dear,

    Thanks, it's now escalated to another team I suppose, I've appointment tomorrow morning for further troubleshooting.

    Hopefully this will ever be resolved :)

Sign In to comment.