issue with OS 12.7.1 dropping packets after upgrade

Firebox M470
Current OS 12.5.2_U1

I have an issue with the FB dropping packets or slow internet after upgrading to 12.7.1 or above. Web sites take a long time to load or timed out. Sometime it will load if I hit refresh. Ping 8.8.8.8 results in received packets followed by Timed Out, then some more received, followed by Timed Out, and so on. Same when I ping the WAN IP and Gateway, but no issue pinging the FB LAN IP.

Watchguard said it's our ISP equipment not recognizing the FB. Checked with our ISP and they didn't see any traffic coming from the FB. We didn't have this issue until OS 12.7.1. As for now, we have downgraded to OS 12.5.2.

Anyone experiencing this issue or have a work around?

Thanks.

Comments

  • edited March 2022
    Note that Multi-WAN per-policy actions changed to “SD WAN” which can cause issues. (Multi-WAN is now just the “default” failover settings when SD-WAN isn’t configured)

    Also the latest stable Firebox update is 12.7.2 U2

    https://software.watchguard.com/SoftwareDownloads?current=true&familyId=a2R2A000002aHhRUAU
  • Hi Tristan,

    We don't have SD WAN or multiple-wan configured. Our network is pretty simple, fiber line > IAD > Edgewater > FB.

    I've tried 12.7.1 U1 and 12.7.2 U2, both with the issue.

    Thanks.

  • edited March 2022

    In that case, I suggest grabbing a support file from the device while the issue is happening attaching to ticket with WG support to assist as they may be able to dig deeper into what is going on with the device and tell them how issues go away when you rollback (as the "ISP not recognizing WG is bull if it works with older firmware):

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/fsm/downoad_support_file.html

    I have several clients using that firmware with no issues.

    When you check the status report does it show any drops or errors on the interfaces?

  • I did grab a support file during my support session with watchguard. They said something about the arp table on edge router not seeing the FB, which I think it isn't true because 12.5.2 works. PCAP shows source: edge router device to destination: FB, who 50.20.32.xxx? TELL 192.168.1.0 (watchguard points this out specifically as a possible culprit). Again, no issue with 12.5.2.

    Status report shows no errors or dropped packets with 12.5.2. I didn't check with 12.7.1. I'll upgrade to 12.7.1 and take a look.

    Thanks for your input!

  • edited March 2022

    @xequals0 said:
    I did grab a support file during my support session with watchguard. They said something about the arp table on edge router not seeing the FB, which I think it isn't true because 12.5.2 works. PCAP shows source: edge router device to destination: FB, who 50.20.32.xxx? TELL 192.168.1.0 (watchguard points this out specifically as a possible culprit). Again, no issue with 12.5.2.

    Status report shows no errors or dropped packets with 12.5.2. I didn't check with 12.7.1. I'll upgrade to 12.7.1 and take a look.

    Thanks for your input!

    I would update to 12.7.2 U2 for all of the random bugs it fixes and to make sure the security hole that was recently disclosed is closed up: https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @xequals0
    Can you please reply with the case number -- I'd like to go review the case and make sure that's with the team that can best help.

    -James Carson
    WatchGuard Customer Support

  • Tristan,

    I did the upgrade to 12.7.2 U2 with the same issue. You no longer can downgrade after 12.7.2, so I had to reset the firewall and load 12.5.2 back onto the FB. 12.7.1 allows me to downgrade so I don't have to do a reset.

    The FB is not affected with the Cyclops Blink malware. It's the reason why I wanted to update the FB.

    Thanks

  • James,

    case #: 01571049

    The case have a few pcap as well.

    Thanks.

Sign In to comment.