Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
Member
Join Date: Oct 2010
Posts: 30
#1 (permalink)  
Old 01-16-2013, 08:02 PM
Cool Clear the arp cache?

Hello,

I've got an ASG220 UTM9 that has a working V7.510 configuration backup restored to it; at least it works on the V7.

The configuration includes additional interface addresses and aliases for company websites that are hosted on internal servers.

When the V7 is in place all internal sites can be pinged and loaded in a browser from the public side, but when the V9 is in place the sites cannot be pinged or loaded.

I have talked with the reseller and Sophos support about this issue, and the next suggestion from Sophos is to clear the arp cache on our ISP's network devices: and Adtran Netvanta 4305 and a FiOS ONT. I would have to power-cycle the devices to do this.

Can anyone confirm this as a viable solution to my problem?

Thank you.
Reply With Quote
Wizard
Join Date: May 2003
Location: Brunswick, Maryland, USA
Posts: 6,942
#2 (permalink)  
Old 01-16-2013, 08:51 PM
Default

sounds reasonable to me..do the power cycle during a maintenance window.
__________________
Owner: Emmanuel Technology Consulting
http://www.etc-md.com
My Installed Configs
Microsoft Partner
Sophos Silver Solution Reseller
Sophos Certified Architect - UTM
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,271
#3 (permalink)  
Old 01-16-2013, 09:48 PM
Default

A basic rule is that the ARP cache needs to be cleared on any routers/switches directly connected to a different NIC on the UTM.

I also recommend this "just in case" with the switch connected to the Internal interface when swapping out a UTM.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Senior Member
Join Date: Jun 2009
Posts: 137
#4 (permalink)  
Old 05-28-2014, 03:09 AM
Default

Can I revive this real quick?

I just replaced a pair of 220's with a pair of 310's. At the cutover is was necessary to clear the arp-cache on the cisco switch. When I brought the second new switch into the HA, something happened during the HA config where one of the additional external IP addresses had the wrong arp but the rest of the ip's were fine. Again, I cleared the arp cache but just for the one external ip.

This got me thinking. Does the switch that the sophos connects to need any special config for arp cache timeout? What happens during a failover? Is the arp cache preserved?

I don't recall ever having a problem before with this (ie patching and rebooting).
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,271
#5 (permalink)  
Old 06-02-2014, 03:12 PM
Default

Tom, I think the 310s will manage their MAC addresses to work with the switch.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 07:12 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.