- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Support has verified that my site to site VPN is configured correctly, and I have the proper access
03/26/2020 
11 People found this article helpful
44,056 Views
Description
Support has verified that my site to site VPN is configured correctly, and I have the proper access rules in place to pass traffic. Why is my traffic being dropped periodically?
Resolution
Question:
Support has verified that my VPN is configured correctly, and I have the proper access rules in place to pass traffic. Why is my traffic being dropped periodically?
Answer:
Depending upon the nature of the traffic, and its behavior, there are a few possibilities in the absence of a misconfiguration.
If the traffic in question is Telnet, RDP, or SSH traffic (or any traffic which uses a textual interface), it's possible that the TCP connections are timing out too soon. Applications such as SSH and RDP do not send a lot of data over the VPN in certain situations, such as a screen which requires data entry, and very rarely changes. In these cases, it's possible that the firewall has not seen enough interesting traffic to reset the countdown on the TCP inactivity timeout setting on the firewall for the rule the traffic is using. In these cases, setting the TCP inactivity timeout to a higher value usually resolves the issue.
Another possibility is that the Dead Peer Detection function on the appliance may be getting interfered with somehow. When Dead Peer Detection is enabled, the device will send encrypted phase 1 notification data which contains an "R-U-THERE" message to a peer device. The peer device will then respond with an "R-U-THERE-ACK" message. The "R-U-THERE" message is sent only if the device has not received any traffic from the peer with the Dead Peer Detection Interval. If the device does not receive an "R-U-THERE-ACK" message during the interval, the peer is assumed to be offline, and the phase 1 SA and all following phase 2 SAs are removed for that peer.
In the case of traffic dropping, it's possible that something inbetween the endpoints is malforming or blocking R-U-THERE or R-U-THERE-ACK messages, at which point, the VPN would likely be torn down. If keepalive is enabled, the tunnel will then likely come right back up. This can often explain why connections drop for no apparent reason, but then are able to be re-created without issue.
The solution to this issue would be to disable dead peer detection altogther.
Related Articles
- How to force an update of the Security Services Signatures from the Firewall GUI
- How to upload security services signatures manually on Closed Environments?
- How to Create Gen 7 Settings File by Using the Online Migration Tool
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO