Sikich recently ran into an issue whiling trying to transfer large amounts of data through a site-to-site VPN tunnel using two SonicWall firewalls. Each attempt would result in a TCP timeout at random times during the process. I proceeded to do a packet capture from the firewall, and the last error before the failure was the following:
DROPPED, Drop Code: 138(IDP detection OOO Exceeded Max), Module Id: 25(network)
As part of my normal troubleshooting process, I turned off all security services on both firewalls, and yet, the errors continued.
I called up SonicWall support, and they said this is a known issue with firmware version 22.214.171.124-42n. They told me two different ways to fix the issue.
- Apply HF204430-4n to the affected firewalls. Doing so will cause a reboot.
- If you can’t afford any down time, then disable DPI under the advanced section on the appropriate access rule.
Most businesses cannot afford any down time, and we were no exception. I attempted the second solution. I can thus confirm that disabling DPI in the access rule did work, but that said, I did not want to leave it disabled for long.
After I was able to complete the transfer, I applied the hot-fixes and all subsequent file transfers continued to work.
If your SonicWall firmware is running version 126.96.36.199-42n, take note of this known issue and how to properly troubleshoot it. Hopefully SonicWall will rectify this in their next firmware update.
Running into other IT issues? Contact the experts at Sikich to help with your technical support needs.