Issues with Load Balancing, PFSENSE & Sonic Wall


Recommended Posts

I have issues with sites that use SSL and I am not sure what to do about it.. This happens at home (PFSENSE) and at Work (Sonicwall).. When you login into a site, it will log you out when you click on a link.. You may or may not get lucky and it will work, for a few seconds at least. Any ideas on where to start looking? This has to be a pretty commonish issue..?

Link to comment
Share on other sites

Is it the same machine having the same issues in both sites?

 

I would look to troubleshooting 1 location, having problem in both locations if same machine kind of points to the machine as the problem and not any configuration at the locations.

 

Can you give an example site and what you do exactly that logs you out?  Logs you out of the site?  Are you using proxies at work and home?  I can not recall ever having or seeing such an issue - so doesn't sound common to me.

 

So these sites both have multiple wan connections - you mention load balancing in the title?  You prob have an asynchronous routing problem if you have multiple wan connections.. So you hit site using 1 connection, and then clicking any other link is using other connection sort of problem.

Link to comment
Share on other sites

Is it the same machine having the same issues in both sites?

 

I would look to troubleshooting 1 location, having problem in both locations if same machine kind of points to the machine as the problem and not any configuration at the locations.

 

Can you give an example site and what you do exactly that logs you out?  Logs you out of the site?  Are you using proxies at work and home?  I can not recall ever having or seeing such an issue - so doesn't sound common to me.

 

So these sites both have multiple wan connections - you mention load balancing in the title?  You prob have an asynchronous routing problem if you have multiple wan connections.. So you hit site using 1 connection, and then clicking any other link is using other connection sort of problem.

assemblergames.com

Any machine on the network. No Proxies. Yes, multiple WAN connections, if I use just 1 connection, no issues.

 

fusi0n, what model Sonicwall and firmware?

TZ500 and just updated to the latest..

Link to comment
Share on other sites

Yeah so you can't talk and auth to server from 1 IP, and then send another part of the traffic from a different IP and expect to work and still be authed.  Your session wouldn't even be open, etc.

 

When you load balance and talk to IP A using connection 1, then you need to maintain that connection using that connection you can not send another part of the conversation from connection 2.

Link to comment
Share on other sites

assemblergames.com

Any machine on the network. No Proxies. Yes, multiple WAN connections, if I use just 1 connection, no issues.

 

TZ500 and just updated to the latest..

 

I just upgraded to a TZ600 and am having unique SSL issues also, see my topics here - https://www.neowin.net/forum/topic/1258474-sonicwall-tz-600-or-ssl-issue-one-site-non-accessible/ and here - http://goo.gl/lsxoeu

 

 

Is this something similar to what you are seeing?

Fus10n, see if this site gives you problems when you make it fail the other site - https://secure.swdirectconnect.com/EFTClient/Account/Login.htm

Link to comment
Share on other sites

Yeah so you can't talk and auth to server from 1 IP, and then send another part of the traffic from a different IP and expect to work and still be authed.  Your session wouldn't even be open, etc.

 

When you load balance and talk to IP A using connection 1, then you need to maintain that connection using that connection you can not send another part of the conversation from connection 2.

Thanks for your help. Any direction on where to look on how to lock connections when connected to https in PFSENSE?

 

 

I just upgraded to a TZ600 and am having unique SSL issues also, see my topics here - https://www.neowin.net/forum/topic/1258474-sonicwall-tz-600-or-ssl-issue-one-site-non-accessible/ and here - http://goo.gl/lsxoeu

 

 

Is this something similar to what you are seeing?

Fus10n, see if this site gives you problems when you make it fail the other site - https://secure.swdirectconnect.com/EFTClient/Account/Login.htm

Ah, I didn't mean to hijack from another thread.. :/ 

I can access https://secure.swdirectconnect.com/EFTClient/Account/Login.htm just fine, but I don't have any creds.. But, I would assume if I did, it would break due to https..

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.