I have a fairly sophisticated setup for my Sonicwall TZ200. I have 3 internet connections: 1) A traditional T1 @ 1.544mbps, 2) AT&T DSL at 6mbps, and 3) Comcast at 24mbps.
I've played with various load balancing schemes, but what has worked best, until recently, is a simple failover system where all my outbound traffic goes out and comes in via Comcast, my email traffic uses the T1, and the AT&T connection acts as a backup connection.
When I tried some percentage based stuff, it worked, but when some users reported the connections being slow, it was always hard to tell who (which connection) was responsible.
Anyway, things were going swimmingly until just a few weeks ago when users began complaining about connections being really slow.
We had been making some changes recently because the TZ200 had been freezing up and Sonicwall had me redo the entire configuration by hand because of that. That issue turned out to be because we were using the DHCP server in the Sonicwall and that didn't cooperate with our Sonicpoint setup. The Sonicpoint would freeze up and stop shipping traffic for no reason. As soon as we moved the DHCP server to a Windows Server and shut that down, our Sonicpoint problem went away.
(I digress again...)
Anyway, after that, things had gone very well until, suddenly a few weeks ago, the performance on the wired network was just horrible! We are supposed to be getting 24mbps down from the Comcast connection, but we were lucky to get 10% of that. Our ping times were horrible at 500 to 1000 msec instead of the usual 20 or 30 msec.
Well, as sometimes happens, it took a lot of serious investigation to finally figure out what was wrong...
I use terminal server a lot with my clients. I was trying to set up RDP sessions to run a certain program and quit (rather than just opening up an RDP session and running the program from there). I do this so that I can run a program and get out. For instance, I have some web-based server management interfaces that are only available from inside the network (like for the phone systems) and if I just want to go in and fix something, I don't want to have to run a VPN session and I don't want to get a full desktop to start a browser, so I just fire off the browser as a program in an RDP session and I'm in and out!
However, I was running into 2 annoyances:
1) I would set up an RDP session to run one program, but the session would hang when the program exited. The session would stay hung so that when I came back and re-connected, I got the same hung desktop session back!
2) No matter what I changed in the RDP settings or on the server, every time I opened an RDP sessions file, my window would have scroll bars with my desktop bigger than the window that RDP opened!
Both were pretty annoying and had different solutions.
I had a situation where I had to recover a failing Zimbra email server running Network version 6.x. The hardware was failing, so I recovered the system to a new virtual server. There were a lot of things to deal with in moving to a new system, but I had everything back and running in about 12 hours (there was almost a terabyte of messages to move to the new system).
Everything looked good, but when I went back to do a reality check on the system a week later, I found out that the automatic backups weren't running.
It took a little research, but I figured out how to get backups to run again...
As most people now know, java being installed (and seldom updated) on nearly every system running Windows has created major security problems, what with all of the security holes being "day one" exploited.
The proper solution (as is the case with most security problems) is to remove something when it isn't specifically needed!
When I looked at my own system, I had disabled java from being activated by the browser (disabling the add-ins for chrome, IE, Firefox, etc.) so I was relatively safe from website/ad based attacks, but I also found that I was running three different installations of java including two for 32-bit and one for 64-bit.
I figured the easy thing to do was remove all of them, then add back the freshest version of one I needed for my Eclipse IDE to work.
Uninstall went fairly well, but I had problems when I tried to install the 64-bit version of java. Every time I installed it, I would get:
Error 1335: The cabinet file Data1.cab required for this installation is corrupt and cannot be used.
I tried lots of different things from the googles, but it took a combination of things to get it to finally install...
When we were having problems testing the Comcast modem for problems, we also had some issues with testing. Whenever we tested the load balanced connection, we were never sure what connection things would go out on.
If you want to force the Sonicwall to route a particular device's traffic to a particular interface (ignoring load balancing's randomness or Sonicwall's route optimizations), then you need to create a routing rule. The rule overrides everything (until you delete the rule)...
I don't use Active Directory and Policies enough to remember which is the proper place when I want to adjust the draconian password complexity settings on a Windows 2008 Server.
Ran into a situation where a client's Dell T110 server would no longer boot Windows Server 2008 R2 Foundation off the PERC S100 RAID controller and the two drives that were configured as RAID1.
The symptom happened after a power outage that took out the UPS and crashed Windows Server without a graceful shutdown. Not a pretty thing at all.
First, I discovered the RAID1 was broken and only one drive was showing the desirable "Online" state. The other was "Ready". That should have been OK, but it looks like the RAID failed and the was able to boot, but then crashed and took out the Windows configuration.
The boot would freeze where the green strobing progress bar would be displayed. It would do that for about an hour, then just freeze and stop...
I have a client that upgraded, due to some other issues, to a Sonicpoint wireless access point that directly connects to their Sonicwall firewall.
This solved a lot of problems, but one of the problems that lingered was that their database connections would get cut off at seemingly random times.
It wasn't one application, either. It was their connection to a postgresql database and a different program connecting to a Filemaker (Pro) server.
It took some real "sitting down" diagnostics to test this. Here's how I solved it...
I have a sonicwall TZ200 with 3 internet connections that are set up to be load balanced. The internet connections are from 3 different providers providing a T1, an 8mb DSL, and a 24mb cable connection.
Connection A: T1 with public services behind a NAT firewall
Connection B: DSL
Connection C: Cable
Everything is peachy and load balancing works.
However, I wanted to set up a WLAN that didn't touch any of my primary network. The idea was to use this WLAN for guests. I could give them access to that and not worry about them having access to my internal resources, killing my DHCP addresses with their previously-assigned-home-addresses, or infecting the rest of my network with some lame malware.
Connection A: T1 with public services behind a NAT firewall
Connection B: DSL
Connection C: Cable <- Attached Router with WLAN
I picked up a nice industrial style wireless router and wired it to my cable modem. The cable modem has a static IP address range assigned to it. I let the wireless router pull an internal address from the cable modem, though (10.1.10.10), and I was up and running.
The only thing was, whenever I tried to access the publicly available services behind my primary IP address (the NAT'ed devices on my business network), the Sonicwall would tag the traffic from my new WLAN as an IP SPOOF attempt and block it.
See, the Sonicwall looks at traffic coming in from Connection A and sees Connection C's IP address on it. Figuring that can't be, (X1 should not be getting traffic from X3), the Sonicwall protects me. But I don't want that!
I tried a couple of things like manual routing traffic to the direct connected port and a few other things and a little Googling did little for me.
The ultimate solution turned out to be kind of elegant...
When creating scripts and automating contacts between systems, especially unix-based stuff, you often want things to be automatic without a password prompt. Your script will hang at the password prompt and you'll not be running your process like you want! This is really bad for a scheduled process and kind of annoying for a manual process. You'll get prompted for each command you run.
The solution is to use a private/public key on your systems so that ssh, scp, and related commands won't prompt for a password...
Did this help you? You can help me!
Did you find this information helpful? You can help me back by linking to this page, purchasing from my sponsors, or posting a comment!
+One me on Google:
Follow me on twitter: http://twitter.com/mojocode