Sophos UTM Issues

A Former User

I switched from using Pfsense for my router in a VM on ESXi to using Sophos UTM. With Pfsense I just closed the physical address of the second nic in the computer inside pfsense as my comcast connection is dynamic. I'm having issues with Pfsense sometimes it will slow down and very little traffic will pass on the wan side. Other times it just stops all together. I have to release the IP of the Wan connection in sophos and power cycle the modem and it always comes back. Any idea's what's going on? I have the Mac address of the physical interface cloned in Sophos and they helps some but it still happens a bit. Do I need to clone the came mac address to the virtual nic has the same mac address on the esxi vm? they would make all there places (physical nic, wmware nic and sophos have the same mac address) if that's not it any ideas what else would be causing it?

GregoryHall

Sounds like NIC issues on the ESX host or the modem itself if this is happening again with a new VM...
You should not need to clone the MAC address you only need to power off the cable modem for 5 min or more to clear the ARP cache then a new IP will be assigned. If you are dynamic and trying to keep the same IP address for service reasons that might be your slow down and Comcast has put all the resources on the new subnet that will require you to get a new IP in order to interface with...

A Former User

@GregoryHall said:

You should not need to clone the MAC address

Well, I've always had to clone the mac address of the physical nic when using this modem (surfboard sb5101) as it only registers DHCP for the first mac address it sees and you won't get an IP address otherwise.

GregoryHall

You are not leaving the modem off long enough to clear the ARP cache then... Give it a try and also unplug the coax cable to physically break the connect and leave it for 5 to 10 mins then reset the MAC to a new one and see if you get a different IP on a new Subnet... I bet if you do the internet performance is much better...

A Former User

@GregoryHall said:

You are not leaving the modem off long enough to clear the ARP cache then... Give it a try and also unplug the coax cable to physically break the connect and leave it for 5 to 10 mins then reset the MAC to a new one and see if you get a different IP on a new Subnet... I bet if you do the internet performance is much better...

I do it does perform better after I reset it. However with pfsense I never had to reset it. So I'm wondering what configuration is wrong that's causing it.