Orcon Ultrafast UFB and Fortigate Firewall

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Orcon Ultrafast UFB and Fortigate Firewall

greminn

181 posts

Master Geek
+1 received by user: 6

#154903 12-Nov-2014 11:40

Hi All - We are using a Fortigate 80C as our router/firewall on our UFB connection in TGA (Ultrafast) and have been doing for approx 2 years without fault.

About a month ago, we started seeing random LONG drop outs (e.g. 4 hours) that would happen in the middle of the night. The Fortigate 's logging is showing a connection lost to the ONT for the period of the outage.

I know we are not using the genius modem, but its been working perfectly up until now.. I have logged a ticket with Orcon, and they are asking for us to use the Genius modem (which we can, i guess i can just front our Fortigate with it).

Im kind of sure that its something outside of our fortigate (but i could be wrong).

I just wanted to see if anyone had any thoughts really :)

Thanks

Simon

1 | 2

6028 posts

Uber Geek
+1 received by user: 461

Trusted

Geekzone

Lifetime subscriber

#1173464 12-Nov-2014 11:40

Hello... Our robot found some keywords in your post, so here is an automated reply with some important things to note regarding broadband speeds.

If you are posting regarding DSL speeds please check that

- you have reset your modem and router

- your PC (or other PCs in your LAN) is not downloading large files when you are testing

- you are not being throttled by your ISP due to going over the monthly cap

- your tests are always done on an ethernet connection to the router - do not use wireless for testing

- you read this topic and follow the instructions there.

Make sure you provide information for other users to help you. If you have not already done it, please EDIT your post and add this now:

- Your ISP and plan

- Type of connection (ADSL, ADSL2, VDSL)

- Your modem DSL stats (do not worry about posting Speedtest, we need sync rate, attenuation and noise margin)

- Your general location (or street)

- If you are rural or urban

- If you know your connection is to an exchange, cabinet or conklin

- If your connection is to a ULL or wholesale service

- If you have done an isolation test as per the link above

Most of the problems with speed are likely to be related to internal wiring issues. Read this discussion to find out more about this. Your ISP is not intentionally slowing you down today (unless you are on a managed plan). Also if this is the school holidays it's likely you will notice slower than usual speed due to more users online.

A master splitter is required for VDSL2 and in most cases will improve speeds on DSL connections. Regular disconnections can be a monitored alarm or a set top box trying to connect. If there's an alarm connected to your line even if you don't have an alarm contract it may still try to connect so it's worth checking.

I recommend you read these two blog posts:

- Is your premises phone wiring impacting your broadband performance? (very technical)

- Are you receiving a substandard ULL ADSL2+ connection from your ISP?

I am the Geekzone Robot and I am here to help. I am from the Internet. I do not interact. Do not expect other replies from me.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

greminn

181 posts

Master Geek
+1 received by user: 6

#1173478 12-Nov-2014 11:51

Note here: They are sending me a 'white' version to try :)

FireEngine

1223 posts

Uber Geek
+1 received by user: 221

Trusted

#1173483 12-Nov-2014 11:56

greminn: Note here: They are sending me a 'white' version to try :)

What happened to the original one that was supplied? Easiest to quickly sub that in I would have thought....either way swapping CPE is a sensible step.

What restores service after such a dropout? Self-restores? Firewall reset/reboot? ONT reboot?

Regards FireEngine

timmmay

20858 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#1173492 12-Nov-2014 12:04

It's not something simple like it releasing the connection because it's not being used by an internal machine is it?

greminn

181 posts

Master Geek
+1 received by user: 6

#1173493 12-Nov-2014 12:07

timmmay: It's not something simple like it releasing the connection because it's not being used by an internal machine is it?

Nar - the interwebs have gone right in the middle of us using it :) Plus we are using the fortigate to link my home network into work via VPN and a couple of other things that constantly use the network.

WrEK

86 posts

Master Geek
+1 received by user: 5

#1173495 12-Nov-2014 12:17

If the disconnections are up to 4hrs (the DHCP lease half-life) may be DHCP related, as the renewal begins on half the lease life.
Is your LAN range set to 192.168.0.X by any chance?

But then again its weird that its not dropping during the day.

AliExpress

Shop now on AliExpress (affiliate link).

greminn

181 posts

Master Geek
+1 received by user: 6

#1173524 12-Nov-2014 12:51

WrEK: If the disconnections are up to 4hrs (the DHCP lease half-life) may be DHCP related, as the renewal begins on half the lease life.
Is your LAN range set to 192.168.0.X by any chance?

10.1.1.X

But then again its weird that its not dropping during the day.

Yea.. Looking thru the logs it happens nearly bang on midnight as well - that does sound sus.

Nebbie

458 posts

Ultimate Geek
+1 received by user: 29

Trusted

#1173590 12-Nov-2014 14:09

greminn:
Yea.. Looking thru the logs it happens nearly bang on midnight as well - that does sound sus.

Every night or random nights during the week day's only?
To me it sounds like Planned Works on the network causing the drops, most ISP's run their planned works at night time.

---------------------------------------------------------------
Nebukadnessar

greminn

181 posts

Master Geek
+1 received by user: 6

#1173596 12-Nov-2014 14:19

Nebbie:
greminn:
Yea.. Looking thru the logs it happens nearly bang on midnight as well - that does sound sus.

Every night or random nights during the week day's only?
To me it sounds like Planned Works on the network causing the drops, most ISP's run their planned works at night time.

Kind of does look like that right?

11-11-2014 (00:11:18 - 04:08:15)
08-11-2014 (12:05:13 - 12:55:43) <- This might be standard Orcon outage
06-11-2014 (02:06:18 - 06:06:15)
24-10-2014 (00:57:28 - 04:09:24)
21-10-2014 (01:09:28 - 04:06:24)

And nothing before that... (that was not a standard Orcon outage). Firmware was last updated 19/09/14, so thats not pointing to anything.

Simon

deadlyllama

1283 posts

Uber Geek
+1 received by user: 476

Trusted

#1173645 12-Nov-2014 15:48

I saw something like this (UFF area; Mikrotik router). Connection would drop out at (from memory) 00:45 or so, and come back a few hours later. Eventually found that a DHCP release/renew on the WAN VLAN10 interface brought the internet back. I didn't check logs but at the times I was trying to watch netflix while getting the baby to sleep (~2-4am), ethernet link to the ONT was fine.

greminn

181 posts

Master Geek
+1 received by user: 6

#1173648 12-Nov-2014 15:52

deadlyllama: I saw something like this (UFF area; Mikrotik router). Connection would drop out at (from memory) 00:45 or so, and come back a few hours later. Eventually found that a DHCP release/renew on the WAN VLAN10 interface brought the internet back. I didn't check logs but at the times I was trying to watch netflix while getting the baby to sleep (~2-4am), ethernet link to the ONT was fine.

OK interesting. Did you sort anything for a fix? or was the technical resolution get the baby to sleep :)

thanks for the reply!

Simon

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

deadlyllama

1283 posts

Uber Geek
+1 received by user: 476

Trusted

#1173661 12-Nov-2014 16:06

greminn:
deadlyllama: I saw something like this (UFF area; Mikrotik router). Connection would drop out at (from memory) 00:45 or so, and come back a few hours later. Eventually found that a DHCP release/renew on the WAN VLAN10 interface brought the internet back. I didn't check logs but at the times I was trying to watch netflix while getting the baby to sleep (~2-4am), ethernet link to the ONT was fine.

OK interesting. Did you sort anything for a fix? or was the technical resolution get the baby to sleep :)

thanks for the reply!

Simon

They didn't see anything obviously wrong and there's a limit to the support I can ask for when I've swapped out the Genius for something a little more powerful. As a residential customer I imagine faultfinding step #1 would be "plug the genius in and factory reset it." As it's an intermittent fault I'd just have to hope for another outage, and my home network is now too complex to make switching back to the Genius something I'd want to do for more than half an hour at a time.

I was going to write a mikrotik script to ping the DNS servers and do a release/renew but the problem seems to have gone away and the baby is indeed better at getting back to sleep now. I managed to watch half of Fringe plus a bunch of other stuff while rocking him to sleep in that first couple of months!

greminn

181 posts

Master Geek
+1 received by user: 6

#1173680 12-Nov-2014 16:14

deadlyllama:
greminn:
deadlyllama: I saw something like this (UFF area; Mikrotik router). Connection would drop out at (from memory) 00:45 or so, and come back a few hours later. Eventually found that a DHCP release/renew on the WAN VLAN10 interface brought the internet back. I didn't check logs but at the times I was trying to watch netflix while getting the baby to sleep (~2-4am), ethernet link to the ONT was fine.

OK interesting. Did you sort anything for a fix? or was the technical resolution get the baby to sleep :)

thanks for the reply!

Simon

They didn't see anything obviously wrong and there's a limit to the support I can ask for when I've swapped out the Genius for something a little more powerful. As a residential customer I imagine faultfinding step #1 would be "plug the genius in and factory reset it." As it's an intermittent fault I'd just have to hope for another outage, and my home network is now too complex to make switching back to the Genius something I'd want to do for more than half an hour at a time.

I was going to write a mikrotik script to ping the DNS servers and do a release/renew but the problem seems to have gone away and the baby is indeed better at getting back to sleep now. I managed to watch half of Fringe plus a bunch of other stuff while rocking him to sleep in that first couple of months!

Yea same here - i really need to use the Fortigate as it works in with our office/dc network. As (somewhere) above, i can always run this in transparent mode between the genius and the network. Might have todo that.

:)

deadlyllama

1283 posts

Uber Geek
+1 received by user: 476

Trusted

#1173697 12-Nov-2014 16:43

greminn:
deadlyllama:
greminn:
deadlyllama: I saw something like this (UFF area; Mikrotik router). Connection would drop out at (from memory) 00:45 or so, and come back a few hours later. Eventually found that a DHCP release/renew on the WAN VLAN10 interface brought the internet back. I didn't check logs but at the times I was trying to watch netflix while getting the baby to sleep (~2-4am), ethernet link to the ONT was fine.

OK interesting. Did you sort anything for a fix? or was the technical resolution get the baby to sleep :)

thanks for the reply!

Simon

They didn't see anything obviously wrong and there's a limit to the support I can ask for when I've swapped out the Genius for something a little more powerful. As a residential customer I imagine faultfinding step #1 would be "plug the genius in and factory reset it." As it's an intermittent fault I'd just have to hope for another outage, and my home network is now too complex to make switching back to the Genius something I'd want to do for more than half an hour at a time.

I was going to write a mikrotik script to ping the DNS servers and do a release/renew but the problem seems to have gone away and the baby is indeed better at getting back to sleep now. I managed to watch half of Fringe plus a bunch of other stuff while rocking him to sleep in that first couple of months!

Yea same here - i really need to use the Fortigate as it works in with our office/dc network. As (somewhere) above, i can always run this in transparent mode between the genius and the network. Might have todo that.

:)

What does "transparent" mode mean? I just checked and if I bridge the Genius onto the ONT port, it can't get an IP address from Orcon if the Mikrotik already has one.

greminn

181 posts

Master Geek
+1 received by user: 6

#1173737 12-Nov-2014 18:10

This is different than bridge, fortigate units allow you to put the firewall between your router and network and still act as a firewall. Quite nifty, but I would prefer to not have to use the genius as well.

1 | 2