SA540 - Continuously drops wan connection

Unanswered Question
May 22nd, 2010
User Badges:

It's been nothing but a nightmare since i've gotten the 540.  My firmware is 1.1.42 and I have a very basic setup with only a couple of standard firewall rules.  The 540 keeps dropping the wan connection.  Everything is static on the LAN side and DHCP is turned off on the 540 with Static IP for the WAN.  I've factory reset twice and reconfiged everything exactly the same with of course the same!!!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Steven DiStefano Mon, 05/24/2010 - 06:56
User Badges:
  • Blue, 1500 points or more

This is probably worthy of a case with high priority at the SBSC (small business support center - aka TAC).

That is the new FW and you have factory reset so sounds like you have dont everything they way you should have.

There are a few things to try... /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Firewall ->  Attacks

Under ICSA settings, uncheck the box for block fragmented packets.

Also, lower the MTU size and see if that helps (usually do this for DSL).

Also, see if you can collect a WAN trace (easy on this appliance) using Administration: Diagnostics: Packet Trace (turn it on, catch the anomaly, then turn it off).  This will open into Wireshark (formerly Ethereal) right on your PC.


charlesw Mon, 05/24/2010 - 16:41
User Badges:
  • Cisco Employee,


Can you PM me your configuration file, we can try to reproduce the issue and diagnose the issue.