Skip to main content

Troubleshoot network issues

FAQs:

Why is my DrawBridge not remotely accessible?

Check the following items:

  1. Internet connectivity works as expected from your DrawBridge LAN
  2. Your upstream modem/router is properly forwarding ports/configured to DMZ (where applicable)
  3. The nessesary ports are open on your DrawBridge firewall.

If all these check out fine, you may be running into a problem with your internet provider snagging your traffic. If you are on Comcast or Xfinity, please below for information on how to disable the Advanced Security that can cause remote reachability problems.

Why is my DrawBridge maxing-out my upstream network equipment session limits?

Check the following items:

  1. Sign-in to the Console and take a look for rapidly-repeating, duplicate Block lines from a single device in the Realtime Log Viewer
  2. Check to see if you have any blanketblock policies applied in your Company Dashboard
  3. Turn off the problem device or allow the traffic (if it is OK to do so) that is constantly retrying

The quick explanation: Frequently these situations are caused by a device on the network being blocked by the Drawbridge. Rather than failing gracefully and timing out, the device retries. This can create hundreds or thousands of TCP sessions in minutes. The solution is to allow the traffic through that is being blocked, and the extra sessions will expire then on their own.

The longer explanation: generally TCP session max events are due to poor software programming on a client device: when a request doesn't go as expected, rather than properly closing the session and starting a new one, the old session is left open, and a new one is started. What makes it escalate is when the programmers forget to put some type of limit or timeout on the number of retries. So the result is an extreme number of open TCP connections in a matter of seconds that only stops when it hits a limit somewhere, such as software limits or hardware resources. Windows + blanketblock polices are the most common culprits for these situations.

The real solution would be for the programmers to handle sessions properly as described above, but unless you want to raise a support ticket with them, basically the only thing that can be done is to watch the logs on the DrawBridge and allow the traffic that's getting blocked (and subsequently hammered by retries).

Back to top