Constant and Random Internet Slowing/Lagging. How to verify WAN or LAN

TheGoob · ‎03-03-2025

Morning.

So I am running FPR1010 FDM w/ 7.6.0-113 Software and a pretty straight configuration.

Now I had this exact problem running through [this order] Cisco ISR C1111 [ZBFW NAT and ACL's] to a FPR1010 FDM [Added ACL's] to a SG350XG [DHCP Servers, DNS Servers]. After some research the theory was, for my Internet, I simply had too many devices and too much overheard so I went to 1 device, the FDR1010.

Where it stands everything is awesome and fun and then it is not. TV just spins, online gaming is like 800-2000 ms ping. The whole internet just stops. I can ping internally but nothing going outside will ping. 8.8.8.8/1.1.1.1 google.com etc all time out, then maybe I will get a ping, then stops. This will go on for an hour to two if I let it.

My goal here is how does one troubleshoot with limited ability [knowledge of such] /resources [money to pay for these fancy tools].

Also, and this is simply an observation and not an accusation because the fault, if any, would be my misconfiguration of any or all the devices BUT #1 when I remove my fancy Cisco firewalls and use my simply C4000 DSL modem, I will have 0 lag/connectivity issues indefinitely. #2 If I shut down [unplug] my DSL Router, my FPR1010 and turn back on...everything is fine.

This is driving me crazy.

TheGoob · ‎03-03-2025

Not sure if this suggests anything?

Frame drop:

Flow is being freed (flow-being-freed) 3

Invalid TCP Length (invalid-tcp-hdr-length) 9

No route to host (no-route) 54372

Reverse-path verify failed (rpf-violated) 21

Flow is denied by configured rule (acl-drop) 162128

First TCP packet not SYN (tcp-not-syn) 4039

TCP failed 3 way handshake (tcp-3whs-failed) 86

TCP RST/FIN out of order (tcp-rstfin-ooo) 3093

TCP SEQ in SYN/SYNACK invalid (tcp-seq-syn-diff) 1

TCP SYNACK on established conn (tcp-synack-ooo) 38

TCP packet SEQ past window (tcp-seq-past-win) 6

TCP invalid ACK (tcp-invalid-ack) 1

TCP RST/SYN in window (tcp-rst-syn-in-win) 9

TCP packet failed PAWS test (tcp-paws-fail) 9

Permit validation failed (permit-validate) 5

Slowpath security checks failed (sp-security-failed) 35241

DNS Inspect id not matched (inspect-dns-id-not-matched) 21

FP L2 rule drop (l2_acl) 117381

Interface is down (interface-down) 576

Dropped pending packets in a closed socket (np-socket-closed) 27

Connection to PAT address without pre-existing xlate (nat-no-xlate-to-pat-pool) 66684

TCP Proxy probe reset injected (tcp-proxy-probe-rst-injected) 16

TCP Proxy probe receive drop (tcp-proxy-probe-tcp-probe-drop) 27

Server initiated FIN to Probe drop (tcp-proxy-probe-server-fin) 20

Blocked or blacklisted by the IPS preprocessor (ips-preproc) 2

Egress fragmentation needed (df-bit-set) 25

Packet is blacklisted by snort (snort-blacklist) 17

Last clearing: Never

Flow drop:

Inspection failure (inspect-fail) 2

SSL bad record detected (ssl-bad-record-detect) 12

SSL handshake failed (ssl-handshake-failed) 96

Last clearing: Never

liviu.gheorghe · ‎03-03-2025

Hello @TheGoob ,

in order to better understand your issue, please confirm that I understood correctly:

1. The setup in which ALL works flawless

C4000 DSL modem -----------PC

or is it

C4000 DSL modem -----------LAN Switch--------------PC

1.a. Does the C4000 DSL modem initiate/terminate the PPPoE session to the ISP?

2. The setup in which all works but not so great

C4000 DSL modem -----------FPR1010--------------LAN Switch--------------PC

2.a. In this setup does the FPR initiate/terminate the PPPoE session to the ISP?

2.b. in this setup, did you reconfigure the C4000 for Transparen Bridging?

2.c. is this the C4000 modem you are using https://www.centurylink.com/home/help/internet/modems-and-routers/greenwave-c4000.html#settings ?

Regards, LG
*** Please Rate All Helpful Responses ***

TheGoob · ‎03-03-2025

Hello

So currently I have this setup; Which gives me the Issue at hand;

C4000 [Bridge Mode, Transparent] ----- FPR1010 [PPPoE] ===== 1 to Wifi Router [Simply Access Point, does no NAT or Routing] and 1 to SG350XG just in L2 mode. Anything on Wifi and Ethernet LAN share the issue.

When it ALL works it goes;

C4000 [PPPoE, Routing]----- Wifi Router 1/1 and SG350XG 1/2 in L2.

And yes, this is the Router I use on that link.

liviu.gheorghe · ‎03-03-2025

Are you saying that the traffic passes through the Wifi router? Isn't it like this:

C4000 [PPPoE, Routing]----- (port 1/2) SG350XG

|

Wifi Router (port 1/1)

What make and model is this Wifi Router?

Regards, LG
*** Please Rate All Helpful Responses ***

TheGoob · ‎03-03-2025

Well there reason for this is because I wanted to "isolate" anything Wireless vs. anything Ethernet.. If I was having trouble on my Ethernet LAN I could then also test on the wifi, to verify it was the Network as a whole/WAN or if it was either the WiFi or Ethernet being weird.

I have indeed verified that devices plugged directly into the FPR1010 [1/8] has same symptoms as anything connected via wifi [1/7].

It is a TP-Link Deco AX3000 WiFi 6 Mesh System(Deco X55).. Main device [plugged into 1/7] and then 2 others "triangulated". But I have it C4000---FPR=== 1 to SG350XG L2 for LAN devices and 1 to WiFi for devices. Mainly certain things I do not want on wifi such as my XBox/PS5 for gaming and then my [main] TV for streaming.. All hardwired. My stuff like iphone, Alexa etc are all wifi.

But to clarify, when my Hardwired devices go on the fritz, I also verify my wifi devices are shot too.

P.S This was why I made 1/7 and 1/8 on FPR both vlan7 as the 192.168.5.x is my "Home" Network.

liviu.gheorghe · ‎03-03-2025

Ok. Got it.

How often does this freeze condition occur?

I see the FPR is running firmware version 17.6.0-113. Any reason you are not running the Cisco recommended 7.4.2 firmware version?

Regards, LG
*** Please Rate All Helpful Responses ***

TheGoob · ‎03-03-2025

In truth things what it had when I got it from an acquaintance…. I have no reason for running it. Would reducing it be advised?

As far as when it occurs, I’ll be charitable and say 100% at least once a day… And always at night (though of course I am not sitting home all day watching it).

liviu.gheorghe · ‎03-03-2025

@TheGoob wrote:

In truth things what it had when I got it from an acquaintance…. I have no reason for running it. Would reducing it be advised?

This is what I'm thinking - downgrade it to the recommended 7.4.2. There is a question of a entitlement contract which allows you to download software from Cisco - I don't know if you have such a contract.

To summarize - the FPR came with firmware 17.6.0 and you always experienced the freeze condition when you where using the FPR.

As far as when it occurs, I’ll be charitable and say 100% at least once a day… And always at night (though of course I am not sitting home all day watching it).

So it happens quite often - not sure of the actual frequency and no clue why it happens. I'm thinking of configuring some IP SLA probes to get more info when and how often this thing happens.

Regards, LG
*** Please Rate All Helpful Responses ***

TheGoob · ‎03-03-2025

Crap. Surely it was upgraded from an earlier version could the original version possibly be on there? In file format

Also is this what you mean?

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense-virtual/221600-configure-ecmp-with-ip-sla-on-ftd-manage.html

liviu.gheorghe · ‎03-03-2025

Log into the GUI and go to Updates - first row of tiles - click View Configuration and in the System Upgrade you should have any software upgrades available on the system.

Regards, LG
*** Please Rate All Helpful Responses ***

TheGoob · ‎03-03-2025

I saw REVERT to 7.4.2. I clicked that but noticed “will not save any confirmations since upgrade”. That really stinks cause I worked so hard for that and honestly kinda don’t even remember all the things I did. Ugh

TheGoob · ‎03-07-2025

@liviu.gheorghe wrote:

I'm thinking of configuring some IP SLA probes to get more info when and how often this thing happens.

Hello, I was curious about this and possibly if it would aid me. Would this be referring to this link https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense-virtual/221600-configure-ecmp-with-ip-sla-on-ftd-manage.html or was there another IP SLA situation you were referring to?

liviu.gheorghe · ‎03-07-2025

Yes, the idea was to monitor connectivity to the Internet, but looking at the documentation it seems that with the FTD you can use this feature to monitor routes - in case you have to ISP and the main one fails, you can trigger a failover to the secondary ISP.

Regards, LG
*** Please Rate All Helpful Responses ***

TheGoob · ‎03-07-2025

I’d be interesting in setting up some sort of monitor but as you said when I looked over that particular site it was indeed assuming and suggesting it be done with 2 ISP’s, which I do not have. Did you have other documentation more focused on what you were initially suggesting or can this same scenario be used with a single ISP?