Akamai caches hammering Sophos XG firewalls
niels=nanog at bakker.net
Mon Feb 5 18:59:36 UTC 2018
* jeremyparr at gmail.com (Jeremy Parr) [Mon 05 Feb 2018, 18:28 CET]:
>Somewhat OT, but before I was a jack of all trades enterprise
>sysadmin, I was a jack of all trades ISP sysadmin.
>I'm seeing an issue at a few sites where I have Sophos XG firewalls
>deployed where the XG gets hammered on it's WAN interface by Akamai
>hosts with TCP re-transmissions. Anyone at Akamai who may have some
>background on this issue please reach out to me. The hosts currently
>in question are 188.8.131.52 and 184.108.40.206, but I suspect
>that is only due to these being closest to me, colocated at my ISP
Chances are your firewall cannot keep enough state in memory and
starts complaining about packets because it's missing sessions.
More information about the NANOG