We have four v2820 units at a customers sites that I installed, and at random intervals they simply reboot for no apparent external reason, and three of them have gone unresponsive and required a power cycle. UPSs are in use also.
Firmwares used was the original 3.3.0 that they shipped with and now 3.3.1.2 that was recently released because of the need to pipe syslog messages down the VPN tunnels.
They are each used in conjunction with Cisco 878 acting as a SDSL modem/router on WAN2 port and it provides enough Syslog output to inform me that the Cisco on the same power source as the v2820 is not experiencing any power interuptions and is reporting when the reboots occour as the Ethernet port goes down then up again.
The devices are all using load sharing according to speed whcih is set explicitly, we have a pair of IPsec VPN tunnels setup between three of the instalations and a central office housing the servers etc.
Each pair of VPN is configured with the primary L2L profile set as always on so it dials aggresively to the head office SDSL first by its WAN2 then fall back to its WAN1. The secondary L2L profile is set with timeout set to 9999 so it is almost always on which sets that tunnel to NOT dial aggressivley and it dials the head office ADSL WAN1, first via its WAN2 or fall back to its WAN1 if WAN2 is down only if the aggressive dialing profile has failed to connect. If head office WAN2 gets restored the aggressive primary L2L profile connects and causes the backup L2L profile to drop and back off.
Load balancing policy directs ISP specific DNS requests down the respective WAN's at each site with a default policy to send everything not otherwise specified down WAN1 with the option to use the other WAN if WAN1 goes down for any reason, and the head office has a few firewall filters in place to control outbound SMTP traffic from workstations and control access to open ports. Not all sites have complicated firewall filtering in place but all sites have experience either or both the spurious reboots or lockups requiring an on-site power cycle to restore comms.
It could be days between these events but it can happen at any time, ie if a clerk is in mid print the printer has timed out before the devices are passing data again so time, paper and toner is wasted.
I have noticed some significant behaviour differences between 3.3.0 and 3.3.1.2 with the firewall filters and DOS protection that has caused me to have to re-design the firewall rules for the new firmware, ie that it by default applies all firewall filter rules including DOS protection to the VPN tunnel contents with no option to disable that behaviour. Because the firewall is applied to the VPN tunnels it incorrectly applies application and IM filtering through the VPN tunnels and blocks legit ethernet printing data streams that the application filter confuses with something else... couldn't narrow it down to which filter was the cause of the problem as the sites are remote and always in use during business hours so cannot be taken offiline to diagnose faulty firmware filtering. I had to disable the application and IM filtering.
I aslo noticed that 3.3.1.2 does not perform DNS cacheing while 3.3.0 did forcing the use of 3rd party DNS servers instead of ISP dedicated DNS server when using a multi-ISP dual WAN solution.
Regardless of the new undocumented features in 3.3.1.2 they still do the random reboots or lockups with no Syslog indication that they were under any particular attack from either WAN or LAN.
Any advice or insights or shared experiences would be apprietiated.
