Suggestions for troubleshooting IPS/IDS Reflector issues?

I recently replaced my router, and now I'm frequently getting these dreaded messages in my logs. Reflector previously was working flawlessly.

Code: Select all

Jan 2, 2024 at 12:18:44 PM
   Error                           reflector connection test failed: unable to connect to server
   Warning                         reflector reconnection scheduled in 5 seconds
   Reflector                       restarting reflector connection to https://mlpyrenees.indigodomo.net


The old router was a Unifi USG, and the new router is a Unifi UXG. The UXG inherited the config from the USG, so they *should* be configured the same. The main difference between them is processing power. The new router is capable of almost gigabit throughput with IPS/IDS features turned on. The old router couldn't even pass 200MB with it turned on. So obviously now I have it turned on, and I'm pretty sure that's causing my issue. (If I turn it off, Reflector appears to work fine.)

Unfortunately there's nothing in the router's logs that tell me what it's blocking. So I'm not sure what I'm looking for. Any suggestions?

Also, is there any way to manually trigger the Reflector check and restart that runs every 10 minutes? Restarting Indigo for every test seems like overkill.

Thanks in advance,
Mike

PS - Other things I've checked so far:

- I have no other errors showing up in the Indigo log, even at startup.
- My host file matches the example in another thread in this forum.
- I'm not running both WiFi and Ethernet -- just Ethernet.
- Both the localhost and 127.0.0.1 prismstatus URLs return "connected".
- A continuous ping to indigodomo.net shows no dropouts.
- Rebooting the Mac doesn't seem to help .
- Indigo 2023.1, 2020 M1 Mac Mini, Mac OS Ventura 13.6.1

Actually I spoke too soon. I just got the same errors again in the log, and my reflector connection is down even though Suspicious Activity detection is turned off. Grrrr.

Anyway, same question -- what am I looking for?

[matt (support)]

So now even with IPS/IDS both completely turned OFF it still fails? You must restart the Indigo Server to force the reflector tunnel to be recreated.

I don't know anything about Unifi's IPS/IDS functionality. I can tell you that the reflector tunnel to our hosted server is created using ssh. It is then used to reflect HTTP requests from our server (on your indigodomo.net reflector address) back to the Indigo Web Server over the created ssh tunnel.

Thanks. Yep, it's off. That doesn't mean that the router isn't at fault somehow. It was super stable with the old router, and the new router is the only change I'm aware of.

Screenshot 2024-01-03 102540.png (49.13 KiB) Viewed 532 times

I think it's interesting that it usually works when the server is first started, and then it intermittently drops (and the 10 minute restart loop fixes it some of the time but not always). I'm not sure what that's a symptom of.

I suppose I could turn IPS/IDS ON and add your server to the allow list.

Screenshot 2024-01-03 103103.png (56.28 KiB) Viewed 532 times

Or maybe add an explicit firewall rule for traffic between your server and mine.

Screenshot 2024-01-03 103156.png (84.89 KiB) Viewed 532 times

But the intermittent nature of it has me a little bit skeptical. I'll keep playing with it.

Thanks again for the technical details.

.