One of our locations uses a Balance 210 running 7.01. We have two separate WAN sources. This morning none of the client devices could access the internet. No matter what web site they tried to access, the user received a page with an error notification. This affected windows devices, and also smartphones both Apple and Android.
I remotely logged into the router. I did ping tests from within the Balance, to various web sites using each of the WAN sources. No matter what web site I sent a ping, through either WAN, I got the same error message.
At that point we rebooted the router. Everything came back to normal except for one Windows 10 PC. We had to reboot that device three times but it ultimately began to work normally.
A few hours later the problem returned. I had a suspicion a virus was involved but did not know how that could affect the router. Another reboot of the router brought the network back online. At that time the same single PC still would not work. We ran virus scans on that PC and found 160 offending files. We are in the process of wiping that device clean.
The network has been fine for 9 hours since then. I can’t figure out how a virus on a windows PC could affect the Balance, or even if thats actually what happened. In both cases when the problem happened, the Balance itself could not get a good ping on any web site, all ping tests came back showing the same site address, and that address does not even exist.
Note that during the entire event, the network still passed traffic that did not involve a web site. For example during the entire event our PepVPN continued to function, and we could access servers on both sides of the VPN. The problem appeared to me to be some kind of DNS redirection, not an actual block of communication. How could the DNS be redirected in such a way that rebooting the router correct the problem?