Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 9690 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 17.1.2 MR-2 . Really?

BobbyDigital

ALL,

 

i have upgraded the firmware from SFOS 17.0.8 MR-8 to SFOS 17.1.2 MR-2

 

i'm noticing alot of dropped packets that did not occur in the previous release. I'm probably going to roll back my upgrade.

 

Has something changed in the way the firewall is processing packets and/or rules?

 

I haven't changed anything other than upgrading as recommended.

 

The packets being dropped are occurring on allowed rules.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    there is something wrong with your configuration, maybe? Why are the packets being dropped? Are any applications failing to connect or keep connected?

     

    please post a screenshot of your rule that https enabled?

    Ian

  • 0 in reply to rfcat_vk

    Do we talk about the invalid packet drops? Those are harmless.

    community.sophos.com/.../131754

  • 0 in reply to LuCar Toni

    sorry folks.

    Let me clearly explain. 

    I have not made any modifications to my policy after the upgrade. Everything theoretically should work as it was working in the previous release. 

    What I am experiencing now almost all the time on either large downloads, streams, etc. I'm seeing alot of RST packets and the connection either times out or the streams (youtube) disconnects and has to reconnect.

    This experience was not happening in the previous release. so to check my sanity I rolled back the upgrade and magically the connection was stable.

    Keep in mind this only occurs with either large downloads and/or when streaming. 

    So this isn't a deal breaker except for last night when I was watching a conference and the connection kept timing out.

    CPU is under 4%. 

    Memory is at 18-20% give or take.

    So I do not think this is a hardware issue as rolling back immediately fixed the problem.

    If someone has a link that shows all the changes in the new release that would be very helpful. Im guessing something has changed in how the firewall is now processing packets and/or handling large request. I sure hope Sophos has not implemented a technology like SecureXL which CheckPoint uses. 

    Thanks for all responses.

  • 0 in reply to BobbyDigital

    Hey  

    The recent release notes can be found here in our blog. Have you already raised a support case for this issue? If so, please PM me with your ID for follow up.

    Thanks,

  • 0 in reply to FloSupport

    I have not raised a case. 

     

    I just rolled back the upgrade which of course resolved the problem.

     

    I will just wait for the next release in hopes its more stable for my environment.

     

    Again, I haven't changed anything from a policy perspective.

     

    Thanks for all responses and assistance.

  • 0 in reply to BobbyDigital

    Currently i could not guess why this happen without a live system to check. There are no real changes in the firewall handling or proxy handling which causes such an issue. And as far as i can see, i cannot reproduce this kind of issues with my appliances. 

  • 0 in reply to BobbyDigital

    I can second the response already - I have the latest firmware and 200+ live users hanging off it.

     

    They can stream YouTube or Skype Conferencing etc without interruption. I don't think its a Firmware issue.

     

    Maybe IPS?

  • 0 in reply to M8ey

    im going to create a bypass rule and see if that helps. the only reason why i'm skeptical is because rolling back immediately fixed the issue. I will upgrade again, create a bypass rule for IDS and report my findings and results.

     

    Again, thanks for all responses.

  • 0 in reply to BobbyDigital

    Did you have any luck with this?

  • 0 in reply to CMR

    Bypass rule helped. But the issue remains. I haven't tried disabling IPS. 

     

    Only reason why i'm so skeptical to disable IPS and others is because rolling back to the previous firmware results in the issue going away. 

     

    I will disable the IPS for testing purposes and report back.

     

    Again, thanks for all responses

Reply
  • 0 in reply to CMR

    Bypass rule helped. But the issue remains. I haven't tried disabling IPS. 

     

    Only reason why i'm so skeptical to disable IPS and others is because rolling back to the previous firmware results in the issue going away. 

     

    I will disable the IPS for testing purposes and report back.

     

    Again, thanks for all responses

Children
  • 0 in reply to BobbyDigital

    hello,

     

    I took packet captures but I am unable to upload them here. is their a size limit on the upload? if so what is the limit. I can truncate the captures down.

     

    Thanks for All Replies

  • 0 in reply to BobbyDigital

    Hello,

     

    I believe I found the issue. upon reviewing the packet captures I am seeing "TCP OUT OF ORDER" packets which appear to be resulting in TCP Re-transmission. i time stamped the packet captures with the time the issue occurred and the only thing that stood out was this.

    Again, this only occurs when connected to the Sophos firewall. I'm just curious as to why without any changes to my firewall this started happening after the software update.

    If needed I can upload the packet captures.

    Again, thanks for all responses.

  • 0 in reply to BobbyDigital

    Hi  

    I'm currently investigating this issue with our support team. Would it be possible to please raise a support case including this packet capture you gathered, and sending me a PM with your case ID for follow up?

    Thanks,