Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 33 subscribers
  • Views 17706 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos crashing

Daan

 Hi all,

 

In my datacenter I have two XG105 identical firewalls. They have the same config, the same firmware and the same licenses. 

However one of those two has already crashed 2 times.

When it crashes, I can't access it anymore and it stops even responding to ping.

 

When I hard reboot it, it comes online again, and works .. at least for a while.

I looked in the logfiles but I could not find any indication.

 

How can I determine what the reason for this crash is, or is this just a faulty device that should be replaced?

 

Thanks

Daan



This thread was automatically locked due to age.
Parents
  • 0

    Sadly I had an XG230 do the same thing.

     

    Crash - no logs, no ping etc. Support couldn't work out why so replaced it thinking bad disc sector.

     

    Check your logs as well - to see if you have enough space and its not crashing due to disc space?

     

    The replacement has crashed only once - same thing. No Ping, No SSH etc but lights on - just no body home.

     

    Contact Support and see if they can see anything.

  • 0 in reply to M8ey

    I opened a support case, let's see what happens, but I think they just need to replace this box. 

  • 0 in reply to Daan

    I too have had the same issue(s), unfortunately this is my second device having the issue. basically the entire firewall locks up until you reboot. No logs no nothing, support said it was a bad hard drive and sent me a new one, which worked fine..now I have the same issue... sigh, I have an open support case as well. We did not pay almost 7 grand for this firewall to not work and its barely scratching the surface in terms of network traffic we see on even peek times. I made a post today too if you want to read it, I go into detail on the issues I had. 

  • 0 in reply to ccanv

    It is frustrating though as Support also state I am the only one with the issue.

    Hmmm - I call bullshit.

  • 0 in reply to M8ey

    Hi M8ey,

    You are not the only one, today i had an appliance with same behavior, high CPU, high memory and no connectivity (HTTPS, SSH), we need to restart the appliance and works fine.

    Also the graph show like we does a reboot, if see the graph is CPU=0, Memory=0, but we restart the appliance until 8:15am.

    In the logs we have 45 mins lost.

    We dont know what happend.

     

Reply
  • 0 in reply to M8ey

    Hi M8ey,

    You are not the only one, today i had an appliance with same behavior, high CPU, high memory and no connectivity (HTTPS, SSH), we need to restart the appliance and works fine.

    Also the graph show like we does a reboot, if see the graph is CPU=0, Memory=0, but we restart the appliance until 8:15am.

    In the logs we have 45 mins lost.

    We dont know what happend.

     

Children
  • 0 in reply to angel.garcia

    Hi, you might have an actual problem ..with your high CPU and memory. My problem occurs on my unit for absolutely no caused reason. CPU at max is 4% and memory at max is around 11-25% peek times. I will attach a link to a post I made recently so you can read what has/had happened to me, its quite lengthy.

     

    https://community.sophos.com/products/xg-firewall/f/network-and-routing/108280/xg-330-rev-2-freezing-locking-up

     

    Cheers.

  • 0 in reply to ccanv

    My support case is running since last Friday, it was picked up, I gave them access to the device, but unfortunately nothing ever since.

    Even though I put the priority on high as this is a device that is live in a datacenter, nothing much seems to move.

     

    Is this the level of support you can typically expect from Sophos?

  • 0 in reply to Daan

    Hi,

    While I can't speak for everyone I have had good support for the issues I was having. I usually just call their toll free support number then get connected to the correct line for your device coverage. I let them know what is going on and I make it stern for them to check logs. They always immediately initiate the remote session after they get your name and serial information. I have gone through their website with the submission page and I have gotten a call back but usually I am out of the office when they call. Thats okay though, since you submitted online that generates a case number so when you call just give them that. My first RMA was taken care of the same day and a new device was overnighted to me at their expense. Just be stern & calm but respectful and they will take care of you. And yes always mention how important it is to get your appliance back up and running.

  • 0 in reply to Daan

    Hi,

    While I can't speak for everyone I have had good support for the issues I was having. I usually just call their toll free support number then get connected to the correct line for your device coverage. I let them know what is going on and I make it stern for them to check logs. They always immediately initiate the remote session after they get your name and serial information. I have gone through their website with the submission page and I have gotten a call back but usually I am out of the office when they call. Thats okay though, since you submitted online that generates a case number so when you call just give them that. My first RMA was taken care of the same day and a new device was overnighted to me at their expense. Just be stern & calm but respectful and they will take care of you. And yes always mention how important it is to get your appliance back up and running.

  • 0 in reply to ccanv

    Thank you for your experience, and no worries, we have been raised to always be respectful :)

     

    I guess i will have to give them a call to speed things up, because unfortunately I still don't have any kind of reaction ...

  • 0 in reply to Daan

    I just gave them a call and they investigated the device completely going through all logfile.

    Unfortunately they were not able to find anything at all.

     

    This raises the suspicion it might be something with the internal hard drive, as apparently the device is unable to write any logfiles at the moment of the crash.

    I have been requested to now run the harddrive diagnostics by taking the device offline and perform it in the SFloader.

     

  • 0 in reply to Daan

    Hi Dean ,

    For such instances ,you would need to connect the console cable to a machine using Putty and connect via Serial. 

    Refer https://community.sophos.com/kb/en-us/130693

    Make sure the printable output is saved to a text file . When the device is crashed or non-operational there should be some data on the text file that would help us identify the issue.Also let us know the firmware version as well.

    If you encounter the issue with the old version then could you upgrade to the latest and monitor the issue

  • 0 in reply to Aditya Patel

    Which is all fun and games if you have the device on your desk instead of in a remote data center :)

    Looks like we have to plan another visit to go there.

  • 0 in reply to Daan

    Hi,

     

    If you have a VPN setup for that Appliance you can just SSH into it directly from a Mac terminal or putty then have a Sophos tech initiate a remote session from that PC so they can view the logs themselves. 

  • 0 in reply to ccanv

    Most likely such issue are real "pain" to troubleshoot. 

    If the appliance crashes with a power failure, mostlikely there is no log or something like that because all daemons cannot report anything, if there is no power anymore. So basically all logs have a gap.