Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 25 replies
  • Subscribers 37 subscribers
  • Views 16904 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG210 rev3 sudden restart

Adam Zollenkopf2

Hi all,

I've got a really strange problem which I can't make sense of. My XG210 rev3 is randomly restarting. This device is heavily overspec'd for it's application (15 computers, single internet service) and doesn't appear to have any hardware issues.

This device sometimes goes several days without issue, sometimes only a few minutes. There is nothing in the log to indicate a problem, it simply looks like a power drop.

What I have discovered today though is, the restart happens every time my work laptop comes online (Dell Latitude E7470). There are no doubt other devices on my network which are triggering the restart aswell, as it happens when my work laptop is off, but only every few days.

I have been able to make the XG210 restart 5 times this morning without 30 minutes, simply by restarting my work laptop 5 times.

I'm running SFOS v17.5 MR6, but it was also happening with MR5. I haven't used it with any firmware versions older than SFOS v17.5 MR5.

Any ideas?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to FormerMember

    Hi,

    I have XG 310 FW 17.5.8, this is the 2nd time the XG 310 reboot without any notice. This reboot is 2 months later.

    system firewall-acceleration disable

    I will try the command above. May anyone please clarify for me that there is any impact after disabling it? What exactly firewall acceleration do?

Children
  • 0 in reply to Hung Ho

    Hello All,

    I too was having an issue with our 430 restarting or locking up randomly. After five months of troubleshooting with Sophos we may have found a fix. What we found was that the web proxy, which controls web and app filtering, was not closing connections and causing the box to use all available memory until the unit would start paging so hard that it would lockup and eventually crash. For example right before a crash we would see hundreds of thousands of connections. Bulk going to one specific IP that was allowed by a web filter rule, but denied by applications rule. The applications deny wasn't dropping the connection. 

    Long story short, I ended up going all the way to the developer who were able to finally reproduce the issue on their side and applied a fix last Friday. So far, connections are low and memory is not utilizing a quarter of the available memory.

    We will continue to observe to verify that this does in fact completely resolve the issue. They said this patch will be part of the v18 MR-3 rollout. I'll give more details about how to have this applied to v17. In the meantime, if you are having this issue, check your memory usage and run the below commands. If you see that your connections are high and memory grows, then you know that you have the same issue as me. The workaround is to restart the Web Proxy service if you are running low on memory. It will drop any stuck connections and release memory.

    netstat -pant | grep "ESTABLISHED" | wc -l


netstat -pant | grep "CLOSE_WAIT" | wc -l