XG in VMware : Request Timed Out for ping after long pause..

Hi huud 

Are you using Sophos XG Home edition?

There are no specific settings in the XG for VMware but you can check for admin inactivity - https://community.sophos.com/kb/en-us/123195

Hi Keyur 

Yes I'm using the Home Edition, and I'm starting to think if this is due to snapshot restore (checking that now as I just restored a snapshot of the firewall and the devices don't ping at all).

Can you log in via Shell (Console) in Vmware and go to the advanced shell.

Check the ifconfig MAC Addresses of the Ports to the Vmware Switch Settings. Are all ports correctly matched or did Vmware / XG mixed up the Ports? 

Im trying to gain access to the device but for some reason cannot access it.

LuCar Toni said:

Can you log in via Shell (Console) in Vmware and go to the advanced shell.

Check the ifconfig MAC Addresses of the Ports to the Vmware Switch Settings. Are all ports correctly matched or did Vmware / XG mixed up the Ports? 

I can confirm the ports arrangement in VMware correspond appropriately to the MAC address in the XG ports.

The issue came to be pausing VMs in VMware Workstation, and when Sophos XG VM resumed after a few hours is unable to attain connectivity, but the bigger problem is that even after restarting the firewall the connectivity does not occur sometimes.

Pausing a VM is always hard to deal for a virtual machine. 

In V18, Sophos updated the Vmware Tools, maybe this will resolve this issue. As i do not recommend to suspend the VMware anyways.

BTW: Maybe check the time settings of XG. Suspending the VMware could create issues with the certificates and the dates. 

I'll test the v18 and see.

As for date and time they are from an NTP server.

As we do not take about vmware workstation, instead ESXi, i would suggest to take a look at the Vmware Database. Maybe there is an issue about this problem. 

I know in fact, that in the latest vmware workstation, there is a problem about the VMware NAT adapter, which simply drops all traffic until you restart the host service. Maybe there is a similar issue with your setup. 

If you could recreate this issue and perform a tcpdump on XG, you could see, if the packets actually arrives at your Interface or not. 

Thanks for pointing those 2 out.

I'll go through vmware database and Sophos dump as well.

Appreciate your help, thanks a lot.

Hi huud,

what does the screenshot of the logs mean in relation to the initial ping problem?

Normal TCP Connections should time out after a while. If the firewall is suspended for a while the connections will time out ...

This does not explain the ping issue, though.

Possibly it helps to clear the arp table of the client and/or the switch.

I'd always make an explicit deny rule at the end of the firewall rules. This schould contain all zones (and not the zone any). It is not the same as having no deny rule at all .... 

Hi huud 

The Sophos XG whether its Home edition or paid for version, does not support pausing of the VM or snapshot.

This is true for all versions of the XG for now.  There are plans to change this in future versions of the SFOS OS.

Your best option going forward now, is a rebuild and restore from backup if you have.  Please ensure you disable snapshots and any other backup technologies running on the VM for this guest.  You must use the XG's builtin backup option.

Thanks!

Hi huud 

The Sophos XG whether its Home edition or paid for version, does not support pausing of the VM or snapshot.

This is true for all versions of the XG for now.  There are plans to change this in future versions of the SFOS OS.

Your best option going forward now, is a rebuild and restore from backup if you have.  Please ensure you disable snapshots and any other backup technologies running on the VM for this guest.  You must use the XG's builtin backup option.

Thanks!