Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 2554 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 18 MR3 crashing

Jason Vorbeck

I have an XG that I upgraded from 17.5.14-1 to 18.0.3 and twice now during the business day it crashes. This is the first time in my few years working with the XG that it crashed and restarts. Has anyone else experienced this? I have a case open and the engineer had me make the changes below. I made the changes on Tuesday and it just crashed again on me today on Thursday.

1. From GUI of XG, Please go to Protect-> web->general Settings->  Do not scan files larger than-> Set as 1 mb
Scanning mode: Change to Real-time
 
Please go to system services-> Log settings-> Disable logging for Invalid Traffic. 
Also disable logging for the feature which you are not using. 
 
2.
Get the device console access:
Main Menu-> Option 4
 
console>system auto-reboot-on-hang show
Auto reboot system when kernel gets into a hang state is disabled
 
If you see it is disabled then please enable it. 
 
console>system auto-reboot-on-hang enable
 
3.
console>system firewall-acceleration show
Firewall Acceleration is Enabled.
 
If you see it is enabled then disable it. 
 
console>system Firewall-acceleration disable 

Its an SFV6C8, 6 core with 8GB RAM running on Hyper-V. There have always been bugs in the XG but its always been stable.



This thread was automatically locked due to age.
  • 0

    Do you see a abnormal usage in the Report section for your hardware. Something like a Mem leak? 

  • 0

    Hello Jason,

    Thank you for contacting the Sophos Community!

    Could you please provide me the Case ID.

    Also if you haven't please update the following logs to the Case. 

    csc.log, applog.log, syslog.log, msync.log and networkd.log

    Also since it is running in Hyper-V please check for any log for the VM when the issue happened.

    Regards,

  • 0 in reply to emmosophos

    Hi Emmanuel, the case number is 03327527. I have not uploaded the logs. Can you tell me how to obtain log files from the XG? I only know how to tail them or query them. Not sure how to obtain them for attaching to a case.

    Yes the Hypervisor recorded the crash...as follows:

    'XG' has encountered a fatal error.  The guest operating system reported that it failed with the following error codes: ErrorCode0: 0x7F034F277A95, ErrorCode1: 0x0, ErrorCode2: 0x0, ErrorCode3: 0x7F034F277A95, ErrorCode4: 0x0.  If the problem persists, contact Product Support for the guest operating system.  (Virtual machine ID 21F4352A-3A19-4F19-A60E-54DFD2AA5EBA)

    'XG' was reset by the guest operating system. (Virtual machine ID 21F4352A-3A19-4F19-A60E-54DFD2AA5EBA)

  • 0 in reply to LuCar Toni

    Hi LuCar, not really. I mean when it first happened I had a bunch of "SWAP memory Usage reached 99% exceeding the threshold of 95%" in the SYSTEM log for a few hours leading up to the reset however, after making the listed changes from the engineer there were no more of those leading up to this next crash. As far as I could tell everything was working normally. The system log only shows normal signature updates periodically and then the next entries are the interfaces coming back online.

  • 0 in reply to Jason Vorbeck

    Hello Jason,

    Thank you for the follow-up!

    Please follow this KB to export the logs.

    I have asked the engineer to send you the FTP credentials so you can upload them directly from the XG.

    Regards,

  • 0 in reply to emmosophos

    Hey thanks Emmanuel, that was pretty straightforward. I was able to create my own FTP creds on the new portal interface. SO I uploaded all 5 requested log files to the case. Thank you. Please let me know if you need anything else.

  • 0

    It crashed again this afternoon for the 3rd time.

  • 0 in reply to Jason Vorbeck

    Hello Jason,

    Thank you for the follow-up!

    I forgot to add, since the issue happened again, can you run the following command:

    csc custom debug

    IF the issue occurs again AFTER Nov 13, please update the same files after this new crash.

    Also I forgot to ask do you have anything under /var/cores

    You should be hearing back from the engineer on Monday!

    Regards,

  • 0 in reply to emmosophos

    Hi Emmanuel, I gave the support engineer access to the XG via Support Access and provided the access ID yesterday (Monday Nov 16th @ 11:30AM EST. He stated he was going to setup the custom debug. Today, Nov 17th, the firewall crashed again at about 12:04 PM EST. Can you see the logs now? This makes crash number 4.

  • 0

    Every day the firewall crashes at 12:00. Every day my company operations are completely halted for 6 minutes while the firewall restarts and I cannot get a response from technical support for days at a time. Is this normal support from Sophos? I am not asking about an error in a report I am running or some other trivial issue. The system is crashing and knocking my business offline. I am a full paying customer with current maintenance and support. I have paid over $35,000.00 for this solution and thats not enough to warrant a response from technical support on at least a 1 day turn around? What is happening?