XG Firewall 135 v18.0.3 MR-3 halting completly - no traffic passing - no connection via ssh or https

Hi Robo, we have the same issue since v18 update - happened 2 or 3 times since upgrading our Active/Active 430's.  Sophos advised initially it was a flood on HA interface port 3 but we negated that as per instruction and it's just happened again around 12:30uk time..  The cluster appears to drop completely and reboot - it then hangs on 'starting firewall' on the web interface (no ssh available) and need a reboot to clear. Will be speaking to support and let you know what we find.

Thanks for the reply. We are gonna update the firmaware to the current firmware version. If we encounter the same problem again we'll also contact the support directly. I'll also update my current status of the problem in this post.

Hi Robo, I'm hopefully going to get feedback later today as spent a couple of hours with sophos engineer looking at the devices yesterday.. You mentioned the ports were active - could you connect to the web interface at all, did you see the same as ours, with the 'starting firewall' screen? 

Hello Roboo,

Thank you for contacting the Sophos Community!

Please open a case with support and provide me with the Case ID.

Please provide the following logs and the time you noticed the issue started 

 csc.log, applog.log, syslog.log, msync.log and networkd.log

 If possible, memory and CPU graph and all this detail with exact date and time when issue observed.

Additionally to this Using PuTTY, go to 'Session' - 'Logging.'
Here, select "All session output', and set the file name to a folder and name for later retrieval.
Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.
Start the session, and log in to ensure it is all proper.
Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.
Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

Regards,

Hello emmosophos,

thanks for reaching out to me. The firewall is now running for a few days without a issue. If the error reoccurs, I'll follow your advice collect the logs and capture the putty output of the next reboot. 
Thanks for your help!

Hello Roboo,

Thank you for the follow-up!

I hope the issue doesn't happen again, if it does please update me.

Regards,

Hello Michael, sorry for the late reply. I couldn't see the starting web interface. It just could not connect and timed out. 

Thanks Robo, Sopohs are still looking at our system at this time..  In our case it's only happened twice in the couple of months or so since the XG was updated to v18.  Best of luck with your system. 

also had some HA failovers out of the blue and "High available" means here that we had outage of 15 min on XG106.

Also had 2 complete HA failures on XG430 where support said they could not find the issue because HA debug logging was'nt enabled. So you better open a case and ask for debug settings before it happens again.

Just like me: case 03256533 opened on 21.10, last reply from Sophos: 23.10 - case still open.

Hello LHerzog,

I have flagged your case with Management, let me know if you don't hear by Wednesday.

Regards,