XG Firewall - Unresponsive until Power Cycle - XG115w (SFOS 18.0.4 MR-4)

Hello Matt,

Thank you for contacting the Sophos Community!

If you have a case open with Support could you please share the Case ID with me, so I can follow-up, if you haven't please open one and share the Case ID with me.
Can you please submit the following files:
csc.log, applog.log, syslog.log, msync.log and networkd.log
If possible, memory and CPU graph and all this detail with exact date and time when issue observed.
If you have any log under /var/cores, please submit the output of the command.
Also the output of this command:  grep 'NMI\|backtrace' /log/syslog.log
Additionally please run the following command, to disable Firewall-Acceleration and monitor if the issue happens again.
console> system firewall-acceleration disable
To see if the Firewall Acceleration is enabled, please run
console> system firewall-acceleration show

Also since the issue is recurrent, I would recommend you to set Console logging:

Note: Be sure that the computer in question does not go into Standby or Hibernate while logging.

Using PuTTY, go to 'Session' - 'Logging.'
Here, select "All session output', and set the file name to a folder and name for later retrieval.
Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.
Start the session, and log in to ensure it is all proper.
Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.
Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

Regards,

Hello Matt,

Thank you for contacting the Sophos Community!

If you have a case open with Support could you please share the Case ID with me, so I can follow-up, if you haven't please open one and share the Case ID with me.
Can you please submit the following files:
csc.log, applog.log, syslog.log, msync.log and networkd.log
If possible, memory and CPU graph and all this detail with exact date and time when issue observed.
If you have any log under /var/cores, please submit the output of the command.
Also the output of this command:  grep 'NMI\|backtrace' /log/syslog.log
Additionally please run the following command, to disable Firewall-Acceleration and monitor if the issue happens again.
console> system firewall-acceleration disable
To see if the Firewall Acceleration is enabled, please run
console> system firewall-acceleration show

Also since the issue is recurrent, I would recommend you to set Console logging:

Note: Be sure that the computer in question does not go into Standby or Hibernate while logging.

Using PuTTY, go to 'Session' - 'Logging.'
Here, select "All session output', and set the file name to a folder and name for later retrieval.
Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.
Start the session, and log in to ensure it is all proper.
Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.
Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

Regards,

Thank you for the prompt response Emmanuel - case number os 03576458

Hello Matt,

Thank you for the Case ID, I have added a note.

If possible try to upload the information I mentioned.

Regards,

Here is the CPU and Memory.  THey have both flatlined during the period the events stopped logging until I rebooted the device

Backtrace_syslog.rtf

Here is the backtrace which correlates pretty well to when I had to power cycle the firewall on those days

Hello Matt,

Thank you for the additional info.

I have left an additional note in your case requesting the engineer to escalate the case, as with this information case needs to be escalated.

Regards,

csc_fail_21_49.log

Just happened again during mid-streaming on Netflix.  have run this command to capture the attached log.

tail -1000 /log/csc.log > /log/csc_fail_21_49.log

Thanks for requesting the case to be escalated.  Still awaiting a response on the Support case.  The outages are starting to become a problem for my users, particularly during Teams calls (and Netflix :-) )

Hello Matt,

Thank you for the follow-up.

I reached out to the Manager of the engineer and requested to get the engineer to get the case escalated and/or get in touch today.

Regards,

Thanks Emmanuel :-)

Device to be RMA due to know issue identified through log review