XG 550 Web interface VERY SLOW

Hi Josh,

check the running processes in the CLI. Not every process is multithreaded so the CPU Load is not necessary a good indicator what is happening. 
For example we had a testing environment that was bombarding the IDS/IPS with broadcast packets with random destination addresses.
After disabling the IDS service or stopping the IDS process everything went back to normal. Just an example what could go wrong.

Regards,
Bernd

Thank you this slipped my mind.  I logged into the shell and ran "top" just to see.  postgres seems to be the biggest offender, taking up 96 or 97% at pretty much all times, followed by "garner" which takes up 35 to 46% almost all the time.  Everything else cycles up and down as I would expect.  Anyone else have this issue with postgres taking up so much? 

Is there any warning or errors inside /log/postgres.log ?

Strangely no, mostly just just a bunch of log entries for "GMTLOG:  unexpected EOF on client connection with an open transaction".  If you go back a few weeks you can find a few instances of "database system was interrupted" and other things, but nothing jumps right out besides a bunch of those "unexpected EOF" errors.

Is there any core dumps at /var/cores ? Either way you should open a support case, there's no apparent reason on why postgres should be pinning a single core of the appliance.

Was not aware of that folder.  Checked and there are some core dump files.  The one for postgre is strange since it claims to not be owned by anyone and I can't look at it.  I will open a support case for this and ask for it to be escalated to see what we have wrong with our firewall. 

You can flush the database of your xg (loosing all Reports in Webadmin) but it should fix your issue. 

If you work with Central Reporting, the data is there anyway. 

Any chance you can point me towards that command?  I would like to run it today at the end of the day.  I will let my team know about the reports and that they are still likely in Sophos Central.  Thank you!

Its not a command, Instead its a promt on the shell: https://support.sophos.com/support/s/article/KB-000035779?language=en_US

Sophos Firmware Version SFOS 18.0.4 MR-4

Device Management

1. Reset to Factory Defaults
2. Show Firmware(s)
3. Advanced Shell
4. Flush Device Reports
0. Exit

Select Menu Number [0-4]:

Do you use Sophos Central Firewall Reporting as a Product? Because if you dont, you will loose your reports. 

We had it configured for a time period, but I am unsure if it is configured right now.  Shouldn't be a problem.  Does doing "Flush Device Reports" require a reboot of the firewall?  It is OK if it does, but I just need to know ahead of time.

As far as i know, it does. But in HA it will not reboot both appliances. Didnt perform this in a while, not sure right now. 

As far as i know, it does. But in HA it will not reboot both appliances. Didnt perform this in a while, not sure right now.