Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 20 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 2531 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 135 - Internet stops working for 10-15 mins

MiroslavCacija

Hi all,

we have a strange problem with daily internet outages that lasts for about 10-15 mins. There is no internet in the office at all during the outage, and no one can connect from the outside. I can see clearly on the graph that internet stopped working. I've tried disabling STAS completely, but it happened again. No logs, no e-mail notifications, and no internet Slight smile

This is driving me and users CRAZY.

What is happening with this device ? We have HA config.

No answer from support, and no new firmware from December 2020., really ?

Any ideas what can I try to disable ?

I can disable all security features, but than why we are paying for it ?



This thread was automatically locked due to age.
  • 0

    In such cases, does the firewall still hold users in live users? 

    Do you have NTLM/Kerberos enabled? Are there logoff events in the logviewer for this time? 

  • 0 in reply to LuCar Toni

    As I've said I've DISABLED STAS completely ... and the last picture is from today. So NO user traffic whatsoever, ad still we have the same problem.

    What else can I try ?

  • 0 in reply to MiroslavCacija

    Check the logs in /log/ directory on CLI, if you see any kind of logs in this timeframe or if the appliance basically freezes. If no log indicates any traffic, it could be a hardware "hung" in this timeframe which means a hardware related issue. 

  • 0

    What network cards are you running? I had the same issue until I changed to intel cards.

  • 0 in reply to JasonOxley

    This is XG135 hardware box with buit in NIC's.

  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    Sorry to hear you’re having issues with the device. May know the Case ID you logged with support.

    What Firmware Version are you running v17 or v18?

    When this issue happens can you still access the GUI of the XG?

    Can you please submit the following files:
    csc.log, applog.log, syslog.log, msync.log and networkd.log

    If possible, memory and CPU graph and all this detail with exact date and time when issue observed.

    If you have any log under /var/cores, please submit the output of the command.
    Also the output of this command:  grep 'NMI\|backtrace' /log/syslog.log
    Additionally please run the following command, to disable Firewall-Acceleration and monitor if the issue happens again.
    console> system firewall-acceleration disable
    To see if the Firewall Acceleration is enabled, please run
    console> system firewall-acceleration show

    Also if the issue is recurrent, please provide Console Logging:

    Note: Be sure that the computer in question does not go into Standby or Hibernate while logging.

    Using PuTTY, go to 'Session' - 'Logging.'
    Here, select "All session output', and set the file name to a folder and name for later retrieval.
    Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.
    Start the session, and log in to ensure it is all proper.
    Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.
    Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

    Regards,

  • 0 in reply to emmosophos

    Hi,

    I've disabled Firewall-Acceleration now, and will see tomorrow if it helps. On this firewall we are using SSL inspection.

  • 0 in reply to MiroslavCacija

    Disabling Firewall-Acceleration didn't help ... still, every day, around the same time internet breaks for about 15 mins.

  • 0 in reply to emmosophos

    XG135_XN03_SFOS 18.0.4 MR-4# grep 'NMI\|backtrace' /log/syslog.log
    Mar 15 22:47:56 (none) user.info kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id                                                                                                                                                                          [0x01] high edge lint[0x1])
    Mar 15 22:47:56 (none) user.info kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id                                                                                                                                                                          [0x02] high edge lint[0x1])
    Mar 15 22:47:56 (none) user.info kernel: [    0.056519] NMI watchdog: Enabled. P                                                                                                                                                                          ermanently consumes one hw-PMU counter.