Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 20 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 2533 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 135 - Internet stops working for 10-15 mins

MiroslavCacija

Hi all,

we have a strange problem with daily internet outages that lasts for about 10-15 mins. There is no internet in the office at all during the outage, and no one can connect from the outside. I can see clearly on the graph that internet stopped working. I've tried disabling STAS completely, but it happened again. No logs, no e-mail notifications, and no internet Slight smile

This is driving me and users CRAZY.

What is happening with this device ? We have HA config.

No answer from support, and no new firmware from December 2020., really ?

Any ideas what can I try to disable ?

I can disable all security features, but than why we are paying for it ?



This thread was automatically locked due to age.
  • 0

    Hi Miroslav,

    Maybe this is a case like mine. I have noticed that the SFOS 18.0.4 MR-4 on the XG125 generates a high CPU load. Sometimes it's even 100%. And then data transfer is very limited or even disappears. High load especially occurs when XG is doing a pattern update. I turned off unused RED services, Hotspot, changed the hours of updating patterns and now it's better.

    Regards
    Jan

  • 0 in reply to MiroslavCacija

    Hello Miroslav,

    Thank you for the output.

    What about the output of /var/cores?

    And did have a chance to open a Case with Support? if so, can you share the Case ID? if you haven't please open one and once you have it you can share the Case ID with me. 

    Regards,

  • 0 in reply to emmosophos

    How can I get output of var/cores ?

    Sophos Support Case 03763877, but it's closed now, since I've ordered replacement units, please re-open the case.

    But somehow I'm afraid that it's a software problem. We'll see when I replace the units ( two units in HA, and the problem persists even when I switch the units in HA ).

  • 0 in reply to MiroslavCacija

    Hello Miroslav,

    Unfortunately, I can't open the case, you can however open a new case and reference that Case ID at any time. Also in the ticket, I can see a note from the engineer saying that you informed you created a new case for the RMA

    If the issue persists, with the new devices, provide the same logs and information I mentioned previously in this post in the new case, the solution shouldn't be "RMA " if the issue is the same with the new devices, in recurrent issue the case needs to go to GES/DEV to analyze why this is happening.

    The output of /var/cores can be seen by running

    # ls -lh /var/cores

    Regards,

  • 0 in reply to JanSadlik

    OK, we'll see soon.

    XG135_XN03_SFOS 18.0.4 MR-4# ls -lh /var/cores
    -rw-------    1 root     0          17.0M Jun  8  2019 core.access_server
    -rw-------    1 root     0          35.3M Mar 24  2020 core.awed
    -rw-------    1 root     0          34.7M Mar 29  2020 core.ctasd.bin
    -rw-------    1 root     0          45.9M May 13  2019 core.garner

  • 0

    New info -

    - Internet stops regularly every morning when users comes to work, around 9 h

    - I can even ping the WAN interface, and I can connect to the VPN successfully but I cannot reach any internal resource, and users cannot browse any internet resource during the outage

    - I can connect to User Portal

    - Outage last for about 10-15 mins

    - Outage persists between devices in HA ( tried switching devices )

    Any clue before devices replacement ? ?

  • 0 in reply to MiroslavCacija

    Hello Miroslav,

    In these cases, I would try to Console in or SSH into the XG, to see what output the XG is showing at the moment.

    If you’re able to console, I would check the syslog.log and the csc.log try to do a tcpdump and/or drop-packet-caputre see if the XG is throwing the packets or simply ignoring them.

    In any case, if the issue happens again with the new devices, get the logs I mentioned above, and the console output and mention this is the Second time the issue has happened, and send me the Case ID.

    Regards,

  • 0 in reply to emmosophos

    Soooo ... after pulling my hair some more  with this annoying problems ... it seems that SSL decryption engine in 18.0.4 is completely broken. As the last resort I've disabled SSL decryption in firewall rules and globally, and magically we have no internet outages for two days. I just wanted to save myself some travel time ( 80 km in one direction ) to replace units for RMA ones, because I felt that this could be a software problem. We have HA, and the same problem is present on both units.

    So Sophos, shame on you once more, I'm really, really disappointed ... again.

    - can you please check will this problem be solved in firmware update, and WHEN will FW update be available ?

  • 0 in reply to MiroslavCacija

    Hello Miroslav,

    MR5 is coming out next week, I am not 100% sure as to what issue you’re referring to, but MR5 will be fixing some issues related to TLS/SSL inspection.

    Did you see any error under the TLS engine? Such as Flow_Time OUT or Dropped due to TLS engine error 

    In any case let me know if the issue persists after you install MR5, so we can follow up accordingly.

    Regards,