XG115W daily crashes after v18 MR5 upgrade Build 586

Hello Brent,

Thank you for contacting the Sophos Community, sorry to hear you are having issues with your device.

If you have a case open with Support could you please share the Case ID with me, so I can follow up, if you haven't please open one and share the Case ID with me.

Can you please submit the following files:

csc.log, applog.log, syslog.log, msync.log and networkd.log

Memory and CPU graph and all this detail with exact date and time when issue observed.

If you have any log under /var/cores, please submit the output of the command.

Also the output of this command:  grep 'NMI\|backtrace' /log/syslog.log

Additionally please run the following command, to disable Firewall-Acceleration and monitor if the issue happens again.
console> system firewall-acceleration disable
To see if the Firewall Acceleration is enabled, please run
console> system firewall-acceleration show

Note: If disabling Firewall Acceleration, does temporarily resolve the problem, this still needs to be investigated. 

I'd also suggest you set up a console connection to capture the next restart event if it ever happens. 

Regards,

Good morning, the firewall failed x2 this AM. Any thoughts about this? It has been crashing daily (at least) for 9 days after th3 MR5 upgrade. 

Is this conversation linked to the Sophos Support ticket or do I need to update both places?

Hello Brent,

Thank you for your update.

No, this conversation isn’t linked to the Sophos Support ticket.

However, I checked they’re asking you to do the following:

Using PuTTY, go to 'Session' - 'Logging.'
Here, select "All session output', and set the file name to a folder and name for later retrieval.
Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.
Start the session, and log in to ensure it is all proper.
Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.
Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

Regards,

Unfortunately that isn't a current option... but I am working on it! 

Had the exact same problem at a customer site (we are a MSP).  Started happening after we went to v18 MR.x (changing / updating did not help).  Eventually they found the unit had bad RAM in it (it would pass a memtest -- the failure mode was "strange") ... and it happened that the RMA unit they first sent me had the same issue (which had us chasing our tail looking for a software root cause); the last unit used a different kind of RAM and totally corrected the issue.  Replacement is what I'd try.

Had the exact same problem at a customer site (we are a MSP).  Started happening after we went to v18 MR.x (changing / updating did not help).  Eventually they found the unit had bad RAM in it (it would pass a memtest -- the failure mode was "strange") ... and it happened that the RMA unit they first sent me had the same issue (which had us chasing our tail looking for a software root cause); the last unit used a different kind of RAM and totally corrected the issue.  Replacement is what I'd try.

We swapped it with NEW (not rma) hardware and it has been fine since. Sophos won't replace the bad unit unless I get it to fail hardware tests even though it seems pretty clear since I used a config backup on the new unit.

That's unfortunate -- like I said it took a ton of time, but they finally tried another box, and it fixed it, and they said it was a RAM issue.  Ours passed memtest as well, still broke randomly.  Might escalate the case, or talk to your partner about it.  I was the partner in this case so I guess that gave me a little of an edge.

Forgot to mention we are a partner as well!