Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 952 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG330 - 18.5.1 - HA (Active-Passive) - Primary - Webinterface Admin extrem slow and not all informations show

Dennis Kortmann

Hello Community,

three days ago we installed the update to 18.5.1 on our XG330.
 This is in the HA (Active-Passive). The days after that it ran without any problems.

As of today, the admin web interface is extremely slow and not all informations show. But the user portal works without any problems.
I have already tried to solve the problem with this command via SSH, but the admin web interface remains extremely slow.

service tomcat: restart -ds sync
service apache: restart -ds sync

Did anyone have an idea? Thank you in advance for your support.

When I log on to the Auxiliary at the Admin Web Interface with the user "admin", it works at normal speed and I see everything.



This thread was automatically locked due to age.
  • 0

    Check the HA status of the appliance. Maybe there is a MAC issue (virtual MAC). 

  • 0 in reply to LuCar Toni

    HA Status normal:

    There is an event this morning in the HA tunnel log.

    ha_tunnel.log

    XG330_WP02_SFOS 18.5.1 MR-1-Build326# Sep 14 06:11:48 Warning: Permanently added '169.254.192.2' (ED25519) to the list of known hosts.
    XG330_WP02_SFOS 18.5.1 MR-1-Build326# Connection to 169.254.192.2 closed by remote host.
    Connection to 169.254.192.2 closed.
    Sep 15 06:45:09 ssh: connect to host hapeer port 22: Connection refused
    Sep 15 06:45:10 ssh: connect to host hapeer port 22: Connection refused
    Sep 15 06:45:15 ssh: connect to host hapeer port 22: Connection timed out
    Sep 15 06:45:20 ssh: connect to host hapeer port 22: Connection timed out
    Sep 15 06:45:25 ssh: connect to host hapeer port 22: Connection timed out
    Sep 15 06:45:30 ssh: connect to host hapeer port 22: Connection timed out
    Sep 15 06:45:35 ssh: connect to host hapeer port 22: Connection timed out
    Sep 15 06:45:40 ssh: connect to host hapeer port 22: Connection timed out
    Sep 15 06:45:45 ssh: connect to host hapeer port 22: Connection timed out
    Sep 15 06:45:50 ssh: connect to host hapeer port 22: Connection timed out
    Sep 15 06:45:55 ssh: connect to host hapeer port 22: Connection timed out
    XG330_WP02_SFOS 18.5.1 MR-1-Build326#

    Mac addresses are different from Primary and Auxiliary for the HA port.

    Primary:

    Auxiliar:

  • 0 in reply to Dennis Kortmann

    There is an event this morning in the Conntrack synchronization service log.

    ctsyncd.log

    [Wed Sep 15 06:45:12 2021] (pid=8502) [notice] committing all external caches
    [Wed Sep 15 06:45:12 2021] (pid=8502) [notice] Committed 127 new entries
    [Wed Sep 15 06:45:12 2021] (pid=8502) [notice] commit has taken 0.015719 seconds
    [Wed Sep 15 06:45:12 2021] (pid=8502) [notice] flushing external cache
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:13 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:22 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:23 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:45:48 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:46:39 2021] (pid=8502) [notice] resync with master conntrack table
    [Wed Sep 15 06:47:14 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:47:19 2021] (pid=8502) [notice] resync requested by other node
    [Wed Sep 15 06:47:19 2021] (pid=8502) [notice] sending bulk update
    [Wed Sep 15 06:47:23 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:47:31 2021] (pid=8502) [ERROR] no dedicated links available!
    [Wed Sep 15 06:48:31 2021] (pid=8502) [notice] resync with master conntrack table
    [Wed Sep 15 06:48:31 2021] (pid=8502) [notice] sending bulk update

  • 0 in reply to Dennis Kortmann

    just by chance, and with knowledge, that this should have been fixed with 18.0 MR6: did this happen only after changing a RED device? Pointing @ NC-70783

    Looks like it has not been fixed in 18.5

  • 0

    Workaround: I was able to solve the problem first by performing a "switch to passive device" in the HA. The system is now running normally again, including the admin portal.

  • 0 in reply to Dennis Kortmann

    Do you have another HA Cluster in your network? SFOS uses a virtual MAC for HA. Sounds like you were not on the correct appliance, causing this issue in the first place. By switching, the primary released the HA. 

    If you have timeout issues, check the connection between A and P Appliance. 

  • 0 in reply to LuCar Toni

    please check the system logs for admin changes shortly before this timestamp:

    Sep 15 06:45:09 ssh: connect to host hapeer port 22: Connection refused

    It looks like you have some HA related issue with CSC and maybe this started after a specific Admin change - this is eventually reproducible by the same change again. The behaviour reminds me of our fight against the NC mentioned above.