Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 2141 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG reboot and change in HA Status

Ste

Dear Comminity,

I've a customer with an HA pair of XG135 with SFOS 18.0.5 MR-5-Build586. They are facing random reboot of the appliance that force a change HA status.

During this reboot they 5/10 minutes of disconnectoin. 

I've open a sophos case 04435878 in order to investigate and support replay that this problem is caused by the automatic pattern updates feature and it's a known behavior and the only mitigation solutions are stop automatically update or schedule it every 24 hours.

Also they say that the last SFOS 18.5.1 MR1-Build326 don't solve this problem.

Is everyone facing the same problem?

There are any action or bug open by sophos in order to solve this? 

Is there any KB that describe this known behavior?

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Hello Ste,

    Thank you for contacting the Sophos Community.

    I have escalated this case internally to the Manager of the engineer, to have this investigated accordingly, let me know if you don't hear from support in the next 24 hours.

    The issue with the IPS/ATP updated is caused by the restart of the IPS process,  which will drop internet momentarily while this happens.

    This specific behavior of not having to restart the IPS module is targeted to be fixed on version 19. (NC-71039)

    This issue is noticeable in the lower-end devices, but this shouldn't cause a reboot of the HA, if it’s then it needs to be investigated but I don't think this is your case.

    Regards,

  • 0 in reply to emmosophos

    Hello,

    another event on another platform XG330 with the same firmware. 

    Mode: Active-Passive
    Hypervisor assigned MAC addresses: Disabled
    Fail back to primary device: Disabled
    Cluster ID: 0
    Dedicated Port: Port8
    Monitoring Ports: Port1
    Time:11:21:47

    Appliance Key

    Model Number

    Firmware Version

    Appliance State

    Administration IP

    C330799DK26QVB4

    XG330

    SFOS 18.0.5 MR-5-Build586

    Standalone

    C330AC4P4Q2FTE1

    XG330

    SFOS 18.0.5 MR-5-Build586

    Fault

    When it will be fixed this behavior? we need to wait the 19? What is the bug ID and the KB that describe this problem? 

    Thank you

  • 0 in reply to Ste

    In your screenshot the IPS upgrade was after the HA failure, correct?

    does the faulted appliance come back into cluster automatically after it has rebooted?

    I ask because I had an issue last week where I uploaded the MR6 firmware to an XG with the same SFOS. only upload, not install. It looks a little bit similar to your description.

    ~15 or 30 minutes later the machine that was primary at the time of my upload failed and we had a HA failover. The machine then joined the cluster as aux node.

    It's a XG430.

    Our case I here is 04507567

  • 0 in reply to LHerzog

    Yes it come back and the screenshot of the IPS upgrade is taken on Active device now: C330799DK26QVB4 that were in standby status when the event occurs.

Reply Children
  • 0 in reply to Ste

    Just to recap this: It is known, the IPS/ATP installation can cause a dropping of the connections on smaller appliances for a short time period. Most likely this drop is not noticed, as TCP stack will simply retransmitted. 

    It should not cause any harm to the HA nor to the status of the HA. This is not known nor reported, as far as i know. 

  • 0 in reply to LuCar Toni

    Hello Ste,

    It looks your case  got closed, since the logs requested by support weren’t provided, you mentioned that you weren’t able to see any logs in  msyn.log or applog.log

    In the event that occurred today are you able to see information in the logs?

    If so, please open a new Case and reference the Old Case ID, and send me the new Case ID, so I can request to keep the case for longer.

    Regards,