Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 914 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos support: worst than ever?

timtom

Has Sophos support really become catastrophic? According to my IT provider, yes.

We have a problem on our XG firewall that was never resolved by our IT provider, with the help of Sophos, despite an enhanced plus support (from what my provider tells me). This has severely disrupted our entire network (200 PC) for almost a year (!!!).

The solution was to put in test a FW of another brand (the XG continues behind to ensure the connections with our REDs). And it works.

My provider tells me that the relations with Sophos are bad and that the support is worse and worse with teams divided by two.

Have you seen this on your end? How is it possible that Sophos is doing nothing at this point?

Thanks.
PS : I would much rather resolve this amicably than have to fight and, in any case, end up with a competitor, which would be very expensive.



This thread was automatically locked due to age.
Parents
  • 0

    Just out of curiosity (and perhaps some of us may be able to help)... what are the exact issues you are having?  Give as much detail as possible.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent

    First symptom never explained (I looked at logs and provided them to Sophos who found nothing): the XG restarts every week for over a year. Every week, same day, same time with about 20 minutes more (so it's not even a random cron).

    The second one, much more serious and confusing, is monumental delay to give an IP address in DHCP (a few seconds to... 20 minutes! On average 30 seconds) and the very important number of connection failures of users to the RDS broker (which, in my opinion, is related to the DHCP problem because the users try to connect as soon as they are logged in, but they don't have an IP yet)

    First logical reaction: RMA. It's already done! Nothing has changed with a brand new XG. It seems obvious to me that we have to do a complete reset of the conf but we have RED boxes and that would block everyone for a long time because we will have to redo everything by hand (re-injecting the bugged conf seems to me quite stupid).

    We have a fortinet for 6 months and everything works perfectly. The XG behind the fortinet is only used to connect the REDs.

    Sophos didn't give us any solution and didn't help us. It seems that they are asking for logs again, but it's out of the question to block all users again, who were all on the verge of a nervous breakdown!

  • 0 in reply to timtom

    Hmm.  That's a tough one.  I did have one weird issue with a managed customer a year ago or so, system would lock up every few days, support pored all over it, etc... was replaced with a RMA, problem continued... then finally they figured it out.  2nd RMA fixed it.  They had an issue with the particular model we were dealing with, where many of the devices had defective RAM, including the RMA units (could happen to anybody, seen it before in my career) -- the problem would not manifest until the unit had been running a while -- memtest86, etc. all showed it good... it was a XG106.

    Hopefully the guys on here can get you fixed up.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to timtom

    Do you use STAS? Or do you use a bridge for all REDs? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    STAS, yes.

    For the bridge, I didn't even know we could have a bridge for RED. Or maybe you're talking about transparent mode ? All our RED are in Standard/split.

  • 0 in reply to timtom

    Do you have STAS Quarantine active? This option is in the webadmin.

    If yes - Disable this please. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    "Restrict client traffic during identity probe" is active. Probe timeout is set to 120. "Enable user inactivity" is off.

    I have disabled the client traffic restriction.

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?