Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 37 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 3955 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG135w connection breaking up

Shteki

Hello,

I'm experiencing sudden break ups witht he connection with my XG135w.

The configuration is as follows: ISP model with optical connection - unmanaged switch (with nothing else connected except ISP modem and XG) - XG - couple of switches with PoE and two Ubiquiti AP.

It all started on friday last week when I wanted to configure my two Ubiquiti APs with additional Guest WiFi network (with our existing one). After that the Ubiquiti APs started breaking up, so I deleted the newly created Guest WiFi, but after this I realised that our XG is always breaking up the connection to the internet. COuple of times it was WAN interface down, then it was okay but the connection was just broken for couple of seconds (without messaging that the WAN is down), then it went up for another couple of minutes, than breaks and so on (often with the message DNS_PROBE_FINISHED_NXDOMAIN after trying to refresh a site or to open a new one).

We have a ESXi on the network that has a AD virtual machine. The XG has a static DNS IP address set.

I'm not sure where to look at. It was all running smoothly before this Ubiquiti thing. Tried one more time to play with MTU (it was 1500) or to add a second rule to the WAN link manager for going down, but without help.

Any suggestions?

Thank you!



This thread was automatically locked due to age.
  • 0 in reply to Shteki

    Try creating a plain FW rule on the top with no restrictions in scanning, web, app, IPS just a plain FW rule for a single machine and keep it under observation for 24-48 hours !! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Tried it for a while, plain FW rule like you suggested, source LAN, destionation WAN, with a asociated NAT rule (source and destination any, SNAT is MASQ) and it still loses the conenction for couple of seconds. Awkardly, it doesn't report a WAN gateway failover immediately. It happens once or twice per day that it sends us emails with the Gateway Down/Up reported from yesterday or couple of days ago..

  • 0 in reply to Shteki

    Hey

    Is there any specific time or there is daily pattern or after certain interval of time users face internet disconnection ?
    Can you please share the following logs during the time of disconnection:

    #tail -f /log/nSXLd.log 
    #tail -f /log/dgd.log
    #ls -larth /var/cores
    # df -kh

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi Vivek,

    here are the log reports:

    This one was taken imediately:

    XG135w_XN03_SFOS 18.5.3 MR-3-Build408# tail -f /log/nSXLd.log                   

    [2022-07-29 07:52:32Z] <139652316337344> [error] nSXLd: DNS lookup timed out    
    [2022-07-29 07:54:36Z] <139652316337344> [error] nSXLd: DNS lookup timed out    
    [2022-07-29 08:58:50Z] <139652316337344> [error] nSXLd: DNS lookup timed out    
    [2022-07-29 09:29:02Z] <139652316337344> [error] nSXLd: DNS lookup timed out    
    [2022-07-29 09:45:11Z] <139652316337344> [error] nSXLd: DNS lookup timed out    
    [2022-07-29 09:46:39Z] <139652316337344> [error] nSXLd: DNS lookup timed out    
    [2022-07-29 10:04:58Z] <139652316337344> [error] nSXLd: DNS lookup timed out    
    [2022-08-02 12:30:41Z] <139652316337344> [error] nSXLd: DNS lookup timed out    
    [2022-08-02 12:30:42Z] <139652316337344> [error] nSXLd: DNS lookup timed out    
    [2022-08-02 12:31:01Z] <139652316337344> [error] nSXLd: DNS lookup timed out 



    This one was left over the night and here are the status reports of the "dead" links, normaly it was "live":

    DEBUG     Aug 03 01:40:34Z [17495]: Ping Result for : 8.8.8.8                   
    DEBUG     Aug 03 01:40:34Z [17495]: Ping : S                                    
    DEBUG     Aug 03 01:40:34Z [17495]: Current Status [GW(XXXXXXXX,Port2)] : Live 
    DEBUG     Aug 03 01:40:34Z [17495]: Sleep for 300 Seconds                       
                                                                                    
    DEBUG     Aug 03 01:45:34Z [17495]: Initiating Ping : 8.8.8.8                   
                                                                                    
    DEBUG     Aug 03 01:45:34Z [17495]: GW (XXXXXXXX,Port2) : Waiting for reply    
                                                                                    
    DEBUG     Aug 03 01:45:34Z [17495]: Success, Retrying(1) Ping : 8.8.8.8         
    DEBUG     Aug 03 01:45:34Z [17495]: GW (    XXXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:45:34Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:45:34Z [17495]: Ping Result for : 8.8.8.8                   
    DEBUG     Aug 03 01:45:34Z [17495]: Ping : S                                    
    DEBUG     Aug 03 01:45:34Z [17495]: Current Status [GW(XXXXXXX    ,Port2)] : Live 
    DEBUG     Aug 03 01:45:34Z [17495]: Sleep for 300 Seconds                       
                                                                                    
    DEBUG     Aug 03 01:50:34Z [17495]: Initiating Ping : 8.8.8.8                   
                                                                                    
    DEBUG     Aug 03 01:50:34Z [17495]: GW (XXXXXXX,Port2) : Waiting for reply    
                                                                                    
    DEBUG     Aug 03 01:50:36Z [17495]: Failed, Retrying(1) Ping : 8.8.8.8          
    DEBUG     Aug 03 01:50:36Z [17495]: GW (XXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:50:36Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:50:38Z [17495]: Failed, Retrying(2) Ping : 8.8.8.8          
    DEBUG     Aug 03 01:50:38Z [17495]: GW (XXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:50:38Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:50:40Z [17495]: Failed, Retrying(3) Ping : 8.8.8.8          
    DEBUG     Aug 03 01:50:40Z [17495]: GW (XXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:50:40Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:50:42Z [17495]: Failed, Retrying(4) Ping : 8.8.8.8          
    DEBUG     Aug 03 01:50:42Z [17495]: GW (XXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:50:42Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:50:44Z [17495]: Failed, Retrying(5) Ping : 8.8.8.8          
    DEBUG     Aug 03 01:50:44Z [17495]: GW (XXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:50:44Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:50:46Z [17495]: Ping Result for : 8.8.8.8                   
    DEBUG     Aug 03 01:50:46Z [17495]: Ping : F                                    
    DEBUG     Aug 03 01:50:46Z [17495]: Current Status [GW(XXXXXXXX,Port2)] : Dead 
    DEBUG     Aug 03 01:50:46Z [17495]: Sleep for 300 Seconds                       
                                                                                    
    DEBUG     Aug 03 01:50:46Z [17495]: Initiating Ping : 10.27.27.6                
                                                                                    
    DEBUG     Aug 03 01:50:46Z [17495]: GW (XXXXXXXX,Port2) : Waiting for reply    
                                                                                    
    DEBUG     Aug 03 01:50:48Z [17495]: Failed, Retrying(1) Ping : 10.27.27.6       
    DEBUG     Aug 03 01:50:48Z [17495]: GW (XXXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:50:48Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:50:50Z [17495]: Failed, Retrying(2) Ping : 10.27.27.6       
    DEBUG     Aug 03 01:50:50Z [17495]: GW (XXXXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:50:50Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:50:52Z [17495]: Failed, Retrying(3) Ping : 10.27.27.6       
    DEBUG     Aug 03 01:50:52Z [17495]: GW (XXXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:50:52Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:50:54Z [17495]: Failed, Retrying(4) Ping : 10.27.27.6       
    DEBUG     Aug 03 01:50:54Z [17495]: GW (XXXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:50:54Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:50:56Z [17495]: Failed, Retrying(5) Ping : 10.27.27.6       
    DEBUG     Aug 03 01:50:56Z [17495]: GW (XXXXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:50:56Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 01:50:58Z [17495]: Ping Result for : 10.27.27.6                
    DEBUG     Aug 03 01:50:58Z [17495]: Ping : F                                    
    DEBUG     Aug 03 01:50:58Z [17495]: Current Status [GW(XXXXXXXX,Port2)] : Dead 
    DEBUG     Aug 03 01:50:58Z [17495]: Sleep for 300 Seconds                       
                                                                                    
    NOTICE    Aug 03 01:50:58Z [17495]: Actiontree, Live to Dead                    
    NOTICE    Aug 03 01:50:58Z [17495]: Actiontree, executing: Live_To_Dead @XXXXXXXX                                                                              
                                                                                    
    DEBUG     Aug 03 01:50:58Z [32352]: Executing Service : <gateway:gw_live_to_dead
    > args : <{"param":"@XXXXXXXX"}>                                               
    DEBUG     Aug 03 01:55:58Z [17495]: Initiating Ping : 8.8.8.8                   
                                                                                    
    DEBUG     Aug 03 01:55:58Z [17495]: GW (XXXXXXXX,Port2) : Waiting for reply    
                                                                                    
    DEBUG     Aug 03 01:55:58Z [17495]: Success, Retrying(1) Ping : 8.8.8.8         
    DEBUG     Aug 03 01:55:58Z [17495]: GW (XXXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 01:55:58Z [17495]: Current Status : Dead                       
                                                                                    
    DEBUG     Aug 03 01:55:58Z [17495]: Ping Result for : 8.8.8.8                   
    DEBUG     Aug 03 01:55:58Z [17495]: Ping : S                                    
    DEBUG     Aug 03 01:55:58Z [17495]: Current Status [GW(XXXXXXXX,Port2)] : Live 
    DEBUG     Aug 03 01:55:58Z [17495]: Sleep for 300 Seconds                       
                                                                                    
    NOTICE    Aug 03 01:55:58Z [17495]: Actiontree, Dead to Live                    
    NOTICE    Aug 03 01:55:58Z [17495]: Actiontree, executing: Dead_To_Live @AXXXXXXXX                                                                              
                                                                                    
    DEBUG     Aug 03 01:55:58Z [1843]: Executing Service : <gateway:gw_dead_to_live>
     args : <{"param":"@XXXXXXXX"}>                                                
    DEBUG     Aug 03 02:00:58Z [17495]: Initiating Ping : 8.8.8.8                   
                                                                                    
    DEBUG     Aug 03 02:00:58Z [17495]: GW (XXXXXXXXXX,Port2) : Waiting for reply    
                                                                                    
    DEBUG     Aug 03 02:00:58Z [17495]: Success, Retrying(1) Ping : 8.8.8.8         
    DEBUG     Aug 03 02:00:58Z [17495]: GW (XXXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 02:00:58Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 02:00:58Z [17495]: Ping Result for : 8.8.8.8                   
    DEBUG     Aug 03 02:00:58Z [17495]: Ping : S                                    
    DEBUG     Aug 03 02:00:58Z [17495]: Current Status [GW(XXXXXXXXX,Port2)] : Live 
    DEBUG     Aug 03 02:00:58Z [17495]: Sleep for 300 Seconds                       
                                                                                    
    DEBUG     Aug 03 02:05:58Z [17495]: Initiating Ping : 8.8.8.8                   
                                                                                    
    DEBUG     Aug 03 02:05:58Z [17495]: GW (XXXXXXXXX,Port2) : Waiting for reply    
                                                                                    
    DEBUG     Aug 03 02:05:58Z [17495]: Success, Retrying(1) Ping : 8.8.8.8         
    DEBUG     Aug 03 02:05:58Z [17495]: GW (XXXXXXXX,Port2) : Waiting for reply    
    DEBUG     Aug 03 02:05:58Z [17495]: Current Status : Live                       
                                                                                    
    DEBUG     Aug 03 02:05:58Z [17495]: Ping Result for : 8.8.8.8                   
    DEBUG     Aug 03 02:05:58Z [17495]: Ping : S                                    
    DEBUG     Aug 03 02:05:58Z [17495]: Current Status [GW(XXXXXXXX,Port2)] : Live 
    DEBUG     Aug 03 02:05:58Z [17495]: Sleep for 300 Seconds





    XG135w_XN03_SFOS 18.5.3 MR-3-Build408# ls -larth /var/cores                     
    -rw-------    1 nobody   nobody    239.6M Aug 19  2020 core.httpd               
    -rw-------    1 nobody   nobody    132.7M Aug 31  2021 core.vncfreerdp          
    drwxrwxrwt    2 root     0           4.0K Aug 31  2021 .                        
    drwxr-xr-x   39 root     0           4.0K Aug  3 06:41 .. 
     



    XG135w_XN03_SFOS 18.5.3 MR-3-Build408# df -kh                                   
    Filesystem                Size      Used Available Use% Mounted on              
    none                    234.1M      8.9M    208.9M   4% /                       
    none                      2.9G     24.0K      2.9G   0% /dev                    
    none                      2.9G     48.2M      2.8G   2% /tmp                    
    none                      2.9G     14.6M      2.8G   0% /dev/shm                
    /dev/boot               127.7M     38.7M     86.3M  31% /boot                   
    /dev/mapper/mountconf                                                           
                            385.4M     75.2M    306.1M  20% /conf                   
    /dev/content              5.4G    585.6M      4.8G  11% /content                
    /dev/var                 46.5G     11.7G     34.8G  25% /var  



    
				                    
    
                
    
            
    
        	
    

		
		
		
		
	
    
	
    
		
    
			
		
    
	
    
	
    
		
						
				
				
				
				
				
		
		
    
			
		
    
	
    

    

    • 

	

  • 
	
    



	
			
		
	



    
	
    
		
    
							
					
    
		
    
			
													0
							
			
				
									
							
						
				
			
												
						in reply to Shteki
					
									
    
	
    

		
		
    
					
    Hi ,

    Thank you for the update, it looks like the SXL server's  responsible categorization  is getting a timeout, I am suspecting NC-100418,
    But can you perform a quick advance shell lookup as per the KBA: https://support.sophos.com/support/s/article/KB-000037012?language=en_US
    And if it really fails then add a DNS host entry for URL is 4.sophosxl.nethttps://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Network/DNS/NetworkDNSHostEntryAdd/index.html

    
				                    
    
                
    Thanks & Regards,
    _______________________________________________________________
    

    Vivek Jagad | Team Lead, Global Support & Services 
    

     
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.
    
            
    
        	
    

		
		
		
		
	
    
	
    
		
    
			
		
    
	
    
	
    
		
						
				
				
				
				
				
		
		
    
			
		
    
	
    

    

    • 

	

  • 
	
    



	
		
	
	



    
	
    
		
    
							
					
    
		
    
			
													0
							
			
				
									
							
						
				
			
												
						in reply to Vivek Jagad
					
									
    
	
    

		
		
    
					
    Hi Vivek,
    

    the lookup brought okay results - for example:
    

    XG135w_XN03_SFOS 18.5.3 MR-3-Build408# nsxld -l bbc.com                         
    Raw Data:                                                                       
        0:1:30:NEWS                                                                 
        0:2:27:MEDIA_NEWS                                                           
        0:3:2:LOW                                                                   
        0:5:41:PROD_NEWS                                                            
    Identified Categories:                                                          
        Web Category: News                                           

    I've addeed the new DNS host entry for the sophos URL, we'll see what happens.

    
				                    
    
                
    
            
    
        	
    

		
		
		
		
	
    
	
    
		
    
			
		
    
	
    
	
    
		
						
				
				
				
				
				
		
		
    
			
		
    
	
    

    

    • 

	

  • 
	
    



	
		
	
	



    
	
    
		
    
							
					
    
		
    
			
													0
							
			
				
									
							
						
				
			
												
						in reply to Shteki
					
									
    
	
    

		
		
    
					
    Sure, keep it under observation as of now. If the issue persist then have a service request raised with the Sophos support for further diagnosis !! 
    
				                    
    
                
    Thanks & Regards,
    _______________________________________________________________
    

    Vivek Jagad | Team Lead, Global Support & Services 
    

     
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.
    
            
    
        	
    

		
		
		
		
	
    
	
    
		
    
			
		
    
	
    
	
    
		
						
				
				
				
				
				
		
		
    
			
		
    
	
    

    

    • 

	





	
			





























Share Feedback




    ×
    
Submitted a Tech Support Case lately from the Support Portal?

    
    
    

































			











Unfiltered HTML