Xg115w failure to reconnect automatically

Hello rfcat_vk,

Thank you for reaching out to the sophos community, for the reported issue we have some questions below:

> What is the current firmware & hardware model in the reported scenario ?
> Can you share the system graph during when the failure occurred ? diagnostics > system graph
> Under the advance shell, during the time of the reported issue what did you see in the following logs:
#/log/dgd.log
#/log/syslog.log
#/log/applog.log
#/log/garner.log
#/log/networkd.log
#/log/nSXLd.log
> Log file details: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/LogFileDetails/index.html
> What is the current failover rule set under the WAN link manager for that interface ?
> What is the DNS configured ?
> what were the number of live users during the issue occurred ?

> What is the current firmware & hardware model in the reported scenario ?

Model XG115w rev 3 v19.0.1 MR-1
> Can you share the system graph during when the failure occurred ? diagnostics > system graph

The graphs show the failure at just after 0200, the firewall messages show 0217.

The spikes are when I tried various steps to restart the connection, with the big spike being when the XG115W was restarted.

> Under the advance shell, during the time of the reported issue what did you see in the following logs:

The logs are very difficult to search because they are in UTC not local time. The dad log does not have any details around the fail time.

The logs are not consistent, networked is in local time and does not have any entries for early on the 5th August until I restarted the XG.

#/log/dgd.log
#/log/syslog.log
#/log/applog.log
#/log/garner.log
#/log/networkd.log
#/log/nSXLd.log

> Log file details: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/LogFileDetails/index.html

> What is the current failover rule set under the WAN link manager for that interface ?

There is no failover because there is only one link. The WAN manager tests the availability of the ISP gateway devices.

> What is the DNS configured ?

The DNS is setup to use the ISP links on both IP4 and IPv6

> what were the number of live users during the issue occurred ?

All users are clienteles - the Apple TV was streaming video and the iPhone was surfing the web. There are a number of other devices active eg security cameras, foxtel boxes, security light controller, PC printers etc

Ian

Okay thank you for the update rfcat_vk 
So where you able to ping the gateway of the ISP when the failure occurred ?
By failover rule I mean the failover rules configured on that ISP interface...
Were you receiving the unicast reply ?
You can use the following command from the console
e.g. 2 
console> system diagnostics utilities arp ping interface Port<number> <ISP/interface gateway> 

Hi Vivek,

the issued occurred 15 hours ago. I was made aware of the issue when i got up this morning, so pinging the ISP gateways now is not going to prove anything.

Which log would I find the results in?

ian

Okay if the issue occurs next time, try the suggested options and you can check the results under the following logs: 

/log/dgd.log
/log/networkd.log
/log/syslog.log
dmesg

Thank you for the prompt reply.

None of the .log files had any ping information.

Ian

Then I would suggest if the issue re-occurs, check this log files mentioned before rebooting the appliance !!
And also perform an arp ping to the ISP gateway and check the nSXLd.log too !!

The restart appears to have fixed some other issues with applications not being blocked now being blocked.

ian

That's amazing !!