Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall keeps failing

Hi

SFV2C4 (SFOS 18.5.1 MR-1-Build326) every almost 3 weeks it's going down. We have several APIs which upload images etc. API calls traffic could be heavy sometime. We see a lot of traffic in one of our API which is hosted on IIS server. 

How can I check what is causing and what it can be done? when it happens, we can't access to web portal or any of the websites, apis which are hosted on IIS and traffic routed to firewall IP.

The only way to get it up and running again, restarting the firewall VM.

maybe the firewall is not strong enough?  Standard F2s v2 (2 vcpus, 4 GiB memory)

Thanks



This thread was automatically locked due to age.
Parents
  • You should update at least to 18.5.4

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks Philip. Is this the reason why the XG keep failing? I just checked the Firmware Tab, I see that 

    SFOS 19.0.1 MR1-Build365
    GA
    SFOS 18.5.4 MR4-Build418
    MR

    available to download. So should I download and 19.0.1 and install it directly? or 18.5.4 first, then 19.0.1 ?

    Thanks

  • Go to option 5 then 3 and paste the command to see the output 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  •  this is what I see... 

  • This is a Azure Installation. So the cores are supported. Go ahead an install the latest Firmware. Your current firmware is not supported anymore. 

    __________________________________________________________________________________________________________________

  • Ok. Thanks Toni. I'll install them tomorrow and try the command again. 

  • The commands are irrelevant for your problem. 

    You should check the issue after the upgrade. Assumingly you missed roughly one year of fixes. So your issue is likely already fixed. 

    __________________________________________________________________________________________________________________

  • Toni, was the firewall crashing a known issue? i'll push the first update tomorrow, then backup the firewall then install the second one? is this how I should proceed it?

    Thanks

  • You can simply upgrade to the new version. No need to do a step inbetween. You should have a backup just in case. 

    I am not sure about the entire known issue list - You can read all fixed issues here: docs.sophos.com/.../sf_185_rn.html

    __________________________________________________________________________________________________________________

  • Hello Toni,

    my recommendation to go to 18.5.4 is my experience in the field. Maybe he had reasons not to move to fast from the version he used for a longer time. Then you better don't go to a completely new version 19, and 18.5.4 is a fully supported version for now. And he then has a slot of the newest 18.5 MR to roll back in an easy way, when he decides to go V19 and something breaks.

    You see: many thoughts to advise this "unnecessary" step in between.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks Philipp

    We have several xg hosted in azure. Two of them are already 18.5 and one 19. They all host similar applications. So what I do is to install 18.5 today and keep an eye on it. If all good, I will then install the v19 tomorrow.

  • Hello Philipp

    Applied the 18.5.4 Build 418 successfully. 

    how can I check what actually happened last Friday, for outage/crash of the firewall? 

    When I ran these commands

    # grep SSSE3 /var/log/sasi.log
    # grep flags -m1 /proc/cpuinfo 

    I am getting this screen. 

    should I run something else? 

Reply
  • Hello Philipp

    Applied the 18.5.4 Build 418 successfully. 

    how can I check what actually happened last Friday, for outage/crash of the firewall? 

    When I ran these commands

    # grep SSSE3 /var/log/sasi.log
    # grep flags -m1 /proc/cpuinfo 

    I am getting this screen. 

    should I run something else? 

Children