Hi everyone, I have a bit of a situation here.
Yesterday evening I tried updating my Sophos XG VM from SFOS 19.0.1 MR-1-Build365 to SFOS 19.5.0 GA-Build197. A little while later (probably 20 minutes) I went into the firewall GUI and noticed it still had the old firmware listed as the active firmware (yellow dot next to it) under System>Backup & Firmware>Firmware, so I clicked on the black and blue icon of 2 arrows next to the new firmware and after being prompted that the system will reboot with the selected firmware I clicked "ok". Somewhere in this process, something went wrong and I started getting all sorts of issues with internet connectivity. Now the LAN devices have no connectivity to the WAN or most of the web servers (also on the WAN).
Originally I tried updating because I randomly started having issues with devices on the VPN connecting to the WAN showing ERR_SSL_PROTOCOL_ERROR when browsing the web and the logs were showing out of ram errors. I rebooted the XG and the devices on the VPN were still getting the same exact error message, but the logs were now showing SSL Flow Timeout. The diagnostics panel showed that only 4 of the 8Gb of ram were in use, and devices on the LAN were working fine. I thought the issue was very strange, so I tried updating the firmware (I believe this is the first time I updated this VM).
After doing some research online, I think the errors may have something to do with how some of the physical network interfaces were removed shortly after installation. When I set the VM up in Hyper-V, I created a private virtual interface for each of my other servers and connected all of them to the Sophos XG VM. My reasoning behind this is I just assumed it would be easier to manage network traffic that way. For instance, I could have all traffic on port 53 redirect to the interface for my DNS server. I was having issues setting it up this way and properly configuring DHCP for them, so I deleted the other interfaces so now the XG only has 2, WAN and LAN and just put all the servers on the LAN. The other interfaces still show up in the XG under Network.
I have never experienced any issues and so I left everything as is, but now I am thinking this is what may be causing the strange issues. Is it possible to remove these extra interfaces? Or do you think that has nothing to do with it?
Regardless, now the VPN is working, and the LAN has no internet access. The XG has also been stuck updating. The Central management dashboard has shown "Firmware Update In Progress" for a few hours now with the spinning gear.
If it makes a difference, I have been accessing the XG via Sophos Central the entire time. Somehow it has been online in Sophos Central the entire time.
This thread was automatically locked due to age.
