SSL/TLS inspection - Dropped due to TLS engine error: OUT_OF_MEMORY[201]

Which version do you use? Do you use IPsec? What kind of appliance do you use? 

SFOS 19.5.0 on a XGS4500. Yes it is IPsec.

Can you do an upgrade to 19.5MR1? 

Yes, maybe on the weekend. Any related issues to this problem solved in the release?

Likely this is caused by this ID, resolved in V19.5 MR1.

there are several high mem usage fixes included:

https://docs.sophos.com/releasenotes/index.html?productGroupID=esg&productID=savmosx&versionID=Central

go to the resolved issues and search for memory

can you post a screenshot of mem utilization?

Updated to 19.5 MR1. The problem unfortunately still exists.

Hello there,

Thank you for the follow-up.

If the issue persists, please open a case and mention NC-107042 and feel free to reference this community link as well. 

Additionally, also share the Case ID once you have it.

Regards,

From Lucar Tonis Writing above this is only a VPN issue - Steppenwolf wrote that also LAN users having this issue.

Is it only live.com as Target URL or also others?

Can you try to run atop, press m and catch the issue

This is the output on one of our (XG, not XGS) machines so you can compare.

compared with what GUI shows us.

It is not ultimately related to IPsec, The NPU could find a connection, which does extend the connection size and therefore gets dropped by the NPU with "out of memory". Upgrading to V19.5 MR1 can fix this issue, but if does not fix it, you should generate a support case to get this investigated. If you can reproduce this issue, it is better. 

It is not ultimately related to IPsec, The NPU could find a connection, which does extend the connection size and therefore gets dropped by the NPU with "out of memory". Upgrading to V19.5 MR1 can fix this issue, but if does not fix it, you should generate a support case to get this investigated. If you can reproduce this issue, it is better. 

Yes, the memory in this instance is the packet buffer. Not the RAM on the box. Protecting against an attempt to pack data into a packet buffer that is too large for the buffer.

Since this is reported to be happening on 19.5 MR1, I would appreciate it if you can PM me support access details so that I can look at the configuration in play, and suggest a possible workaround. It would indeed be good to open a support case for this.

are you from Sophos?

Yes he is. Seems like the account is not linked yet. emmosophos 

Profile updated to show Staff and Dev. Tnx.

I will open a support case soon and PM you the details. Thanks.

Hello Steppen,

Thank you for the Case ID, I will follow up with Elardus on how to proceed. 

I have replied to your PM as well.

Regards,