Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 6607 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG550 and firware 16.1 strange issues

MatteoGalvani

Hi all, last week we are migrated from fortigate firewalls to a HA Cluster of Sophos XG 550. We have actually a lot of problems, initially with HTTP SCAN AND IPS actvated on all rules LAN TO WAN, LAN TO DMZ, WAN TO LAN..we had 50% of all the traffic dropped. So we decided to deactivate all the scans, HTTP, FTP and IPS temporarely. That for permit to the user to work.

But with all the scan disabled the things are going a little better but not so much... The XG firewalls are isolating from the network for 15-20 seconds al lot of pc's randomly during the day. That's happen to me to. For example i'm navigate on the Amazon site and the firewall decide to isolate me from the net, the only hosts that i can ping are the host on my nwtwork and the interface of the firewall that is my gateway. That's unfortunately is happening an many many pc on the network. A lof of workstation on our networks are Terminal Server Citrix thinclient and on them the session is disconnected frequently.

 

Some one has tyhe sam issue? Thank you,

 

Matteo



This thread was automatically locked due to age.
Parents
  • 0

    MatteoGalvani said:

    But with all the scan disabled the things are going a little better but not so much... The XG firewalls are isolating from the network for 15-20 seconds al lot of pc's randomly during the day. That's happen to me to. For example i'm navigate on the Amazon site and the firewall decide to isolate me from the net, the only hosts that i can ping are the host on my nwtwork and the interface of the firewall that is my gateway.  

     

    Hi Matteo,

     

    I have done the same change from Fortigate to Sophos XG ( 350 in my case ) cluster ...what a trauma! I made it on April .... I have a problem similar to yours, maybe is not the same , in my case all my interfaces randomly isolate from each other. I have the cluster in HA Active-passive mode and the problem stay there until I reboot the cluster : once I reboot the network instantly resumes.

    If you can try to catch information when the firewall is blocked , try to enter the advanced console via ssh , this will open an unix-like console, try to do a "top" command to check if there are processes near 100% , in my case I have snort that is 100% CPU ( one core ).

    As today my only solution is rebooting...hope this helps and keeps us updated...

     

    Simone

Reply
  • 0

    MatteoGalvani said:

    But with all the scan disabled the things are going a little better but not so much... The XG firewalls are isolating from the network for 15-20 seconds al lot of pc's randomly during the day. That's happen to me to. For example i'm navigate on the Amazon site and the firewall decide to isolate me from the net, the only hosts that i can ping are the host on my nwtwork and the interface of the firewall that is my gateway.  

     

    Hi Matteo,

     

    I have done the same change from Fortigate to Sophos XG ( 350 in my case ) cluster ...what a trauma! I made it on April .... I have a problem similar to yours, maybe is not the same , in my case all my interfaces randomly isolate from each other. I have the cluster in HA Active-passive mode and the problem stay there until I reboot the cluster : once I reboot the network instantly resumes.

    If you can try to catch information when the firewall is blocked , try to enter the advanced console via ssh , this will open an unix-like console, try to do a "top" command to check if there are processes near 100% , in my case I have snort that is 100% CPU ( one core ).

    As today my only solution is rebooting...hope this helps and keeps us updated...

     

    Simone

Children