[Probably a bug] IPS engine restarting constantly

Question

TLDR ; since firmware SFOS 16.01.1 the IPS service dies and keeps restarting. Probably the reason why the service cannot init: /bin/snort: /lib/libcrypto.so.1.0.0: no version information available (required by /bin/snort) 
 Related/Relevant forum threads: 
 [1] Upgrade Sophos XG from SFOS15 to SFOS16 and "lost internet access". Reverting back to SFOS15 as well ass disabling the IPS service fixed it. community.sophos.com/.../315511 
 [2] "IPS keeps restarting". community.sophos.com/.../version-16-beta-5-and-ga-ips-keeps-restarting 
 -- 
 Hi there, 
 Upgraded my Sophos XG Firewall (from SFOF 15.x) to version SFOS 16.01.2. After the upgrade no changes have been made to the configuration. Short after the upgrade I found out that all in- and outgoing traffic is blocked. I have traced it back to the IPS service. Stopping these service will result in allowing traffic. 
 IPS Nothing shows up in my log file (log viewer) despite that IPS logging is enabled. Also the IPS status gives the status back that 0 packets are dropped. Disabled the IPS policy for the rules on which the firewall should hit but that is not making any sense. 
 Firewall The firewall is blocking the traffic because it is 'invalid traffic'. 
 Using the device console I have dumped some traffic on the network. Below is an example packet (that is blocked): 
 2016-12-25 16:36:57 0102021 IP 172.17.29.3.33533 > 5.153.231.35.80 : proto TCP: P 3441838487:3441838 649(162) win 229 checksum : 52802 0x0000: 4500 00d6 4fab 4000 4006 34a6 ac11 1d03 E...O.@.@.4..... 0x0010: 0599 e723 82fd 0050 cd26 4997 2a9a a931 ...#...P.&I.*..1 0x0020: 8018 00e5 ce42 0000 0101 080a 0011 5bc2 .....B........[. 0x0030: 110f 6655 4745 5420 2f64 6562 6961 6e2f ..fUGET./debian/ 0x0040: 6469 7374 732f 6a65 7373 6965 2f49 6e52 dists/jessie/InR Date=2016-12-25 Time=16:36:57 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_sub type=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port6 out_dev= inzone_id=0 outzone _id=0 source_mac=32:64:36:64:38:38 dest_mac=36:65:61:65:39:36 l3_protocol=IP source_ip=172.17.29.3 d est_ip=5.153.231.35 l4_protocol=TCP source_port=33533 dest_port=80 fw_rule_id=0 policytype=0 live_us erid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src= 0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_ id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gatew ay_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts= N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tr an_dst_port=N/A > 
 What can be the cause? Any help is appreciated. 
 Regards, Ilias

IeM · Accepted Answer

Resolved after upgrading to MR4.