Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 31 replies
  • Subscribers 39 subscribers
  • Views 70447 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

V17 hanging a lot and it's not stable, all my issues fix after return to V16

KhaledMaged

i have 3 Device XG 125 and yesterday morning i have updated 3 devices to V17 and after 3 hours, a lot of issues happened like the following :

 

1- VPN site to site not connection, from the log it say failed ( no more details in log )

2- suddenly when i try to logon to sophos main page , after enter the username and password, it will not login, even no message password is wrong or any message, it just stuck ( fix by hard restart, then it appear 2 time more then fix by hard restart)

3- it's not responding to SSH, mean i enter username and password and i choose to restart or shutdown but, nothing happened 

4- after restarting then login to firmware page to check the current version, it will stuck and nothing appear

 

 

all of this issues appear in all of my XG ( 3 devices in 3 different location ), and all working back normally after back again to firmware 16, so is 17 tested or not ? i'm always doing update for the new firmware and no issue at all, this the 1st time, and this effect my organization for 2 hours, 

 

and can any one advice me the following :

1- is there any support hotline of sophos in UAE?

2- what is benefit of having Enhanced Support, and what different between it and Enhanced plus Support ?

3- what is the backup solution you can advice if one device (hardware or software failed ) ?

 



This thread was automatically locked due to age.
Parents
  • 0

    I have also experienced similar performance issues on the XG125 and also have noticed an extreme throughput bottleneck with IPS.

    I have a 300/20 connection coming into the Sophos and when doing a speed test with the ISP with IPS policy turned on within the policy I only get about 50-100Mbps.

    Set IPS policy to None and my speeds reach about 290Mbps, finally stop IPS Engine service and speeds are up to 350+ Mbps. (connection is 300Mbps but ISP allows burst speeds for periods of time)

    These problems did not exist in V16.05.8

    I will be opening a case to have this reviewed and will report back here.

Reply
  • 0

    I have also experienced similar performance issues on the XG125 and also have noticed an extreme throughput bottleneck with IPS.

    I have a 300/20 connection coming into the Sophos and when doing a speed test with the ISP with IPS policy turned on within the policy I only get about 50-100Mbps.

    Set IPS policy to None and my speeds reach about 290Mbps, finally stop IPS Engine service and speeds are up to 350+ Mbps. (connection is 300Mbps but ISP allows burst speeds for periods of time)

    These problems did not exist in V16.05.8

    I will be opening a case to have this reviewed and will report back here.

Children
  • 0 in reply to hjherron6

    Any replay from technical team ? is it not compatible with XG125 or what ?

  • 0 in reply to hjherron6

    Same problem with IPS. 
    Even with NO rule using it, it eats way too much CPU and must be stopped (XG105 with a 60/30 VDSL access).

    Plus other problems such as: https://community.sophos.com/products/xg-firewall/f/vpn/97773/sfos17ga---broken-failover-group
    Or the "clone" function in IPsec connection not working.

    The problem is not us who should "test" the product before using it in production.
    The problem is the product going GA while it's not working: "failover group" and IPS are basic features and should be properly QAed.

  • 0 in reply to David Touitou

    I was wondering if it was a beta version... I really was surprised to know this problems didn't show up on their test environments before release.

    The thing is I upgraded hoping it would solve  some strange issues I am facing with previous versions regarding specific scenarios since support was not responsive and didn't solve the issue I am facing regarding specific scenario for two weeks.

    However the newer update is much better. The thing is support is really dodgy. They were good at identifying the problem but the cause they just can't admit it to be bug which is frustrating me and Is the reason why I joined this community.

    I found out that I wasn't the only victim. The issue now is I have a client whom has already started to become dependent on sophos and when they contact support and they don't respond they contact me for support as I was the one that installed the setup.

    I'm talking 1 ho 4 medium branches and 17 reds which 5 of them are not working under transparent mode with static uplinks for God knows whatever reason.

    Support is a hopeless case. Especially in Saudi Arabia. It's like these guys prioritize support for OEMs or know theres lots of issues so the smart guys receiving tickets refuse to support as they know the issue is firmware and it's beyond their control. I don't know I'm just really frustrated with contacting support via their support system.

    I have realized their are active members from the vendor and community in this site and I will be treating the xg like an open source community project from now on in which I will be presenting my cases over here as I see the community is pretty active both from the vendors side and the community.

    Support tickets will be opened just to compare between vendor support and the community.

    So far the community is just simply amazing and I regret not coming here before and contacting support upfront.

    Maybe Sophos needs to look at the example of vyatta and vyos. Just open source it and the community will fix the hell out of it in no time.

  • 0 in reply to Joat

    and how is the VPN issue now? I'm still with 16 and it's stable, should I upgrade or you do not recommend 

  • 0 in reply to KhaledMaged

    For me the IPSec VPN works fine in version 17.1.2 MR-2.

    -Ronnie