Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 5579 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SG330 useless, log partition fills within a day. Advice? Clone the drive?

WilliamGault

I'm getting seriously sick of having to fix UTM programming deficiencies or calling support to fix this and I feel the $10,000 that this unit + support cost is a borderline waste of money. If I sound frustrated it's because this keeps happening and someone on Sophos Premium Support side keeps stating they'll report it or try to find me an issue...

Initially when the unit was brand new within a month's time the unit hit 0% free space on the log partition due to a bug whereby random previous days hadn't successfully gzipped the logs and after this happened a few times, the log partition would fill and the unit would stop working correctly.

We then adjusted the log thresholds and set logs to delete after 7 days.

Within a month it happened again, had to call support to clean up the unit as the log thresholds didn't help.

Setup a remote log server and set the logs to delete after 1 day. Log partition still fills up.

After at least 4 calls to support and at least 5 times of me manually cleaning up this unit by hand, I'm getting sick of this situation.

You can set the logs to 1 day and the log partition still fills up and the unit stops working correctly - we won't get reports or if we do the data is faulty, you can't click on Firewall in the web interface, and sometimes the unit stops filtering users entirely.  

We signed up for a partnership with the intention of selling a number of Sophos UTM products but we've never seen one working successfully and as such we're still selling Untangle products for their superior reporting system or Fortinet products for their superior blocking capabilities.

If we clone this insufficiently sized 128 GB drive to an appropriately sized drive, at least a 240 GB SSD, does that invalidate our warranty?

Our company is investing our own time in resolving a failure of Sophos to provide a reliable system and we'd save more time long term if we covered the cost of the drive to the client so they can ride out the remaining year of their 'premium' support.



This thread was automatically locked due to age.
Parents
  • 0

    First call to foreign premium support wasn't so positive. Second call to UK support was positive, we discovered the fallback log file was filling up the drive. The content of this log file looks almost recursive in nature, one line of this log file is an entire page of 1440 x 900 small text in a putty ssh window.

    So you have an 83 GB log partition and you have a single 56 GB log file for one day that breaks the unit. The situation is being escalated to domestic support.

    To answer my own question, I was told that upgrading the hard drive to a more suitable size would invalidate the warranty. Figured it was worth a shot.

  • 0 in reply to WilliamGault

    Hi, William, and welcome to the UTM Community!

    If you've searched here, you know that yours is the only report of this outside of one five years ago.  This is not a bug, it is a broken firmware installation.  You need to get a range of new and older backups, reload the SG from ISO and restore a configuration backup.

    Unless you have one of the $10,000+/year super premium support contracts, calling Support is the worst way to get problems addressed.  If you're a Sophos Partner, ask your inside rep how to enter a ticket via a web form or an email address.

    Cheers - Bob

  • 0 in reply to BAlfson

    Bob,

    It's funny you say that re: firmware installation issue, a domestic rep had said this the first time we had the problem after which I completed a backup, restored the unit to factory, updated the firmware, then restored the backup. Perhaps this broken firmware installation problem is a reoccurring problem in which case this is the second time the issue has occurred.

    I'll update following the response I get from the ticket escalation as completing a backup and reload is not a possibility due to the 24/7 nature of the business.

  • 0 in reply to WilliamGault

    Sorry, William, but I bet you're going to have a facepalm moment... Your description isn't what Support and I suggested.

    You need to download the ISO for the hardware appliance from https://www.sophos.com/en-us/support/utm-downloads.aspx, burn it to a CD or DVD and then load the SG from that.

    If the business is 24/7, you should seriously consider adding a second appliance in Hot-Standby.  There's only the cost of the device as there are no additional licensing costs.

    Cheers - Bob

Reply Children
  • 0 in reply to BAlfson

    BAlfson said:
    Sorry, William, but I bet you're going to have a facepalm moment... Your description isn't what Support and I suggested.

    I'd say more a moment in agitation than a facepalm as earlier in the thread you'd suggested their support wasn't the best yet here you're asserting what they'd suggested...? In any case, no, you're incorrect - what I wrote above is exactly what they'd requested for a previous case with the same symptoms. At no point did anyone suggest downloading an ISO and restoring the unit. One agent suggested RMA'ing the device which wasn't a terrible idea, but it also wasn't a possibility at that time.

    This is actually the first anyone's suggested restoring the unit with an ISO and I may give that a shot after the escalated case is closed. Thanks.

    BAlfson said:
    If the business is 24/7, you should seriously consider adding a second appliance in Hot-Standby.

    The cost of a second SG330 goes beyond the scope of the IT budget at this location.