Thread Info
  • Locked Locked
  • Replies 10 replies
  • Subscribers 7 subscribers
  • Views 7409 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM Home - 'hangs' after several hours of use

John Maytum

Installed this week a Sophos UTM Home edition on on  Zotac nano I321 / 8 GB RAM / 120 GB SSD

Seemed to install without issue and for testing connected a single PC between the Zotac and the main network switch. Installed UTM as a bridge, created some rules to shape and throttle streaming traffic. Ran it for three plus hours without any problems (such a nice intuitive interface).

Now moved zotac UTM unit to sit between the main switch and the upstairs switch. It should be seeing approximately 15 devices, mixture of wired and wireless. Mainly web traffic, streaming media (twitch/youtube) and video games - LoL WoW etc.

Unit ran for about two hours and was working exactly as planned. YouTube 'Auto' throttled down to 480p etc. After two hours though the web interface stopped responding and I could not ping the device.  

Rebooted the unit this morning - IP connectivity returns. Two hours later all has gone quiet again. I was running a ping -t command against the unit and I can see it just stopped responding. Another reboot will be in order later. Anybody got a view of what could be causing this or where I can start looking?  

Not sure if relevant but..

Only change to Zotac was to enable legacy boot

The Network is approx 30 devices - all on same subnet

The first time the device went quiet it would have been seeing 5-6 streams of data, today though everyone is at work/school so it should just be background traffic 

Tolax



This thread was automatically locked due to age.
Parents

  • Hi,

    looking at the specifications of the UTM, I suspect it is under powered and choking on the load and then overheating. A 1.1ghz CPU is alright for two or three users, but 30 you need something like 2.8 to 3.4ghz. Also you didn't say what  your wan link speed is?

  • in reply to rfcat_vk

    Device is currently sitting between two gigabit switches. Internet Uplink is 75/5 (Xfinity).

    When watching it for a couple of hours the CPU did not seem to be overly taxed (sub 10%) and the unit seemed cool to the touch.  I might force the connection on the managed switch to be 100Mb to see if that makes a difference. There is no fan on the unit though so heat could be an issue. Wonder if there is a log entry associated with that....

    As an aside - I dug around the pfSense forums and they were suggesting "turning off hardware checksum offloading" on the interfaces. Might investigate that though more worryingly there were several similar reports of hangs on the Amazon review webpage with "I gave up and sent it back" as the main solution.

    Appreciate the response.

    Tolax

  • in reply to John Maytum

    i run my ci 321 for many month now.. it is not underpowered for the traffic and the line you use (i use cable 100 down / 6 Up)..

    first of all update your bios / check bios for some settings causing this unwanted suspending...

     

  • in reply to zaphod

    @zaphod - do you have IDS/IPS enabled?  I would have thought this little box would struggle with that.  I would definitely have discounted this box short of hearing your response.  Spec-wise, it seems a little light in the CPU.

  • in reply to zaphod

    @zaphod - Thanks for taking the time to respond. Aside from setting the boot mode to Legacy do you remember the other Bios settings that you changed? Any suggestions would be appreciated. I'd also be interested to know what you are using the box for. Do you have Virus Checking/IDS enabled or are you just using the box as a firewall/traffic shaper? 

     

    Thanks

  • in reply to John Maytum

    I had this exact problem when I was first testing my Sophos rig (different hardware mind you).  However, the problem turned out to be the onboard NICs.  Most onboard nics are using a Realtek chipset, which Sophos UTM had problems with those chipsets (I havn't checked lately if thats still the case).  Mine would simply disappear out of the UI.  It was really odd.  I ended up getting a 2 port Intel NIC and the problem went away (which I know you cannot do in that Zotac box). It is worth checking that for compatibility.

  • in reply to John Maytum

    hi guys,

    i use this box with following:

    - 1 ipsec vpn to my work place

    - web proxy

    - ids / ips with all features enabled

    - some dnats

    - pop3 proxy for email scanning

    - dhcp server

    - packet filter

    - ssl vpn remote login gateway

    ...

    have no problems with it.. cpu load never get more than some peeks about 60%. streaming amazon hours and no connection lost...

    maybe i am the lucky one ;-)

  • in reply to zaphod

    If you do a speedtest (speedtest.net) with IDS enabled on the machine, can you get a full 100mbps out of your connection?  This would be a good little box for home use if it can support all of the AV/IDS features at 100mbps for single streams.

     

    Edit:  I wish it was Intel dual gigabit.  Not a fan of Realtek.

Reply
  • in reply to zaphod

    If you do a speedtest (speedtest.net) with IDS enabled on the machine, can you get a full 100mbps out of your connection?  This would be a good little box for home use if it can support all of the AV/IDS features at 100mbps for single streams.

     

    Edit:  I wish it was Intel dual gigabit.  Not a fan of Realtek.

Children