Noticing a similar creep. I have jumped from 65% after service restart up to 73% even though there has been no load on the device throughout the weekend.
Below you can see when I updated the firmware on Feb 7th and after the problems were unbearable a restart on Feb 13th in the evening. The patterns seem to repeat themselves.
I am having the same issue with an ASG425. Memory usage was running around 30% before the firmware upgrade. Now, in about 18 hours it will go to 100%, swap will climb and CPU utilization will also hit 100%. Snort and HTTP proxy continue to restart
This morning they did acknowledge a memory leak issue in 9.108!
Below is a response:
We have identified a memory leak in version 9.108 and have therefore released a patch in the form of 9.109 to address this.
As the update was only released this morning it is still in "Soft release" and will not show in the WebAdmin of the UTM. You can however manually download the update and upload this to the WebAdmin of the UTM before applying it.
I have applied the patch and will see if that resolves the issue
I ran into this two on two UTM 220's. Extremely high SWAP usage. Just upgraded the one and about to upgrade the other. The other UTM 220 that is running 9.107 is running just fine.
I don't know if this will help you, but we have had the exact same problem for a good year now. Randomly the HTTP Proxy, Postgres and SNORT would go through the roof with load averages: 10+, 10+, 10+.
We've been unable to put a finger on this, support was useless, until today! Today I just happened to be watching and was able to see one of our remote users log in using the HTML5 proxy. While they were on the resources slowly but surely went up, and up, and up some more until the units crashed (HA cluster). The resources just keep getting consumed until the entire system fails and a reboot is required. We have been living with this silliness for a damn year. We have had various Sophos support companies take a look at it, Sophos support as well and of course we have never been able to figure out. Crazy. So, maybe, just maybe if you're using the HTML5 portal, try turning that junk off and see if your stats go down.
We were able to test this in both directions
User INSIDE the network using an HTML5 portal on an ASG outside of the network.
as well as
User OUTSIDE network using HTML5 portal to access the network.
Both give the same result. Resources growing out of control over time until the units become un-usable.
HA status: HA master (node id: ***x (removed)) System uptime: 1 day 3 hours 3 minutes (literally the current uptime) System load: 25.48 "
Everything stops working and the phones light up with complaint calls.
Edit
Watching this for the last year using TOP from the command line we would only ever see the HTTPPROXY or POSTGRES going nuts using up all of the CPU. We have never seen (to my knowledge) anything else with such loads on any of the various UTMs that have had this issue.
Keep in mind we have plenty of these devices that DO NOT have this problem. The configuration of those devices only helps point the fingure at the HTML5 portal as they don't use it. (we have double verified this)
I found that after an update to 9.108 that my two branch office UTM120s will periodically lockup. I've had one need to be reset three times, with days between - the other needed three reboots in two days. I was out of the office and so unable to perform any diagnostics.
I updated to 9.109 on all UTMs after the first lockup, but all subsequent lockups have occurred after the update. I have a UTM220 that hasn't had any issues.
