Sophos and Intel Atom CPUs

You may have heard some of the news circulating on product quality issues with Intel’s Atom C2000 series chips. Sophos uses Intel Atom C2000 processors in a small subset of XG and SG-series hardware, specifically the XG/SG 125 and XG/SG 135 models (all variants).  We are working closely with Intel to determine the extent to which Sophos products may or may not be affected by the Atom C2000 issue. If deployed XG/SG 125 or XG/SG 135 hardware fails to boot (the symptom of the reported Intel problem), please notify Sophos customer support.  To date, Sophos has seen low failure rates with hardware containing the Atom C2000 chip.  Rest assured that Sophos stands behind all our products and will correct hardware issues that may arise as a result of Intel’s Atom C2000 processor. 

  • Hi,

    will customers with affected devices be informed proactively and will sophos exchange the devices before they will fail? We have lots of SG125/135 active and Im interested, how Sophos will handle this.

    Thank you,

    Regards

    Sebastian

  • Update: We continue to work with Intel to determine the extent to which our use of the Atom processor C2000 product family could be affected by Intel’s recently-announced defect.  Once our investigation and analysis with Intel is complete, we will update this site with recommended actions (if any) to maintain the performance of your Sophos network security hardware.  In the meantime, we continue to see very low failure rates among our systems running the Intel Atom processor C2000 product family.  As always, if any system fails to boot (the symptom of Intel’s processor defect), please contact Sophos customer support immediately so that we may correct any issue.

  • AlanT: Thank you. I appreciate that.

  • Hey Any updates on the situation, i am looking to purchase an xg 125 appliance. If there are possibilities of any problems in the future i rather not purchase. Unless new revisions don't use the C2000 Processors

  • As far as I know, Tom, this only affects the Rev.1 version of the 125/135, not the Rev.2 version currently being sold.

    Alan, can you confirm that for us?  I've had one client fall victim to this and have three others that are exposed and I'm trying to get them to get a second unit for Hot-Standby.  Is Sophos working with Intel and the appliance's manufacturer on a plan to offer such units at a very attractive price?  Sophos should easily know who's eligible by the serial number in the license.

    Cheers - Bob

  • I would appreciate a statement to Bob´s last post. Up to  now, we already had 3 replacements (regarding this issue) of SG125/SG135 from a total of ~40 devices, we are managing. All of these devices are Rev1......

    How long will it probably take to complete the investigations with Intel?

  • I can confirm that this impacts at least earlier versions of the rev 2 hardware. I've had a failure with the exact symptoms reported by the gen 1 hardware with an SG125w. The replacement RMA hardware is also Rev 2, so I'm not holding out hope it's not going to fail again... as I'm not the only one to have Rev2 fail! It's not Sophos's fault this has happened, but I'm not convinced even Intel knows or has communicated the issue to their buyers in terms of how widespread the impact is. The only fix is a total hardware replacement of the c2000 SOC, which also entails a hardware re-design. If it impacts Rev 2 hardware, and I know I've had a failure of the SOC in the Rev 2 hardware due to the clock issue - I cannot be convinced it will not fail again sadly. The RMA should have been updated hardware that cannot possibly have the same CPU with the fault inside. They should be getting some sort of assurance from Intel the issue doesn't affect the replacement hardware, and properly communicating this to the customer. Saying "we're not seeing widespread reports" is not a suitable response, as even a single report of a failure in this manner indicates a failure that's only a matter of time before it recurs, as is the nature of this Intel SOC fault.

  • My other concern is... if the RMA replacement unit develops the fault again in 18 months+ (I was having intermittent CPU clock failures long before this, but reboots amazingly fixed it)... where does the RMA coverage sit on that hardware? It's not a fault of the user or environment operating, but the simple fact I have now heard of at least 3 failures just in my local circle using Rev 2 hardware suggests this is just the tip of the iceberg. My unit lasted longer than the typically 18 months, but it routinely crashed every few weeks with the console reporting IOCLK errors (another symptom of losing the c2000 clock gen) and experienced significant slowdown and intermittent unresponsiveness and packet loss. It eventually died after the same issue, but the reboot saw nothing beyond a power light coming on, so was totally dead at that point.

    Long story short... we don't know when the processor will fail, but what happens if the c2000 issue resurfaces in replacement Rev2 hardware? Will another RMA cover it when the timeline could be unpredictable, or can there be a proactive voluntary "recall" to replace prior to the failure where a particular serial of CPU is found in a unit?

  • Hello,

    could you please provide a workaround for electricians to repair an affected

    motherboard (e.g. by soldering a pull-up resistor from LPC_CLKOUT0 to 3.3V)?

    Could you please tell us a good location, where LPC_CLKOUT0 and 3.3V are accessible?

    It would be a shame (and waste of ressources) to dispose such a good board / device.

    (I just want to use the device for my home office or for training purposes.)

    Thank you! Best regards, Uwe