I just spent the last few hours trying to get Sophos to support their product since we are supposed to get "premium support" but as usual there is no support... Their only suggestion was to re-image the box and get back to them. They didn't even want to stay on the phone to see what might be the cause.
I have 6 RED's connected to a single UTM 220 on 9.006-5.
When Application control/QoS is enabled on the UTM and all RED's, the UTM will soon after begin freezing. I can reboot all day long and it will not stop freezing. I also tried disabling the services. The only thing that seemed to work was restoring an old configuration before the changes were made.
BTW, I had a second UTM 220 with 9.1 soft release on it that I restored this configuration on and it did the same thing after a single RED successfully connected. Also if I try again to re-enable those services the exact same thing will happen.
Hi, it could be a hardware problem; check the fans.
Also check the logs and the memory/swap usage.
Barry
It's two different appliances showing the same issue on two different versions 9.0 and 9.1. One has barely been used out of the box and the other had been working. Also it's a fresh boot on both so no chance to exhaust memory/swap though I did use TOP to monitor it.
I finally got back on the phone with them and they are escalating it. It appeared unrelated to Application control and more related to enabling QoS on the RED's.
I've tried multiple versions of v9 with a fresh image of two different appliances and the behavior was the same on all including the recent 9.1 soft release. The only thing I haven't tried yet is deleting all RED's and re-adding which I may try this weekend.
Alright, it looks like I found the root cause. When you delete an interface that has QoS rules the QoS rules aren't completely deleted it appears, at least in v9.006-5. This will freeze the UTM with RED's if you try to re-add a RED interface with the same name and enable its QoS.
Quote