This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Potential hardware failure alert for SG 125 and SG135 users..Faulty Intel SOC bricking devices.

The c2000 SOC these appliances are based upon have a problem with their internal clocks that upon reboot if the clock has failed the machine is bricked.  intel has quashed just about all direct mention of this by vendors.  However the spike in failures has to deal with c2000 soc based appliances.  The flaw is widespread affecting Cisco, Synology, IX Systems, Netgate systems just to name a few.  All vendors have been denied the ability to mention which soc directly..but folks have managed to verify independently of Intel's blocks that the c2000 chipsets are dying after around 18 months of powered on time.  If the lpc clock fails during powered on time as long as you do not reboot the device will continue to operate.  the instant you reboot(hard of soft) the system bricks.  I have already inquired with Sophos directly about their policies.  Right now it appears they do not have a proactive replacement plan in place.  However if you have a subscription to a support plan(usually included with any kind of paid module) if your device fails they will ship you replacement hardware...so that's good.  Cisco has carefully worded things that unless you are within their initial 90 days of purchase or you have one of their support contract they will not replace the devices.  Netgate has extended their warranty to 3 years for all devices based on the c2000.  Other vendors have not announced plans.  Keep an eye on your sg125 and sg135 based devices..a reboot wil one day brick them.  If your device is 18+ months old be sure you have a contingency plan in place(HA of some kind) so you can recover quickly while you get your replacement when these devices brick themselves.  This is NOT a Sophos fault but one by Intel.

 

Please do not go screaming at Sophos as this one is NOT THEIR FAULT.  Intel is hampering things trying to contain the damage by not allowing the vendors to say exactly which chips are hit..but a little self-research makes it very easy to figure out whoe SOC is screwed up and which devices are a time bomb.



This thread was automatically locked due to age.
Parents
  • Thanks for bringing this to our attention, William!

    Yesterday at 4PM PST, one hour past same-day shipping from Sophos in California, I got a call from a client in Ohio who was in his office at 7PM his time.  High winds in Ohio had caused a power outage mid-afternoon and he was concerned that he couldn't reach his SG 135 from home after the power came back on just after 6PM.

    I had him unplug the unit to do a hard reboot.  He plugged a monitor in so he could watch it boot, but when the power was plugged back in, nothing appeared on the screen.  There was no disk activity light nor any one other than the blue power light.  The unit was "bricked" just as we were warned.  It had been purchased in April of 2015.

    Today, he will decide whether to connect directly to the Internet with no protection or if their business with over 50 people will be cut off until the replacement arrives tomorrow.  Ouch!

    I had already asked this client and others with potentially-affected devices to consider getting a second unit for Hot-Standby to avoid this scenario.  I've now emailed each of them with the yesterday's sad tale.

    This client had a Rev.1 SG as do my 3 other 125/135 clients without a Hot-Standby.  All with S12002 (125) and S13003 (135) S/Ns.

    My question is this: does this affect only Rev.1 devices or does it also affect Rev.2?  I'll push Sophos to get me an answer to this and return with their response.

    Cheers - Bob
    PS I'll move this thread to the top of the forum for awhile.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • So does this failure affect also rev 2 devices? I have a sg125 rev2 (january 2017) here...

  • I don't remember, but it would be good to have that answer in this thread.  Please check with your distributor and come back here and let us know.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I don't remember, but it would be good to have that answer in this thread.  Please check with your distributor and come back here and let us know.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data