Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
Today I decided to create this posting because we have an erratically recurring problem:
We have a UTM 9 SG310 as corporate solution.
Since 7th January, roughly around 9 and 15 we have daily interruptions.The internet connection drops on all lines, the process httpprox spikes up to 380% and makes the CPU busy at 100%.
I noticed it happens at the same time when the "network protection reporting" shows a very high amount of violations:
I saw the incoming traffic is a bit higher than usually:
When the internet connection drops and I turn off the Web Filtering, the connections comes back immediately.
This brings me to the quqestion what I can do know.
I need a way to narrow it down better.
Do youo have any ideas?
Many thanks in advance for the help!
Hi Dennis. UTM reporting isn't granular enough to check the total requests to the web proxy by minute, by hour, etc. Likely you would need iView to see that kind of data.
One of two things is happening. Either there is sufficient requests going through the http proxy to cause CPU to spike to 100% (highly unlikely), or there's something going on which which support should take a look at.
What firmware version are you on? Are you usual dual or single engine A/V scanning in the policies? If single, what engine is displayed under Management > System Settings > Scan Settings?
In reply to TimHansen:
thank you for your answer.
We are not using Email Protection so I guess we are using 'single AV'?
Under Management > System Settings > Scan Settings we are using as 'Antivirus Engine Preferences' the Scan Engine "Sophos"
Our UTM 9 Version information are:
The most of the day the CPU is around 4-6 percent, RAM around 15% and the Data Disk also <10%.So strange things are happening :)
I hope this helps to narrow down the problem even further.
Many thanks in advance again! :)
In reply to DennisSar:
Actually when I said single or dual scan, I was referring to inside web protection. If you look at the Filter Action in one of your Policies, you can see under Antivirus there's an option to select Single scan or Dual scan.
If you're using single scan, go back to Management > System Settings > Scan Settings and change the single scan engine to Avira. If you notice that this doesn't change the behavior, give us a call to open a support case. There's no way CPU should go from 4-6% up to 100%.
We are not using any policies in the Web Protection > Web Filtering.
I also changed the Scan engine in Management > System Settings > Scan Settings from "Sophos" to "Avira" without positiv result.
But -regardless of the scan engine- it's even worse now!When I turn on the Web Filtering the CPU goes up to 100% (web gui) immediately and interrupts the internet connection.
So yeah, what do I need to do to raise a support request?Can you get in touch with me via my e-mail addy I'm using here or is there a portal (this is the first time we have to contact you - what's actually good ;) )
Many thanks again!
Dennis, you can raise a support case through here https://secure2.sophos.com/en-us/support/open-a-support-case.aspx, which will automatically generate a case on our end. An engineer will reach out to you in turn. Alternatively you can use the "For Critical Cases" option on the left of that page to find out the phone number for technical support in your region. Likely they will ask for a serial number of the appliance in order to look up your account, so have that ready.