XG210 crashed today

Hello,

The XG210 of my Custommer crashed today at 8:50AM, we were not able to ping the LAN IP or the WAN IP.

The firmware version is 17.1 GA.

It came back after a manual reboot.

Once online again I saw in the "performance" tab that we had an anormal high number of sessions at 8h50 which I guess it's the cause why the firewall crashed.

I don't really know what can cause such a high number of sessions, in normal use the sessions number is between 300 and 600 on this firewall...

Any advice ?


I opened a case with the number: 8183274

 

Viken

  • *UPDATE*

    The high number of sessions is not the cause of crash because it not happened before the crash but when we rebooted the firewall. 

    During the crash the number of sessions is stuck at 0.

  • Hi Viken,

    Take a look at the KB article we published here. You might be affected due to this issue.

    Thanks

  • In reply to sachingurung:

    Hello Sachin,

    Unfortunately this KB doesn't concern my case because the XG210 is not in HA.

  • In reply to VikenNajarian:

    In that case, could you tell us the number of concurrent active users behind the XG Firewall and which modules are actively used for filtering the network traffic. 

    Alongside, PM me the syslog.log to investigate further. Finally, do you see high CPU and high memory utilisation on the XG device?

    Thanks,

  • In reply to sachingurung:

    Hello,

     

    I think the XG210 is oversized for the way it's used by the company. There are 40 users behind the XG210, and the XG210 is connected via SSL VPN SITE-TO-SITE on a XG125 and there are 10 users behind it. So there is 50 users max using the XG210. The license used is EnterpriseProtect. The modules activated are WebFilter and ApplicationFilter, IPS, STAS, Wireless Protection with 3 AP55. 

     

    The CPU and memory utilisation are very low on the XG210 device. The CPU is constantly less than 10% and memory constantly less than 35%.

     

    Where can I find the syslog.log and how can I transfer it ?

     

    Thank you.

  • In reply to VikenNajarian:

    Refer to the following KB article for the log file information, https://community.sophos.com/kb/en-us/123185. You can copy the logs to the clipboard of set up putty to store the log lines in a text file. PM me these log lines and I will add my inputs.

    Thanks

  • In reply to sachingurung:

    I sent you the logs via PM.

    Thanks.

  • I had a similar experience.

    My XG 230 running 17.1 GA hot a Load Average of above 15 which made the CPU get stuck at 98+%

     

    I had to pull the plug and reboot it to get it back. It too reports high CPU. Only since 17.1 was loaded though.

  • In reply to M8ey:

    Hello,

    Mine did not crashed since my post.

    Hope that it won't anymore.

  • In reply to VikenNajarian:

    Mine hasn't either.

     

    I had the Sophos Support team jump in and run through the logs. We can see when I rebooted it but for 30 min before - when CPU was high there were no logs showing anything bad.

    The XG just went nuts for no reason.

  • In reply to M8ey:

    The Sophos support just called me back today to connect on the XG and have a look on this crash.

    They told me they will escalate the case at the lvl 3 because they couldn't find anything in the logs.

  • In reply to VikenNajarian:

    All I got from support was to perform Hardware, Memory, and Disc checks.

  • In reply to VikenNajarian:

    Sadly mine crashed yet again - this time no CPU load etc - just stopped and died.

  • In reply to M8ey:

    Sad...

    Mine did not crash since the initial crash and lvl 3 engineers are still investing on the issue.

  • In reply to VikenNajarian:

    Mine crashed yet again today.

     

    Logging etc was fine until the crash when it just stopped - no errors etc.

    Sophos are now RMA me a new one as they think it might be a Hardware failure due to the way logs just stop.