XG210 crashed today


The XG210 of my Custommer crashed today at 8:50AM, we were not able to ping the LAN IP or the WAN IP.

The firmware version is 17.1 GA.

It came back after a manual reboot.

Once online again I saw in the "performance" tab that we had an anormal high number of sessions at 8h50 which I guess it's the cause why the firewall crashed.

I don't really know what can cause such a high number of sessions, in normal use the sessions number is between 300 and 600 on this firewall...

Any advice ?

I opened a case with the number: 8183274



  • In reply to M8ey:

    We have had one of our XG210s (lightly loaded) crash yesterday about 15:45, with 17.1.1 MR-1, hard rebooted today as even ssh terminal will not log in, GUI died 1hr or so later, ssh cannot login as well so downgraded to 17.0.8 MR-8

    It had been running 17.1.1 MR-1 for over a week with no issues so I think an update sent yesterday has caused this.

  • Hello, I also have the XG210 and today I became the same problem around 11:45 pm in the Czech Republic. Firewall has stopped responding I had to manually shut down. I have SFOS 17.0.8 MR8
    Excuse me for my English ...

  • In reply to Tomas Pijacek:


    Can we try to find a pattern? 

    Can you please post your Fabric date of your XG210? 

  • In reply to LuCar Toni:


    Where can I find Fabric date of my XG210? Will you get a serial number C23076JBFP7MC92 ?

  • In reply to LuCar Toni:

    All I can say is my XG230 was Manufacturer date Oct 2015 Rev 1

  • In reply to Tomas Pijacek:

    Should be a sticker on the appliance itself. 

  • In reply to LuCar Toni:

    Hmm, ours crashed 3 more times over the weekend, even when downgraded to 17.0.8  I think it must be a broken patch/pattern as 17.0.8 and 17.1.1 were stable until the middle of last week.  I'm going to log a support ticket today as this is simply unacceptable.  Unfortunately I cant get something off a sticker as ours is 100 miles away in  a remote site with no techs there...

  • In reply to CMR:

    We also have an HA pair of 430s, another of 310s and one of 210s that all appear to be unaffected...

  • In reply to CMR:

    I had Sophos Support replace mine - I have an RMA one here to put in my Comms rack tonight.

    Not sure if its any help but my support ticket is:

    # 8273744

    I had 3 other tickets before this for the XG Crashing. All since going to v17.1 (coincidence?)

    The last ticket Sophos think I may have a corrupt disc as when the XG stops it Stops Dead - no logging etc just goneski.

  • In reply to LuCar Toni:

    I could remove the XG210 from the rack and it is not possible. I still have a paper box where these values are. Sophos XG210 rev. 3 Security Appliance. SKU XG21T3HEUK

  • In reply to Tomas Pijacek:

    Ours had a corrupt disk as well and was RMA replaced.  We got a rev2 to replace a Rev1 so I think 17.1 corrupts Rev1 drives...

  • In reply to CMR:

    Sadly they replaced mine with an even older Rev 1

  • Jumping in here, an XG 105 (rev2) at a customer of mine began having similar issues on 8-16-18 at around 9:40am Pacific Time. The customer called me and told me their internet access was down. I couldn't access it. Had them hard reboot it. Happened twice that day and once the next day. Can't stand it. I'm on an older 16.05.8 firmware for legacy VPN reasons... but thought I would throw my notes in here just in case it helps. I don't know if my issue is the same, but I have not had a single outage for the past 8 months since I installed this unit, and now this.

    Opened a support case 8300357, we looked at logs and at system performance charts. My RAM and CPU usage literally dropped to 0 from about 8-16 at midnight until about 8-16 at 10 am after the unit had been shut off and on. So nothing was logged at all the entire morning for performance. One time I was able to get into the GUI, and CPU was hovering around 99% for unknown reasons.

    Support did a tail command and could see failing antivirus updates. At the moment I have no resolution. Did a memtest, disk check etc. 

    I've restored to a backup as of 8-1-18 but I'm not hopeful as I think the pattern updates remain even after a (config) restoration from backup.

  • In reply to apalm123:


    I was blaming 17.1 but you are not on that (you should be - much better than 16)

    My logs were similar - all cruising then max CPU and lock up. No network, SSH etc and the logs show nothing at all.

    The XG just stopped.

    I have a replacement unit now so fingers crossed it remains up.

  • In reply to M8ey:

    You had mentioned there were no hardware errors found, so I wonder if there is just no way to fix a bad pattern installation without sending a new unit? New unit sounds nice but, Support told me last night that if the crashing/freezing is in fact being caused by a pattern update, that a simple config restore won't be enough and that the only way to fix it is a full firmware wipe which is surprising to me. Does any one know if it's in fact not possible to just revert back a bad pattern update?? Or even know which one caused it?