XG125 100% CPU USAGE

Hello,

I have an issue on an XG125. Every morning between 9h00 AM and 10H00 AM the CPU usage goes to 100%. I connected to the appliance from SSH to check with the "top" command to see which process was using 100% of the CPU and this is the AVD process. Then, when I restart the Anti-Virus service from the appliance, the CPU usage come back at a normal usage.

The problem is happening every morning and it's very critical because when the CPU usage is at 100%, the IPSec VPN between this XG125 and another XG210 is not stable and 60 people could not work properly.

 

I openned a support case (here is the number: 8451452) and they asked me to backup the appliance and reset to factory defaults... But I cannot accept this answer because this is a production Firewall and the Firewall is at a remote site at 500Km, so I could not go on site just to test if a factory reset will do something, the boss won't accept to spend money for a 500Km travel just to do a factory reset because the ~$2000 firewall he bought needs a reset...

 

Actually I have totally disabled the "SCAN HTTP" feature on the rules to test if tomorrow morning the CPU will reach 100% again or not.

 

If anynone has an idea...

Thank you for your help.

  • Hi  

    Apologies for this negative experience, I will follow up with your support case accordingly.

    Regards,

  • In reply to FloSupport:

    Hi  

    Thank you.

     

    In additional information, this morning the CPU usage is normal (in my opinion this is because I disabled SCAN HTTP in the firewall rules).

     

    Regards.

  • In reply to VikenNajarian:

    Hi Viken,

    What are your configured settings for Malware and Content Scanning? (Protect > Web > General Settings)

    Would it be possible to please share a screenshot of these settings (along with expanding the advanced settings tab).

    Thanks,

  • In reply to FloSupport:

    Hi

     Here is the screenshot :

     

    The settings are the same on the 10 others XG I manage and the issue is happening only on the XG125.

     

    Thank you for your help.

  • In reply to VikenNajarian:

    Hi Viken,

    Thanks for following up.

    For troubleshooting, could you try switching your scan engine to Avira and then re-enabling Scan HTTP on your firewall rule to test if the issue still occurs?

    Regards,

  • In reply to FloSupport:

    Hi  

    Sorry I didn't mention it, but I already tried to switch the engine to Avira and then re-enabled Scan HTTP during 24 hours, but the problem was still the same at the next morning.

    This is why I totally disabled Scan HTTP on the firewall rules.

     

    Thank you

     

    Regards,

  • In reply to VikenNajarian:

    Hello,

    Just an update, I obtained a RMA replacement unit from Sophos Support to replace  the deffective XG125.

    I will replace it soon and I hope it will resolve my issue.

     

    Thank you for your help.

  • In reply to VikenNajarian:

    Hello,

     

    does that replacement unit fixed your problem?

    Or you found another solution?

     

    Regards Philipp

  • In reply to PhilippD:

    Hello

    I received the replacement unit, I reconfigured it, and i sent it back to the custommer, they did not receive it yet.

    They should receive it today or tomorrow, then I could tell if the replacement unit resolved the problem.

     

    Regards,