Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
we're supporting a number of XG firewalls for clients. We use LogicMonitor to monitor the appliances via SNMP. Recently (I feel like this all started after we pushed out MR5 to all XGs), we've been getting alerts that the SNMP Agent Uptime is near 0. I've looked into this for multiple different appliances after they alerted, but with Sophos Support on the phone we couldn't find anything in the logs that a service or anything is restarting. So as far as I know, the XG is not rebooting, no services are restarting, but we get alerts that the SNMP Agent Uptime counter was reset to 0.
Has anyone experienced something similar?
Any suggestions for further troubleshooting?
I have the same problem on Zabbix server since we upgraded firmware to MR5 :
Hi Bjoern Freiherr
Are you continuing to experience this SNMP counter issue? If possible, could you please share the number of your support case?
FloSupport | Community Support Engineer
In reply to FloSupport:
Yes we're still seeing this happening. I don't have a case number. When I called in, a support engineer was looking at one of the firewalls with me and couldn't find anything in the logs. I never got a ticket number for it as far as I can remember.
In reply to Bjoern Freiherr:
I apologize for this information that was not provided to you.
I would advise that further troubleshooting would have to be performed in your specific network environment. Packet captures would also need to be performed to gather more information about the communication between your XG firewall appliance and your SNMP manager.
For troubleshooting purposes, have you attempted to revert back to your previously known working firmware version to test if it's indeed an issue specific to MR5?
We have not reverted the firmware on any of the devices at this point. The problem is that it happens so randomly which makes it hard to capture anything at that specific time. The last alert I see was from yesterday night actually. I can't say if it's the XGs or if it's something with the monitoring system that causes this alert. It might be good to compare the data that the SNMP collector gets vs. what the XG SNMP agent sees. Any help troubleshooting this would be appreciated. I'd be happy to do a screen sharing session to show the things we're seeing.
I confirm that I have reverted to MR3 and the problem has been solved.
In reply to Bruno Carrulla:
That's good to know Bruno. Unfortunately MR3 is heavily buggy with VPNs, so I'm afraid to go back to that. Guess I'll have to wait for MR6 or higher to hopefully fix all the VPN issues and revert whatever bug was introduced for SNMP with MR5.
So I just had this happen again on one of our managed XGs. When looking at it shortly after all the monitoring graphs have restarted in the UI. I'm calling Support again now to look into this.
I've now logged this as case #7980313.
MR6 was released a few days ago, have you tested it?
As far as I can see nothing has been done with SNMP issues...
I just updated the firewalls to MR6 last night, but yes, unfortunately I don't think this will resolve any of the SNMP problems. But we will see.
To update this thread:
After further investigation, there is currently no SNMP OID to monitor the system uptime of the XG. Our developers are aware and this has been brought up for consideration in a future release.
The SNMP OID you may have been using (generic sysUpTime) is possibly related to the Garner service uptime. This service can and will be restarted during normal operation, therefore unable to provide an accurate device system uptime.
However, please do note the following links for our supported XG MIB and a community thread where a community user unofficially converted this into a Zabbix template for use on their network. Here you can find other supported monitoring metrics.