V17 hanging a lot and it's not stable, all my issues fix after return to V16

i have 3 Device XG 125 and yesterday morning i have updated 3 devices to V17 and after 3 hours, a lot of issues happened like the following :


1- VPN site to site not connection, from the log it say failed ( no more details in log )

2- suddenly when i try to logon to sophos main page , after enter the username and password, it will not login, even no message password is wrong or any message, it just stuck ( fix by hard restart, then it appear 2 time more then fix by hard restart)

3- it's not responding to SSH, mean i enter username and password and i choose to restart or shutdown but, nothing happened 

4- after restarting then login to firmware page to check the current version, it will stuck and nothing appear



all of this issues appear in all of my XG ( 3 devices in 3 different location ), and all working back normally after back again to firmware 16, so is 17 tested or not ? i'm always doing update for the new firmware and no issue at all, this the 1st time, and this effect my organization for 2 hours, 


and can any one advice me the following :

1- is there any support hotline of sophos in UAE?

2- what is benefit of having Enhanced Support, and what different between it and Enhanced plus Support ?

3- what is the backup solution you can advice if one device (hardware or software failed ) ?


  • Hi,

    Can you please enable the remote access ID for one of the firewall and PM me the code. I will check the configurations and I would also like to see through the csc.log, tomcat.log, syslog.log and the dropbear.log. Please refer the following articles for more details:

    Sophos Firewall: Where to find log files

    Sophos Firewall: How to enable SSH connection


  • In reply to David Touitou:

    I was wondering if it was a beta version... I really was surprised to know this problems didn't show up on their test environments before release.

    The thing is I upgraded hoping it would solve  some strange issues I am facing with previous versions regarding specific scenarios since support was not responsive and didn't solve the issue I am facing regarding specific scenario for two weeks.

    However the newer update is much better. The thing is support is really dodgy. They were good at identifying the problem but the cause they just can't admit it to be bug which is frustrating me and Is the reason why I joined this community.

    I found out that I wasn't the only victim. The issue now is I have a client whom has already started to become dependent on sophos and when they contact support and they don't respond they contact me for support as I was the one that installed the setup.

    I'm talking 1 ho 4 medium branches and 17 reds which 5 of them are not working under transparent mode with static uplinks for God knows whatever reason.

    Support is a hopeless case. Especially in Saudi Arabia. It's like these guys prioritize support for OEMs or know theres lots of issues so the smart guys receiving tickets refuse to support as they know the issue is firmware and it's beyond their control. I don't know I'm just really frustrated with contacting support via their support system.

    I have realized their are active members from the vendor and community in this site and I will be treating the xg like an open source community project from now on in which I will be presenting my cases over here as I see the community is pretty active both from the vendors side and the community.

    Support tickets will be opened just to compare between vendor support and the community.

    So far the community is just simply amazing and I regret not coming here before and contacting support upfront.

    Maybe Sophos needs to look at the example of vyatta and vyos. Just open source it and the community will fix the hell out of it in no time.

  • In reply to Gowtham Mani:

    I confirm that snort was acting like parasite under the hood. Before v17 and after updating it to the new fix it is fine.

    At the office we are running latest v16 on an xg85. Cpu utilization and ram are already loaded which is expected due to the hardware limitations. However I wonder what will happen if I did the upgrade... Lol

    Give me a week. I have an XG 430 deployed in a production environment with almost 500 users.

    So far the hang and internet issue are solved by just upgrading but God knows what kind of complaints I will get with this new firmware through out the week.

    Will be presenting my cases here from now on as I give up on contacting support. It's just a hopeless case.

    This xg is a nightmare but it's improving. I hope this nightmare ends quick because I honestly havnt been sleeping well ever since I've deployed the XG 430. Most our clients did the upgrade and not all are facing the same issue perhaps because they are running it on small environments with no complex scenarios.

    Thankfully  the newer release resolved some issues.

  • Hello.


    This issues should now be resolved if you install v17 MR-1 that was released last week. You should find it in your unit or in MySophos portal.




  • In reply to RickardNordahl:

    Yes. It's resolved indeed. Now the there is almost no to little load on the utm. Not to mention the sudden improvement in internet speeds.

    However I did realize that every website is categorized as uncategorized and the web filter policies aren't working properly b. Did some research and still trying to grasp the difference between wingc and sxl.

    I did not change any configuration. Is the internet speed related to the switch from wingc to sxl?

    My issue might be ISP related but at the same time it was working fine before the upgrade.

    Could anyone please clarify the difference between wingc and sxl in vivid details.

  • I have upgraded again to V17, and same issues for IPSec VPN, disconnect every 2 or 1 hour, and IP phones that in other country giving an error ( IKE phase 2 no response )



    I'm sure V16 is stable than V17, as it seems it's not tested well, I have created ticket with the support team, but still no answer, so I will back to V16 tomorrow early morning, as V17 effecting my work 

  • In reply to KhaledMaged:

    There is a Fix out in MR3 for this,


     You can read about the MR3 release here https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-0-3-mr3-released


  • In reply to RickardNordahl:

    Hello, after upgrade to MR3 i had to change the policy to get the VPN to connect. 

    otherwise i just get the error what shown i the picture. 


    Error log after using following policy


    After that i Clone the policy and change to AES128 in the policy in both XG 115 and then i get the VPN to connect

    In the MR2 the VPN policy work fine.


  • I returned to firmware V16 and everything works perfect as before, I’m With Sophos from 3 years and I always update the firmware to latest version to get the last update, as new firmware should give more feature and more stability, not the reverse, unfortunately my work has affected because of V17.

  • In reply to KhaledMaged:

    so till now this issue not fixed???   is this normal to take this much time?

  • In reply to Joat:

    and how is the VPN issue now? I'm still with 16 and it's stable, should I upgrade or you do not recommend 

  • In reply to KhaledMaged:

    For me the IPSec VPN works fine in version 17.1.2 MR-2.


  • There are plenty of posts discussing this topic.  As far as I am concerned, upgrading from one version to another is a reliable way to have troubles with VPN.  I did upgraded to latest V17, but many times, I had to rebuilt VPN from scratch.  I would never go back to V16.  Tons and tons of problems.  V17 brings you IKEv2 which is known to be mandatory in order to expect a minimum of security.    As oppose to IKEv1 in v16. Take note of your VPN setup in V16  before upgrading to v17, but once in v17, rebuild VPN from scratch.  If possible, with default IKEv2 profile I would say.

  • Hi Guys i have this from Support Staff Team,

    please Convert it, in the google translator.

    It means that the Appliance is working well but it disconnects from WAN and from CFM, also we cant logon to the WebAdmin or Userportal, we have to restart over SSH.

    Problem Description:

    wir haben erneute Probleme mit einer XG105, die Appliance läuft Fehlerfrei, außer dass man auf keine Oberfläche mehr kommt. Ob WebAdmin oder Userportal. 
    SFOS 17.1.1 MR 1 war derzeit installiert, heute Upgrade ich auf 17.1.2 MR 2. (After Upgrade Same Issue)

    Wir müssen die Appliance dann über SSH neustarten, es werden keine LOGs geschrieben, sodass für mich keine Analyse möglich ist. 
    Die Appliance trennt sich auch vom SFM für mein Partnerportal


    Sehr geehrter Herr XXXXX, 

    der Case liegt aktuell im Second Level Support zur weiteren Bearbeitung. Da wir aktuell einige ähnliche Fälle 
    verzeichnen, ist ein Problem in der Firmware nicht auszuschließen. (a problem in the Firmware cannot be rules out)

    Dies muss jedoch durch eine höhere Support Instanz verifiziert werden, bevor wir die ggf. die Hardware 
    austauschen oder das Problem durch ein Update lösen. 

    Mit freundlichen Grüßen, 

    Sophos Technischer Support


    Regards N33dfull

  • In reply to n33dfull:

    I have upgraded to 17  latest version but still not able to establish the connection at all between 3 branches (all 3 branches I have upgraded to 17), as per advice, I have rebuilt VPN from scratch with default IKEv2 profile, but still failed, Sophos support logged with me for 30 min but they failed also to establish the connection, so I returned back to 16 and it's very stable, the plan now to try again tomorrow with downtime of  hours to test it with support online