XG210 crashed today

In that case, could you tell us the number of concurrent active users behind the XG Firewall and which modules are actively used for filtering the network traffic. 

Alongside, PM me the syslog.log to investigate further. Finally, do you see high CPU and high memory utilisation on the XG device?

Thanks,

Hello,

I think the XG210 is oversized for the way it's used by the company. There are 40 users behind the XG210, and the XG210 is connected via SSL VPN SITE-TO-SITE on a XG125 and there are 10 users behind it. So there is 50 users max using the XG210. The license used is EnterpriseProtect. The modules activated are WebFilter and ApplicationFilter, IPS, STAS, Wireless Protection with 3 AP55. 

The CPU and memory utilisation are very low on the XG210 device. The CPU is constantly less than 10% and memory constantly less than 35%.

Where can I find the syslog.log and how can I transfer it ?

Thank you.

Refer to the following KB article for the log file information, https://community.sophos.com/kb/en-us/123185. You can copy the logs to the clipboard of set up putty to store the log lines in a text file. PM me these log lines and I will add my inputs.

Thanks

I sent you the logs via PM.

Thanks.

Mine hasn't either.

I had the Sophos Support team jump in and run through the logs. We can see when I rebooted it but for 30 min before - when CPU was high there were no logs showing anything bad.

The XG just went nuts for no reason.

The Sophos support just called me back today to connect on the XG and have a look on this crash.

They told me they will escalate the case at the lvl 3 because they couldn't find anything in the logs.

All I got from support was to perform Hardware, Memory, and Disc checks.

Sadly mine crashed yet again - this time no CPU load etc - just stopped and died.

Sad...

Mine did not crash since the initial crash and lvl 3 engineers are still investing on the issue.

Mine crashed yet again today.

Logging etc was fine until the crash when it just stopped - no errors etc.

Sophos are now RMA me a new one as they think it might be a Hardware failure due to the way logs just stop.

We have had one of our XG210s (lightly loaded) crash yesterday about 15:45, with 17.1.1 MR-1, hard rebooted today as even ssh terminal will not log in, GUI died 1hr or so later, ssh cannot login as well so downgraded to 17.0.8 MR-8

It had been running 17.1.1 MR-1 for over a week with no issues so I think an update sent yesterday has caused this.

Hi,

Where can I find Fabric date of my XG210? Will you get a serial number C23076JBFP7MC92 ?

All I can say is my XG230 was Manufacturer date Oct 2015 Rev 1

Should be a sticker on the appliance itself. 

Hmm, ours crashed 3 more times over the weekend, even when downgraded to 17.0.8  I think it must be a broken patch/pattern as 17.0.8 and 17.1.1 were stable until the middle of last week.  I'm going to log a support ticket today as this is simply unacceptable.  Unfortunately I cant get something off a sticker as ours is 100 miles away in  a remote site with no techs there...

We also have an HA pair of 430s, another of 310s and one of 210s that all appear to be unaffected...

I had Sophos Support replace mine - I have an RMA one here to put in my Comms rack tonight.

Not sure if its any help but my support ticket is:

# 8273744

I had 3 other tickets before this for the XG Crashing. All since going to v17.1 (coincidence?)

The last ticket Sophos think I may have a corrupt disc as when the XG stops it Stops Dead - no logging etc just goneski.

I could remove the XG210 from the rack and it is not possible. I still have a paper box where these values are. Sophos XG210 rev. 3 Security Appliance. SKU XG21T3HEUK

Sadly they replaced mine with an even older Rev 1

You had mentioned there were no hardware errors found, so I wonder if there is just no way to fix a bad pattern installation without sending a new unit? New unit sounds nice but, Support told me last night that if the crashing/freezing is in fact being caused by a pattern update, that a simple config restore won't be enough and that the only way to fix it is a full firmware wipe which is surprising to me. Does any one know if it's in fact not possible to just revert back a bad pattern update?? Or even know which one caused it?

I had no pattern updates stuck.

Sophos support couldn't find any reason at all why my XG would crash. Nothing stuck, nothing logged etc - just ceased to function.

This is why they decided it might be a bad disc and replaced the XG

Its been up for less than a week now and I also updated it to 17.1.2 MR2 - fingers crossed as mine crashed about every 10 days

I put my RMA right onto 17.1.2 MR2 as it was just out.

No issues so far and another thing I noticed was I was getting Performance warnings for Load average on my original one where as the RMA doesn't get the spikes I was getting.

So maybe I did have a bad disc and when it was being accessed caused a higher load time.

Still hoping it remains up.

I downloaded 17.1 and 17.1.2 directly from MySophos and not via the GUI