Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Subscribers 47 subscribers
  • Views 5745 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with many User on V18

TimFranken

Today I had to realize that the V18 still has problems with the SSL-VPN access and several users.

Due to the current situation, home office has been prescribed in our company and so today almost 30 people had to work via SSL-VPN. But this seems to be too much for the V18. From about 20 users the V18 simply restarts without notice.

I watched the whole thing 3-4 times within an hour and had to reboot to V17.5. There the problem does not exist.

We have an XG330 Rev.2 so the Hardware is not the Problem.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi TimFranken,

    Apologies for the inconvenience caused. Were you able to collect client logs from the SSL VPN client and sslvpn logs from the XG running with V18? If yes, please share logs.

    Thanks,

     

  • 0 in reply to FormerMember

    Unfortunately I was not able to save and evaluate logs. I was under a lot of pressure today, so that people can get back to work properly as soon as possible. They were all sitting at home and could not work. So I decided to boot the 17.5 again relatively quickly.

    On top of that I was just sitting at home and my remote session was also disconnected. Could only wait until the firewall was back after 3-4 minutes and I could connect again. After the whole thing happened 3-4 times, I booted the 17.5 again and it is running stable since then.

    Is there a way to get the logs in the inactive image now?

  • 0 in reply to TimFranken

    So i boot the V18 again and in LogViewer i can't find anything.

    I connected to ssh and found this in syslog

     

    Mar 17 09:15:10 (none) user.err kernel: [ 238.263258] 729:appdev_open:dev open 1 1f
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263259] 750:appdev_open:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263342] 703:appdev_write:ptr U 3,ACCEPT,1:DENY:202-10189-10214,2:DENY:7-35-68-69-73-75-82-118-133-152-160-174-179-198-215-217-219-221-264-282-309-311-313-314-315-317-318-320-325-326-331-332-333-334-335-336-337-338-345-346-348-353-354-355-356-357-358-361-362-363-365-366-368-369-379-380-383-390-412-462-465-486-487-488-489-490-491-496-534-538-549-554-641-642-663-666-667-670-673-677-678-679-713-723-728-797-799-817-819-954-971-977-985-993-996-997-1002-1009-1016-1019-1059-1094-1103-1284-1287-1325-1327-1328-1329-1330-1333-1334-1335-1336-1337-1338-1339-1340-1341-1342-1343-1400-1401-1402-1403-1404-1405-1407-1408-1409-1410-1411-1412-1413-1500-1501-1502-1503-1504-1505-1506-1507-1616-1617-1619-1620-1621-1622-1634-1816-1817-1818-1819-1821-2148-2149-2159-2161-2163-2190-2193-2201-2202-2210-2224-2430-2432-2433-2434-2539-2745-2746-2757-2785-2867-2878-2893-2894-2895-2911-2929-2930-2932-3175-3176-3177-3219-3375-3376-3386-3394-3403,3:DENY:134-142-148-149-156-1614-1808-1809-1810-1811-1812-1815-
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263351] 75:appfiltermap_adt_parser: buff U 3,ACCEPT,1:DENY:202-10189-10214,2:DENY:7-35-68-69-73-75-82-118-133-152-160-174-179-198-215-217-219-221-264-282-309-311-313-314-315-317-318-320-325-326-331-332-333-334-335-336-337-338-345-346-348-353-354-355-356-357-358-361-362-363-365-366-368-369-379-380-383-390-412-462-465-486-487-488-489-490-491-496-534-538-549-554-641-642-663-666-667-670-673-677-678-679-713-723-728-797-799-817-819-954-971-977-985-993-996-997-1002-1009-1016-1019-1059-1094-1103-1284-1287-1325-1327-1328-1329-1330-1333-1334-1335-1336-1337-1338-1339-1340-1341-1342-1343-1400-1401-1402-1403-1404-1405-1407-1408-1409-1410-1411-1412-1413-1500-1501-1502-1503-1504-1505-1506-1507-1616-1617-1619-1620-1621-1622-1634-1816-1817-1818-1819-1821-2148-2149-2159-2161-2163-2190-2193-2201-2202-2210-2224-2430-2432-2433-2434-2539-2745-2746-2757-2785-2867-2878-2893-2894-2895-2911-2929-2930-2932-3175-3176-3177-3219-3375-3376-3386-3394-3403,3:DENY:134-142-148-149-156-1614-1808-1809-1810-181
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263412] 215:appfiltermap_adt_parser:policy 3 max app order 7 max eac apporder 1
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263415] 711:appdev_write:count 11877
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263416] 758:appdev_release:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263417] 771:appdev_release:counter 7 size 128
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263417] 774:appdev_release:dev open 0
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263870] 729:appdev_open:dev open 0 1f
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263871] 750:appdev_open:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263885] 703:appdev_write:ptr U 4,ACCEPT,1:DENY:2-4-11-14-15-22-23-24-25-28-35-38-51-55-56-57-59-61-64-69-73-76-81-82-83-91-93-95-97-98-99-111-112-114-115-118-123-124-125-133-139-140-143-152-159-161-163-165-168-179-180-183-187-188-202-211-212-215-217-218-219-220-221-228-263-266-269-270-273-275-282-283-285-287-288-290-292-293-301-303-312-316-318-319-320-322-331-333-334-335-336-337-338-339-340-341-342-343-344-345-346-347-348-349-350-351-352-354-355-356-357-358-359-361-362-363-364-365-366-368-369-370-371-372-373-374-375-376-377-378-383-390-405-406-407-409-410-411-413-414-416-417-419-420-421-422-492-523-529-533-534-537-538-540-544-546-547-550-555-561-562-563-564-609-639-640-647-648-649-651-652-653-654-659-662-664-666-667-668-669-670-672-675-678-679-699-701-702-704-705-706-707-708-709-710-711-712-713-714-717-718-719-720-721-723-724-725-726-727-728-779-785-786-787-788-789-790-791-792-793-794-795-796-798-805-806-812-813-931-932-933-934-935-945-951-955-957-958-961-972-973-974-976-97
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263887] 75:appfiltermap_adt_parser: buff U 4,ACCEPT,1:DENY:2-4-11-14-15-22-23-24-25-28-35-38-51-55-56-57-59-61-64-69-73-76-81-82-83-91-93-95-97-98-99-111-112-114-115-118-123-124-125-133-139-140-143-152-159-161-163-165-168-179-180-183-187-188-202-211-212-215-217-218-219-220-221-228-263-266-269-270-273-275-282-283-285-287-288-290-292-293-301-303-312-316-318-319-320-322-331-333-334-335-336-337-338-339-340-341-342-343-344-345-346-347-348-349-350-351-352-354-355-356-357-358-359-361-362-363-364-365-366-368-369-370-371-372-373-374-375-376-377-378-383-390-405-406-407-409-410-411-413-414-416-417-419-420-421-422-492-523-529-533-534-537-538-540-544-546-547-550-555-561-562-563-564-609-639-640-647-648-649-651-652-653-654-659-662-664-666-667-668-669-670-672-675-678-679-699-701-702-704-705-706-707-708-709-710-711-712-713-714-717-718-719-720-721-723-724-725-726-727-728-779-785-786-787-788-789-790-791-792-793-794-795-796-798-805-806-812-813-931-932-933-934-935-945-951-955-957-958-961-972-97
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263904] 215:appfiltermap_adt_parser:policy 4 max app order 3 max eac apporder 0
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263906] 711:appdev_write:count 2890
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263907] 758:appdev_release:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263907] 771:appdev_release:counter 7 size 128
    Mar 17 09:15:10 (none) user.err kernel: [ 238.263908] 774:appdev_release:dev open 0
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264151] 729:appdev_open:dev open 0 1f
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264151] 750:appdev_open:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264156] 703:appdev_write:ptr U 5,ACCEPT,1:DENY:12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264157] 75:appfiltermap_adt_parser: buff U 5,ACCEPT,1:DENY:12-13-27-31-37-49-50-63-66-77-80-107-175-176-201-216-227-229-230-245-250-251-252-253-254-255-256-257-270-284-291-299-305-543-548-553-557-643-644-676-1420-1421-1422-1423-1424-1425-1694-2003-2147-2152
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264159] 215:appfiltermap_adt_parser:policy 5 max app order 1 max eac apporder 0
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264161] 711:appdev_write:count 216
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264162] 758:appdev_release:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264162] 771:appdev_release:counter 7 size 128
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264163] 774:appdev_release:dev open 0
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264420] 729:appdev_open:dev open 0 1f
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264421] 750:appdev_open:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264441] 703:appdev_write:ptr U 6,ACCEPT,1:DENY:13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-2023-2158-2170-2188-2189-2192-2197-2216-2217-2219-2238-2248-2351-2353-2358-2359-2360-2361-2363-2364-2365-2366-2367-2368-2369-2370-2371-2372-2373-2374-2376-2377-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470-2535-2536-2547-2569-2576-2597-2711-2718-2749-2786-2787-2788-2791-2794-2795-2829-2831-2849-2854-2855-2856-2857-2858-2859-2860-2868-2869-2870-2876-2877-2883-2890-2891-2892-2897-2899-2900-2902-2903-2904-2908-2909-2916-2919-2922-2923-2924-2927-2933-2936-2937-2938-2954-2955-2956-2957-2958-2959-2960-2962-2963-2964-3125-3126-3127-3128-3166-3167-3178-3228-3229-3272-3310-3311-3312-3321-3322-3346-3392-3434-3442
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264442] 75:appfiltermap_adt_parser: buff U 6,ACCEPT,1:DENY:13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-2023-2158-2170-2188-2189-2192-2197-2216-2217-2219-2238-2248-2351-2353-2358-2359-2360-2361-2363-2364-2365-2366-2367-2368-2369-2370-2371-2372-2373-2374-2376-2377-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470-2535-2536-2547-2569-2576-2597-2711-2718-2749-2786-2787-2788-2791-2794-2795-2829-2831-2849-2854-2855-2856-2857-2858-2859-2860-2868-2869-2870-2876-2877-2883-2890-2891-2892-2897-2899-2900-2902-2903-2904-2908-2909-2916-2919-2922-2923-2924-2927-2933-2936-2937-2938-2954-2955-2956-2957-2958-2959-2960-2962-2963-2964-3125-3126-3127-3128-3166-3167-3178-3228-3229-3272-3310-3311-3312-3321-3322-3346-3392-3434-3442
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264447] 215:appfiltermap_adt_parser:policy 6 max app order 1 max eac apporder 0
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264449] 711:appdev_write:count 849
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264450] 758:appdev_release:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264450] 771:appdev_release:counter 7 size 128
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264451] 774:appdev_release:dev open 0
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264842] 729:appdev_open:dev open 0 1f
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264843] 750:appdev_open:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264851] 703:appdev_write:ptr U 7,ACCEPT,1:DENY:13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-2023-2158-2170-2188-2189-2192-2197-2216-2217-2219-2238-2248-2351-2353-2358-2359-2360-2361-2363-2364-2365-2366-2367-2368-2369-2370-2371-2372-2373-2374-2376-2377-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470-2535-2536-2547-2569-2576-2597-2711-2718-2749-2786-2787-2788-2791-2794-2795-2829-2831-2849-2854-2855-2856-2857-2858-2859-2860-2868-2869-2870-2876-2877-2883-2890-2891-2892-2897-2899-2900-2902-2903-2904-2908-2909-2916-2919-2922-2923-2924-2927-2933-2936-2937-2938-2954-2955-2956-2957-2958-2959-2960-2962-2963-2964-3125-3126-3127-3128-3166-3167-3178-3228-3229-3272-3310-3311-3312-3321-3322-3346-3392-3434-3442,2:DENY:3-5-10-11-12-21-26-27-31-32-34-37-40-51-54-59-64-66-71-76-79-85-86-93-117-120-121-122-127-128-129-131-
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264853] 75:appfiltermap_adt_parser: buff U 7,ACCEPT,1:DENY:13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-2023-2158-2170-2188-2189-2192-2197-2216-2217-2219-2238-2248-2351-2353-2358-2359-2360-2361-2363-2364-2365-2366-2367-2368-2369-2370-2371-2372-2373-2374-2376-2377-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470-2535-2536-2547-2569-2576-2597-2711-2718-2749-2786-2787-2788-2791-2794-2795-2829-2831-2849-2854-2855-2856-2857-2858-2859-2860-2868-2869-2870-2876-2877-2883-2890-2891-2892-2897-2899-2900-2902-2903-2904-2908-2909-2916-2919-2922-2923-2924-2927-2933-2936-2937-2938-2954-2955-2956-2957-2958-2959-2960-2962-2963-2964-3125-3126-3127-3128-3166-3167-3178-3228-3229-3272-3310-3311-3312-3321-3322-3346-3392-3434-3442,2:DENY:3-5-10-11-12-21-26-27-31-32-34-37-40-51-54-59-64-66-71-76-79-85-86-93-117-120-121-122-127-
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264864] 215:appfiltermap_adt_parser:policy 7 max app order 2 max eac apporder 0
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264866] 711:appdev_write:count 2011
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264867] 758:appdev_release:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264868] 771:appdev_release:counter 7 size 128
    Mar 17 09:15:10 (none) user.err kernel: [ 238.264868] 774:appdev_release:dev open 0
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265072] 729:appdev_open:dev open 0 1f
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265072] 750:appdev_open:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265079] 703:appdev_write:ptr U 1,ACCEPT
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265079] 75:appfiltermap_adt_parser: buff U 1,ACCEPT
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265081] 711:appdev_write:count 10
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265082] 758:appdev_release:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265083] 771:appdev_release:counter 7 size 128
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265083] 774:appdev_release:dev open 0
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265090] 729:appdev_open:dev open 0 1f
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265090] 750:appdev_open:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265094] 703:appdev_write:ptr U 2,DROP
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265095] 75:appfiltermap_adt_parser: buff U 2,DROP
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265096] 711:appdev_write:count 8
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265097] 758:appdev_release:dev open 3
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265097] 771:appdev_release:counter 7 size 128
    Mar 17 09:15:10 (none) user.err kernel: [ 238.265098] 774:appdev_release:dev open 0
    Mar 17 09:20:16 (none) syslog.info syslogd started: BusyBox v1.21.1
    Mar 17 09:20:16 (none) user.notice kernel: klogd started: BusyBox v1.21.1 (2020-03-04 18:40:18 UTC)
    Mar 17 09:20:16 (none) user.notice kernel: [ 0.000000] Linux version 4.14.38 (jenkins@ci-4) (gcc version 7.3.0 (OpenWrt GCC 7.3.0 7185-ged7f3dd9)) #2 SMP Wed Mar 4 21:20:20 UTC 2020
  • 0

    Hi,

    I have the same problem. Sophos Support told me there is problem with the hardware. This was the reason he thinks it is the hardware.

    XG310_WP02_SFOS 18.0.0 GA-Build339# tail -f syslog.log
    Mar 18 13:22:49 (none) local0.err [ctipd][5002]: CEnginesContainer::GetCacheDelta - HttpError: 400

    I dont think it is a hardware error tho, since we have a HA setup and the issue is with both firewalls.

    He told me to try and reimage the firewall

    Article ID: 126906
    Title: Sophos XG Firewall: How to re-image the appliance
    URL: https://sophos.com/kb/126906

    I will try to go back to V17 for now and see how it goes.

  • 0 in reply to Jakob P

    Hello all,

    this is not a problem with HW appliance, our customer has vmware virtual appliance (SFV4C6) and has absolutely identical problems!!!

    Regards

    alda

  • 0

    smae problem here with an XG310 even the log looks the same

  • 0 in reply to JensKunze

    Reverting worked for us so far. 30 Users connected at the moment with no problem.

  • 0 in reply to alda

    We run SFV4C6 on VMware 6.5. Upgrade from SFOS 17.5.9 MR-10 to SFOS 18.0.0 GA-Build339 on Saturday. First sudden restart on Monday morning, six times yesterday and ten times today. It looks like some kernel panic problem if the number of SSLVPN connections exceeds 15.

    The dots only in /log/syslog.log before "syslog.info syslogd started: BusyBox v1.21.1" messages. Sometimes "vcpu-0| I125+ The CPU has been disabled by the guest operating system. Power off or reset the virtual machine." messages in vmware.log on ESXi host.

    Regards

    TL

  • 0 in reply to TomasLavicky

     

    can you share logs with ?

    This issue is serious specially now that the world is relying on VPN and must be treated soon.

    Please let us know.

    Thanks

  • 0 in reply to lferrara

    Nothing interesting in /log/syslog.log around reset:

    Mar 18 10:34:48 (none) user.err kernel: [  400.788292] 215:appfiltermap_adt_parser:policy 7 max app order  
    2 max eac apporder 0
    Mar 18 10:34:48 (none) user.err kernel: [  400.788296] 711:appdev_write:count 2011
    Mar 18 10:34:48 (none) user.err kernel: [  400.788299] 758:appdev_release:dev open 3
    Mar 18 10:34:48 (none) user.err kernel: [  400.788300] 771:appdev_release:counter 7 size 128
    Mar 18 10:34:48 (none) user.err kernel: [  400.788301] 774:appdev_release:dev open 0
    ..........................................................................................................
    ....................................Mar 18 10:35:48 (none) syslog.info syslogd started: BusyBox v1.21.1
    Mar 18 10:35:48 (none) user.notice kernel: klogd started: BusyBox v1.21.1 (2020-03-04 19:44:36 CET)
    Mar 18 10:35:48 (none) user.notice kernel: [    0.000000] Linux version 4.14.38 (jenkins@ci-1) (gcc versio
    n 7.3.0 (OpenWrt GCC 7.3.0 7185-ged7f3dd9)) #2 SMP Wed Mar 4 22:26:05 CET 2020
    Mar 18 10:35:48 (none) user.info kernel: [    0.000000] Command line: BOOT_IMAGE=/18_0_0_339 quiet console
    =tty0 console=ttyS0,38400n8

    /log/sslvpn.log rounds in few minutes. I have none in time of reset.

    SFV4C6_VM01_SFOS 18.0.0 GA-Build339# ll /log/sslvpn*
    -rw-r--r--    1 root     0         51282011 Mar 18 17:25 /log/sslvpn.log
    -rw-------    1 root     0         67640645 Mar 18 17:20 /log/sslvpn.log.0

    We're trying to move to L2TP or we will downgrade to SFOS 17.5.9 MR-10.

Unfiltered HTML