Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 3783 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sudden Reboots and freezing system on an XG 115 Appliance (v17 AND v18)

Steliad

Hi Sophos Community,

 

I bought an Sophos XG 115 appliance in late 2019 and until now i'm constantly facing strange errors with that device.

At first i was running the device on OS 17.5.10 which had the strange behaviour that around 10.30 PM the device completly hang so that i had to manually reboot the device. This seems to happen on an unregular basis. Sometimes it happens 7 days a week (every day on 10.30pm), on the other side it does not happen for weeks.

I then tried to use XG firewall v18 and guess what, it became even more frustrating. With a newly installed version 18 i was hoping things would have changed but unfortunately the device is rebooting suddenly on version 18. I tried to check system alerts in GUI, did check the sysinit.log and syslog.log file but nothing that indicates any serious issues. I started trying out version 18 in February 18, then with 18.0.0-339 and now again with 18.0.0-354. The issue stays the same, whatever version i use.

I also tried to disable hardware acceleration as it was mentioned in a few similar cases which can be found in this community.

As it is only used for home-usage, it has no serious impact but it is making me mad to face an issue i can't solve. Next thing i will try is to disable auto-reboot-on-hang to see if there is a corresponding log message in syslog.

 

I need your help.

 

best regards,

Steliad



This thread was automatically locked due to age.
  • 0

    Hi,

    please check your disk capacity and how much memory your are consuming.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk
    Hi Ian,

    this is what the devices FS look like when it's running properly.

    Filesystem                Size      Used Available Use% Mounted on
    none                    289.0M      2.8M    266.9M   1% /
    none                      1.9G     20.0K      1.9G   0% /dev
    none                      1.9G     15.0M      1.8G   1% /tmp
    none                      1.9G     14.6M      1.8G   1% /dev/shm
    /dev/boot               127.7M     39.6M     85.4M  32% /boot
    /dev/mapper/mountconf
                            385.4M     69.7M    311.7M  18% /conf
    /dev/content              5.4G    465.0M      4.9G   8% /content
    /dev/var                 46.6G      8.6G     38.0G  18% /var

    The memory consumption for the time of checking was 2333.59/3794.46MB.
    As it resets everytime the device reboots, it's hard to say if it's a memory issue.

    Should i try to run a memtest on the device?

     
    edit: memtest reported no errors

     

     
  • 0 in reply to Steliad

    This is a screen of the last 48 hours. I've had 3 crashes in the meantime which are directly connected to the memory drops seen in the screenshot. Could it still be an memory issue after doing 4 memtests without any failures?

  • 0 in reply to Steliad

    Hi Steliad,

    I would suggest you to keep the device connected with serial console cable and save the console output in text file to capture the next auto reboot or freeze logs. Once logs gets captured you may share output here or DM me to confirm any suspected logs there or not.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Vishal_R

    Hi,

     

    thanks for your reply. I'm running the XG 115 on SFOS 18.0.0 GA-Build379.

    The following output has been captured from the last reboot:

    Select Menu Number [0-7]: [10118.058545] BUG: unable to handle kernel paging request at 000000008001930f
    [10118.079478] IP: reschedule_interrupt+0xa/0x80
    [10118.092569] PGD 15c961067 P4D 15c961067 PUD 0
    [10118.105937] Oops: 0000 [#1] SMP NOPTI
    [10118.116955] Modules linked in: nf_conntrack_ipslb nfnetmap_queue(O) xt_svp xt_xfrmpolicy ah4 xt_addrtype nf_nat_ftp nf_conntrack_ftp xt_CT ebt_vlan ebt_redirect ebt_ip ebtable_filter ebtable_nat ebtables ip6t_MASQUERADE xt_muser xt_conntrack xt_LBS ip6table_filter iptable_filter xt_DNAT xt_SNAT nf_nat_masquerade_ipv6 xt_nat_lookup xt_UST xt_ust xt_firewall nat_rules sfos_rules_framework firewall ip_set_hash_mlmwsticky ip_set_hash_sslvpn iptable_mangle ip_set_hash_mac ip_set_hash_bw nf_conntrack_dns nf_nat_sip nf_conntrack_sip nf_nat_irc nf_conntrack_irc nf_nat_tftp nf_conntrack_tftp nf_nat_h323 nf_conntrack_h323 nf_nat_pptp nf_conntrack_pptp cfg80211 usbhid hid_generic hid ohci_pci ohci_hcd xhci_pci xhci_hcd uhci_hcd ehci_pci ehci_hcd fw_handle_ngfw_notification fp2sp_api fp_notifier bonding lzo
    [10118.328089] lzo_compress lzo_decompress cifs red red2 appdev nf_conntrack_netlink nf_nat_proto_gre nf_conntrack_proto_gre set_sessiontbl sessiontbl ip_gre gre ipcomp xfrm_ipcomp esp4 xfrm4_mode_transport xfrm4_mode_tunnel xfrm4_tunnel xfrm_user af_key xfrm_algo aesni_intel glue_helper aes_x86_64 crypto_simd cryptd cls_u32 act_mirred sch_ingress ifb sch_hfsc sch_leafprio sch_headprio sch_sfq sch_htb xt_MULTISET xt_MLM xt_SRCNETMAP xt_MARKROUTE xt_CONTINUE xt_LOGDROP xt_ULOG xt_TCPMSS xt_REDIRECT nf_nat_redirect ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_OUT_OUTDEV ip6t_rpfilter ipt_rpfilter ebt_nflog ebt_pkttype xt_serviceset xt_appset xt_hostset xt_pkttype xt_recent xt_state xt_status xt_cet xt_OUTDEV xt_iprange xt_limit xt_hashlimit xt_tcpudp xt_multiport nf_conntrack_relate xt_IPMACFILTER xt_RANGENAT
    [10118.540863] xt_VHDNAT ip_set_bitmap_vhost xt_FWSET xt_set ip_set_hash_maciface_fp ip_set_hash_ipiface_fp ip_set_bitmap_hotspotuser ip_set_hash_hotspotmac ip_set_bitmap_tlsrule ip_set_bitmap_appset ip_set_bitmap_fwrule ip_set_bitmap_ctrxss ip_set_bitmap_user sp2fp_api ip_set_bitmap_userpolicy ip_set_hash_ipuser ip_set_bitmap_service ip_set_bitmap_host ip_set_hash_ipmaciface ip_set_hash_l2mac ip_set_hash_ipmac ip_set_hash_ip ip_set arptable_filter arp_tables r8169 mii e1000e_nm(O) igb_nm(O) i2c_algo_bit ixgbe_nm(O) vxlan udp_tunnel ip6_udp_tunnel ptp pps_core mdio i2c_i801 i2c_dev i2c_core netmap(O) ip6table_nat nf_nat_ipv6 ip6table_mangle ip6table_raw iptable_nat iptable_raw nf_nat_ipv4 xt_dscp nf_nat ip6_tables ip_tables tun af_packet 8021q nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 ip6_tunnel
    [10118.753949] tunnel6 sit ip_tunnel tunnel4 ppdev parport_pc parport nf_conntrack lineartable bitmap_api br_netfilter bridge nf_defrag_ipv4 ipv6 stp llc x_tables nfnetlink button evdev [last unloaded: nfnetmap_queue]
    [10118.811339] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G O 4.14.38 #2
    [10118.833044] Hardware name: Sophos XG/Default string, BIOS 5.12 (Z131-019) 10/08/2018
    [10118.856314] task: ffffffff81c104c0 task.stack: ffffffff81c00000
    [10118.874112] RIP: 0010:reschedule_interrupt+0xa/0x80
    [10118.888800] RSP: 0018:ffffffff81c03eb0 EFLAGS: 00010046
    [10118.904531] RAX: 0000000080000000 RBX: ffffffff81c775b0 RCX: 0000000000019300
    [10118.925977] RDX: 0000000005d773aa RSI: ffff88017fc19300 RDI: 0000000000000000
    [10118.947407] RBP: ffffffff81c104c0 R08: fffffffffffffff0 R09: 0000000000000000
    [10118.968854] R10: ffffc9000142fd50 R11: 0000000000000000 R12: ffffffff81f5a920
    [10118.990279] R13: ffffffff81f620a0 R14: 0000000000000000 R15: 0000000000000002
    [10119.011731] FS: 0000000000000000(0000) GS:ffff88017fc00000(0000) knlGS:0000000000000000
    [10119.036061] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [10119.053335] CR2: 000000008001930f CR3: 00000001784d0000 CR4: 00000000001406f0
    [10119.074785] Call Trace:
    [10119.082198] RIP: 0010:default_idle+0x2/0x10
    [10119.094800] RSP: 0018:ffffffff81c03ee8 EFLAGS: 00000246
    [10119.094809] ? arch_cpu_idle_enter+0x7/0x10
    [10119.123115] do_idle+0x85/0xd0
    [10119.132320] cpu_startup_entry+0x5a/0x60
    [10119.144151] start_kernel+0x3de/0x3e9
    [10119.155202] secondary_startup_64+0xa5/0xb0
    [10119.167817] Code: ee 48 89 3c 25 f8 3f 00 ee 65 48 8b 24 25 d8 4b ee 00 57 e8 c9 03 00 00 95 4b ee ff ff 0f 1f 40 3d 68 02 ff ff ff fc f6 33 24 10 <03> 74 08 0f 01 2e e8 8b f1 ff ff 57 56 52 51 50 41 50 45 31 c0
    [10119.224436] RIP: reschedule_interrupt+0xa/0x80 RSP: ffffffff81c03eb0
    [10119.243526] CR2: 000000008001930f
    [10119.253533] ---[ end trace a6b7cc0d5b46f29e ]---
    [10119.267445] Kernel panic - not syncing: Fatal exception
    [10120.400331] Shutting down cpus with NMI
    [10120.411893] Kernel Offset: disabled
    [10120.422414] Rebooting in 3 seconds..
    [10123.409606] ACPI MEMORY or I/O RESET_REG.

    ...

    sh: write error: Invalid argument
    Loading configuration
    Performing automated file system integrity checks. It will take some time before your system is available.
    Examining Config partition.....
    Examining Signature partition.....
    Examining Report partition.....
    Password:

  • FormerMember
    0 FormerMember in reply to Steliad

    Hi  

    Thank you for providing the console output and the case number. I will follow up with the support case for further investigation. 

    Thanks,

  • 0

    Hi there.

    Check the CPU fan.

    Most of my unexplained reboots with some CR25's upgraded to Sophos firmware, and a couple of XG125's have turned out to be failed cooling fans.

     

    Contrary to popular belief, it appears that a fan failure does not report to the logs.

     

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
Unfiltered HTML