Hi all,
Shall we start this new thread with the looks and feels of XG v18 MR-3?
community.sophos.com/.../xg-firewall-v18-mr3
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi all,
Shall we start this new thread with the looks and feels of XG v18 MR-3?
community.sophos.com/.../xg-firewall-v18-mr3
Still seeing traffic drops in MR-3.
We have two sites that definitely have/had this issue. One has been OK for a week since its MR-3 upgrade but as it seems to have been a bit intermittent, I'm reserving judgement. The other we have only just been made aware of and is already running MR-3. Apparently they have has the issue since the unit was installed a few weeks ago but have only just mentioned it.
We setup trace route monitoring and within an hour saw the XG drop traffic for over two minutes before it recovered.
Several other people reported this issue with MR-1 in the MR-3 thread. How has your experience been with MR-3? I was really hoping that the cause of this would be fixed. Looks like I will have to suffer Sophos support to get it looked at.
Had the same problem on a XG210 HW v3, had to revert to MR1-396.
Intermittent ping reply between zones LAN/DMZ/VPN. Active Directory replication got too strange and a DAG Exchange Cluster got failed with server behing XG210 being considered offline.
Other 2 appliances on different hardware doesn't seem to be affected but restored everything to the MR1-396 and suddenly all services started working well.
Do you use STAS? Sounds like the log off detection (STAS Quarantine) is hitting in your case.
https://support.sophos.com/support/s/article/KB-000035623?language=en_US
If you use STAS, select:
If this is not matching your Issue. Please open another Thread to keep the visibility here.
__________________________________________________________________________________________________________________
Thanks LuCar Toni. I clearly don't learn because you resolved exactly the same problem for me at our own site about a year ago. Now made big notes on our STAS documentation. I find it difficult to understand why the default is 'yes'. It is more secure but who on earth would want to have their internet traffic stopped for a couple of minutes every few hours? Had only one drop in nearly a week. That was after an IPS definition update so i suspect a different issue and am monitoring to see if that is a recurring problem. Will follow up in a new post if it is.
Thanks LuCar Toni. I clearly don't learn because you resolved exactly the same problem for me at our own site about a year ago. Now made big notes on our STAS documentation. I find it difficult to understand why the default is 'yes'. It is more secure but who on earth would want to have their internet traffic stopped for a couple of minutes every few hours? Had only one drop in nearly a week. That was after an IPS definition update so i suspect a different issue and am monitoring to see if that is a recurring problem. Will follow up in a new post if it is.