Since installing multiple XG Firewalls in a multi-site environment, we have been plagued with "random" outages that last between 30-90 seconds.
I have finally correlated this with Pattern updates for either ATP, AV or IPS. During the time of the definition updates all connectivity to the XG firewall is lost. This actually brings down our Wide Area network and causes VoIP phones to restart looking for the phone server.
I have an open support ticket with Sophos but I'm awaiting their response.
I have changed the updates to happen less frequently (Daily), however when there are updates it still brings down the connection (albeit less often now).
Is there a way to still have automatic updates turned on but do them on a time schedule? I find it utterly ridiculous that the system cannot do pattern updates without bringing down the entire network.
If this is "expected" behavior what have others done as workarounds? I cannot have 30-90 seconds of downtime every other day for pattern updates.
Can you tell me why you have to get intel from your users when Sophos can just test this themselves? This has been a serious problem for at least 9 months and I would expect Sophos to be doing everything…
https://community.sophos.com/sophos-xg-firewall/f/discussions/123652/internet-traffic-stops-every-time-xg-has-an-ips-or-atp-update I think this is probably related.
Thanks Bill. I agree and have seen this article as well.
But there is currently no fix and no workaround other than to turn off automatic pattern updates? How can we have a firewall device that drops all connections during pattern updates? How can I recommend to enterprise? How do I get more visibility to this? I've also seen the Sophos Idea to give more control over scheduling these updates which I have upvoted, but frankly, I don't want to lose connection, EVER.
I'm awaiting Sophos support to get back to me on my questions above as well, but I just can't fathom how this is acceptable on any level.
I feel like now I am forced to choose between consistent connectivity by turning off automatic pattern updates and security.
I agree 100% with you, it is just completely baffling.
Can you try to disable virtual fastpath?
console> system firewall-acceleration disable
I just got off the phone with support and they suggested the same. I am told this has Bug ID: NC-70896
I will test this and report back.