Sophos XG Firewall - License activation unavailable (error XG-00151). See KB-000043485 for the latest updates.
Hi to all Sophos Support,
I would like to report a problem I encountered with my Firewall setup today. Suddenly it restarted with no reason. Upon checking the Logs I didn;t see anything. I only saw disconnection of the ISP and VPN tunnels. Is there a way to determine what is causing the problem? I am afraid this might be a hard ware issue. Below is a screenshot of the logs. All the light from the port disappeared.
Does anyone have any idea what is causing this issue?
Any help would be greatly appreciated.
Do not do this in /log/.
Do it in /tmp/ (which gets deleted on reboot) or /var/ (will persist after reboot, but needs manually cleanup).
Hi Rodney, Thanks for reaching out to Sophos Community.Do you see any spike in CPU or Memory utilization around the time when the device was rebooted? (Diagnostics > System Graphs)Moreover, you can check the syslog events when the firewall was rebooted. grep -i 'busybox' /log/syslog.log --> Run this command to get the busybox event that occurs each time the firewall boots. Find the one which correlates with the reboot event time and check the logs above the event log line to see if there were any suspicious logs.Check coredump on the firewall if there is any for the same date --> ls -lah /var/cores/
Display color should be blue. I think yellow is not good. Can you toggle display info with the buttons beside the display? If not, the device is no longer responding (see below).
I also had cases where the LAN LED were all off - this was when the node locked itself up. A powercycle helped. In the end this has been fixed by SFOS patch.
I think I cannot do this again since after this it suddenly restarted and all were working again. I am no sure what caused this. Do you know where to look for event alarms?
I tried to follow your instructions. Here is what I got.
Is this a hardware issue or a system issue? Coz my firmware is on the latest version. And upon checking as of now no available updates.
before the logs get overwritten:
save them in an archive. example:
cd /logtar -cvzf Alllogs.tar.gz *.log *.log.0 - to collect all logs from device in a .tar file
as you do not have HA there is no need to do this on the other machine.
I hope DeveshM can guide you through the process looking for the hangup based on "busybox"
post the next few lines before the busybox event 04:48:32
maybe you can find something faulty in other logs with
grep -i "Oct 22 04:48:3" /log/*.*
I'll check this and get back to you. Thanks for the support.
Hi LuCar Toni,
This is done already. Done deleting the tar.gz file from /logs directory. Thanks for the info.