This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem SOPHOS XG310 Firewall suddenly restarted!

Hi to all Sophos Support,

I would like to report a problem I encountered with my Firewall setup today. Suddenly it restarted with no reason. Upon checking the Logs I didn;t see anything. I only saw disconnection of the ISP and VPN tunnels. Is there a way to determine what is causing the problem? I am afraid this might be a hard ware issue. Below is a screenshot of the logs. All the light from the port disappeared.

Does anyone have any idea what is causing this issue?

Any help would be greatly appreciated.

Thanks

Rodney



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi Rodney, Thanks for reaching out to Sophos Community.

    Do you see any spike in CPU or Memory utilization around the time when the device was rebooted? (Diagnostics > System Graphs)

    Moreover, you can check the syslog events when the firewall was rebooted. 

    grep -i 'busybox' /log/syslog.log --> Run this command to get the busybox event that occurs each time the firewall boots. Find the one which correlates with the reboot event time and check the logs above the event log line to see if there were any suspicious logs.

    Check coredump on the firewall if there is any for the same date --> ls -lah /var/cores/ 

Reply
  • FormerMember
    0 FormerMember

    Hi Rodney, Thanks for reaching out to Sophos Community.

    Do you see any spike in CPU or Memory utilization around the time when the device was rebooted? (Diagnostics > System Graphs)

    Moreover, you can check the syslog events when the firewall was rebooted. 

    grep -i 'busybox' /log/syslog.log --> Run this command to get the busybox event that occurs each time the firewall boots. Find the one which correlates with the reboot event time and check the logs above the event log line to see if there were any suspicious logs.

    Check coredump on the firewall if there is any for the same date --> ls -lah /var/cores/ 

Children