Sophos XG Firewall - License activation unavailable (error XG-00151). See KB-000043485 for the latest updates.

Problem SOPHOS XG310 Firewall suddenly restarted!

Hi to all Sophos Support,

I would like to report a problem I encountered with my Firewall setup today. Suddenly it restarted with no reason. Upon checking the Logs I didn;t see anything. I only saw disconnection of the ISP and VPN tunnels. Is there a way to determine what is causing the problem? I am afraid this might be a hard ware issue. Below is a screenshot of the logs. All the light from the port disappeared.

Does anyone have any idea what is causing this issue?

Any help would be greatly appreciated.



Edited TAGs
[edited by: emmosophos at 7:43 PM (GMT -7) on 22 Oct 2021]
  • Hi Rodney, Thanks for reaching out to Sophos Community.

    Do you see any spike in CPU or Memory utilization around the time when the device was rebooted? (Diagnostics > System Graphs)

    Moreover, you can check the syslog events when the firewall was rebooted. 

    grep -i 'busybox' /log/syslog.log --> Run this command to get the busybox event that occurs each time the firewall boots. Find the one which correlates with the reboot event time and check the logs above the event log line to see if there were any suspicious logs.

    Check coredump on the firewall if there is any for the same date --> ls -lah /var/cores/ 

    Devesh Mishra
    Global Community Support Engineer | Sophos Technical Support
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, use the 'Verify Answer' link.
  • Hi Devesh,

    I tried to follow your instructions. Here is what I got.

    Is this a hardware issue or a system issue? Coz my firmware is on the latest version. And upon checking as of now no available updates.



  • before the logs get overwritten:

    save them in an archive. example:

    cd /log
    tar -cvzf Alllogs.tar.gz *.log *.log.0 - to collect all logs from device in a .tar file

    as you do not have HA there is no need to do this on the other machine.

    I hope  can guide you through the process looking for the hangup based on "busybox"

    post the next few lines before the busybox event 04:48:32

    maybe you can find something faulty in other logs with

    grep -i "Oct 22 04:48:3" /log/*.*

  • Do not do this in  /log/.

    Do it in /tmp/ (which gets deleted on reboot) or /var/ (will persist after reboot, but needs manually cleanup). 


  • Hi LHerzog,

    I'll check this and get back to you. Thanks for the support.


Reply Children
No Data