Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem SOPHOS XG310 Firewall suddenly restarted!

Hi to all Sophos Support,

I would like to report a problem I encountered with my Firewall setup today. Suddenly it restarted with no reason. Upon checking the Logs I didn;t see anything. I only saw disconnection of the ISP and VPN tunnels. Is there a way to determine what is causing the problem? I am afraid this might be a hard ware issue. Below is a screenshot of the logs. All the light from the port disappeared.

Does anyone have any idea what is causing this issue?

Any help would be greatly appreciated.

Thanks

Rodney



This thread was automatically locked due to age.
  • Hi LuCar Toni,

    This is done already. Done deleting the tar.gz file from /logs directory. Thanks for the info.

    rodneyaltam

  • Hi LHerzog,

    I'll check this and get back to you. Thanks for the support.

    rodneyaltam

  • Do not do this in  /log/.

    Do it in /tmp/ (which gets deleted on reboot) or /var/ (will persist after reboot, but needs manually cleanup). 

    __________________________________________________________________________________________________________________

  • before the logs get overwritten:

    save them in an archive. example:

    cd /log
    tar -cvzf Alllogs.tar.gz *.log *.log.0 - to collect all logs from device in a .tar file

    as you do not have HA there is no need to do this on the other machine.

    I hope  can guide you through the process looking for the hangup based on "busybox"

    post the next few lines before the busybox event 04:48:32

    maybe you can find something faulty in other logs with

    grep -i "Oct 22 04:48:3" /log/*.*

  • Hi Devesh,

    I tried to follow your instructions. Here is what I got.

    Is this a hardware issue or a system issue? Coz my firmware is on the latest version. And upon checking as of now no available updates.

    Thanks

    rodneyalam

  • Hi LHerzog,

    I think I cannot do this again since after this it suddenly restarted and all were working again. I am no sure what caused this. Do you know where to look for event alarms?

    Thanks

    rodneyaltam

  • Display color should be blue. I think yellow is not good. Can you toggle display info with the buttons beside the display? If not, the device is no longer responding (see below).

    I also had cases where the LAN LED were all off - this was when the node locked itself up. A powercycle helped. In the end this has been fixed by SFOS patch.

  • FormerMember
    0 FormerMember

    Hi Rodney, Thanks for reaching out to Sophos Community.

    Do you see any spike in CPU or Memory utilization around the time when the device was rebooted? (Diagnostics > System Graphs)

    Moreover, you can check the syslog events when the firewall was rebooted. 

    grep -i 'busybox' /log/syslog.log --> Run this command to get the busybox event that occurs each time the firewall boots. Find the one which correlates with the reboot event time and check the logs above the event log line to see if there were any suspicious logs.

    Check coredump on the firewall if there is any for the same date --> ls -lah /var/cores/