This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 18.5.1.326 is Kernel Panicking

Since updating to 18.5.1.326, I've noticed my firewall is Kernel Panicking at least 5 or 6 times a day. The best uptime I've been able to achieve is 4 hours. I originally suspected hardware, but have since moved the XG to new hardware. Has anyone else seen this issue?



This thread was automatically locked due to age.
Parents
  • Hello there,

    Thank you for contacting the Sophos Community.

    Adding to what rfcat mentioned, please check the syslog.log csc.log applog.log and /var/cores.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Nothing in the logs i could see that was relevant. I ended up switching back to 18.0 firmware and firewall was stable. Re-applied the 18.5.1 update and so far it's been stable. (18 hours).

  • Spoke too soon. Just kernel panicked again. 14 hours. Only did it on 18.5. Switched back to 18.0 again to see if its better uptime...

    System: Dell Optiplex 780 SFF

    CPU: Intel E8400
    RAM: 4GB
    HDD: SATA SSD 120GB
    NIC: Intel PCI Dual Ethernet

    Note the system had been completely stable since about April; the issue appears to have only started happenign since the 18.5.1 update. I switched back to 18.0.5 MR-5 build 586 and so far it's been stable again. Also I noticed the certificate error I had where my imported certs weren't being trusted even with the appropriate CA certs being loaded has now resolved itself since switching back. 

    Still not seeing anything relevant in the logs. I've set up a recorder to capture the screen output next time it panicks. Its only on the screen for 1 or 2 seconds,

  • Update:

    • Running for 4 day(s), 3 hour(s), 14 minute(s).
    • No issues after failing back to 18.0.5 MR-5 Build 586

    There must be an issue with the 18.5 build.

  • Hello there,

    Thank you for the update and feedback.

    Did you get the change for any core dump under /var/cores? what about the logs?

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • So far I haven't risked going back to 18.5 yet as its almost certain to crash again. I will try upgrading to 18.5 again tonight and see how it goes. 

    Currently I am on SFOS 18.0.6 MR-6-Build655 and it's completely stable.

    I will report back tonight after upgrading as to how it's going, and if it crashes I will try and capture the core dump.

  • The Firewall just Kernel Panicked again. Just checked the /var/cores folder and there are no files present.

  • Hello there,

    Thank you for the update.

    So in that case you would need to capture the console logging

    Using PuTTY, go to 'Session' - 'Logging.'

    Here, select "All session output', and set the file name to a folder and name for later retrieval.

    Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.

    Start the session, and log in to ensure it’s all proper.

    Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.

    Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

    Have you open a case already for this, if not please open one and share the Case ID with me.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • Hello there,

    Thank you for the update.

    So in that case you would need to capture the console logging

    Using PuTTY, go to 'Session' - 'Logging.'

    Here, select "All session output', and set the file name to a folder and name for later retrieval.

    Configure the Serial connection to use the proper COM port on your PC and a Speed of 38400.

    Start the session, and log in to ensure it’s all proper.

    Once logged in, you can leave it there or log out and leave the session at the password prompt. Either way, leave the session active and allow it to capture the output from the next reboot.

    Once that reboot occurs, you can end the Serial connection and provide the logs to support further investigation.

    Have you open a case already for this, if not please open one and share the Case ID with me.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
No Data