This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v18.5 MR2: Feedback and experiences

https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr2-is-now-available

Release Notes: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_185_rn.html

"Old" V18.5 MR1 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/128960/sophos-firewall-v18-5-mr1-feedback-and-experiences/

"Old" V18.0 MR5 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/127053/xg-firewall-v18-mr-5-feedback-and-experiences

Please review: https://support.sophos.com/support/s/article/KB-000043489?language=en_US

Prio
[gesperrt von: LuCar Toni um 8:07 AM (GMT -7) am 26 Mar 2022]

Top Replies

RichBaldry over 2 years ago in reply to StevenSultana +6

The specific change you mention was a result of a security review we carried out on the OTP functionality. It is not good practice to provide methods to recover existing secrets because this makes it much…

Parents

0 David Clark1 over 2 years ago

Higher CPU usage after upgrade. Last week was 4.9%, after upgrade running steady at 22%.
Cancel
Vote Up +1 Vote Down

Cancel
0 rfcat_vk over 2 years ago in reply to David Clark1

Mine has increased significantly, prior to upgrade around 5%, after upgrade 7-18%,currently shows 12%. A well spec'ed home system.

Ian

Edit:- added pretty picture of the issue.

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 2 years ago in reply to rfcat_vk

Checked my appliances and none have a significant upgrade of performance. But i am using only hardware.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 2 years ago in reply to LuCar Toni

Hi,

I think there was a comment about additional features in the software version, would that be the cause and what are the additional features?

ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Florian SM over 2 years ago in reply to LuCar Toni

I can confirm a higher CPU usage baseline on a virtualized XG, previously on 18.5.1 it was around 4% now it is around 7-8% with 18.5.2. I'm not experiencing any problems though. I'm not seeing an increased CPU baseline on an SG430 or XGS136, FWIW.
Cancel
Vote Up 0 Vote Down

Cancel
0 JasP over 2 years ago in reply to rfcat_vk

The increased CPU usage I am seeing is on my home XG so it is Home Edition but is running on hardware (an old SG450). Once we see a bit more feedback and start moving our work XG and customer XGs I will report back on CPU usage for them.
Cancel
Vote Up 0 Vote Down

Cancel
0 JasP over 2 years ago in reply to JasP

Hm. Just checked again and my CPU usage is back to previous levels. It remained consistently raised all day until about 21:30 then dropped back down again.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JasP over 2 years ago in reply to JasP

Hm. Just checked again and my CPU usage is back to previous levels. It remained consistently raised all day until about 21:30 then dropped back down again.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Wayne Folta over 2 years ago in reply to JasP

I've seen this kind of thing before and haven't figured it out: sometimes the CPU usage goes up for hours at a time and then return to more normal. My first thought is that some process is doing something like recreating one of its databases in the background, but that probably doesn't make sense. (I'm thinking of major MacOS upgrades that can often burn CPU for the first day or so because of updates to indexing, uploads to iCloud/iPhotos, etc. Probably not the same kind of mechanism going on here.)
Cancel
Vote Up 0 Vote Down

Cancel

0 Florian SM over 2 years ago in reply to Wayne Folta

I might have found something. I noticed openssl repeatedly in top on the virtualized XG that's showing increased CPU. So I went on and investigated. It appears that every 20 seconds openssl is trying to generate something:

while : ; do pgrep -lf openssl ; sleep 0.5; done

4956 openssl genrsa -aes128 -out /tmp/hbtrust.901Y38Gn_m/server.key -F4 -rand /dev/urandom -passout pass:ozaywt5Xxlu1F8_d5X 4096
4956 openssl genrsa -aes128 -out /tmp/hbtrust.901Y38Gn_m/server.key -F4 -rand /dev/urandom -passout pass:ozaywt5Xxlu1F8_d5X 4096
4956 openssl genrsa -aes128 -out /tmp/hbtrust.901Y38Gn_m/server.key -F4 -rand /dev/urandom -passout pass:ozaywt5Xxlu1F8_d5X 4096
4956 openssl genrsa -aes128 -out /tmp/hbtrust.901Y38Gn_m/server.key -F4 -rand /dev/urandom -passout pass:ozaywt5Xxlu1F8_d5X 4096
4956 openssl genrsa -aes128 -out /tmp/hbtrust.901Y38Gn_m/server.key -F4 -rand /dev/urandom -passout pass:ozaywt5Xxlu1F8_d5X 4096
~20 seconds
5130 openssl genrsa -aes128 -out /tmp/hbtrust.rOckAvqxgb/server.key -F4 -rand /dev/urandom -passout pass:eq4Kntm2LePbMIItgw 4096
...
5130 openssl genrsa -aes128 -out /tmp/hbtrust.rOckAvqxgb/server.key -F4 -rand /dev/urandom -passout pass:eq4Kntm2LePbMIItgw 4096
~20 seconds
5347 openssl genrsa -aes128 -out /tmp/hbtrust.tZT4TgMZWx/server.key -F4 -rand /dev/urandom -passout pass:9jvJJ83hprZ4KlQQAzyc4Q 4096
...
5347 openssl genrsa -aes128 -out /tmp/hbtrust.tZT4TgMZWx/server.key -F4 -rand /dev/urandom -passout pass:9jvJJ83hprZ4KlQQAzyc4Q 4096
~20 seconds
5607 openssl genrsa -aes128 -out /tmp/hbtrust.U5TMYmug4p/server.key -F4 -rand /dev/urandom -passout pass:Dy4tYYloBN_W3A3h8SWZ 4096
...
5607 openssl genrsa -aes128 -out /tmp/hbtrust.U5TMYmug4p/server.key -F4 -rand /dev/urandom -passout pass:Dy4tYYloBN_W3A3h8SWZ 4096

  PID  PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 6873  20   0  5960 2252 2044 R 99.4  0.1   0:02.01 openssl

You get the pattern.

I'm not seeing that on HW Appliances running 18.5.2.

0 David Clark1 over 2 years ago in reply to Florian SM

I see the same thing on my VM. Hardware version like you mentioned does not have this issue.
Cancel
Vote Up +1 Vote Down

Cancel
0 Laxmikant Agarwal over 2 years ago in reply to David Clark1

Its trying to generate encrypted key and until it successfully generates, it keeps trying every 20secs. Generally it should be successful pretty fast and in first go. We tried reproducing on our VM setup and could not reproduce the issue.

Please try to provide access to your system.
Cancel
Vote Up 0 Vote Down

Cancel
0 David Clark1 over 2 years ago in reply to Laxmikant Agarwal

How would you like to access system? I can provide access......let me know.
Cancel
Vote Up 0 Vote Down

Cancel
0 Wayne Folta over 2 years ago in reply to Laxmikant Agarwal

Thanks! One suggestion when communicating with customers: could you please say "provide access via Diagnostics > Support Access"? This makes it clear that it's a safe, limited, one-button-click ON/OFF option. I had a run-around with an engineer on a call who kept saying they'd need access to the system but I would not have to provide a password.

Those of us who have not dealt with Sophos support asking for access probably don't remember the switch, and we're thinking providing logins, passwords, making login available from the WAN, and all kinds of painful thoughts. So specifying the method up front would avoid the shock (and defensiveness) of thinking we're being asked to provide WAN-accessible accounts/logins/passwords.

Appreciate your help, and not trying to criticize. Actually, just wanting to make your life a bit easier.
Cancel
Vote Up 0 Vote Down

Cancel