Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Interface naming issue

We purchased two XG750 to run in HA-Active-Passive config.  Each is identically equipped with 4 SPF+ ports and 2 QSFP ports.  On the Primary XG the SFP+ ports are named PortC1-PortC4, left to right,  but on the Auxillary XG the SFP+ ports are name eth0-eth3 right to left.  PortC1 is the WAN port, PortC4 is the LAN port.  The HA ports are PortD1, the QSFP ports, on both units.When I activate HA it brings the network down.  Looking at the logs from the CLI on the Auxillary unit it shows errors: "Cannot find PortC! PortC2, etc.  When I try to rename the ports to match the names on the Primary unit it reports back that PortC1 is a system reserved name, please choose a different name.

When I contacted support I was told that there was no way for me to rename the ports at the system level.  Any thoughts, ideas?



This thread was automatically locked due to age.
  • to add the description from the KIL xlsx:

    NC-76186 SF 17.5 MR14-1 (17.5.14.714), SF 18.0 MR4-KONICA (18.0.4.519) [Palawan] n/a Hardware 4X10G FlexiPort Module with new Intel 700 series NVM data and driver not recognized Issue : The 4x10G FlexiPort Modules are not being recognized on Sophos Firewall, the interfaces are being detected as "eth0,eth3" The 4x10G Flexi modules are not being recognized correctly, the interfaces are being detected as "eth0,eth3". The modules cannot be detected correctly and hence making them unusable with the Sophos Firewall. Only SFOS (Sophos Firewall is affected ) Affected Sophos Part Number – “XGMOD410PUR” Description: 4 ports 10G SFP+ without bypass Affected Part S/N Prefix – “M2400XXXXXXXXXX” (with NVM FW 7.20) Note: Module with same prefix “M2400” with NVM 5.05 doesn’t have this issue. To Identify the affected module NVM FW 7.20: Run ethtool -I <PortLabel>

    seems the affected Version list is incomplete, requesting to update it

  • Hello Doug,

    Thank you for the Case ID.

    Checking on the case it seems you might be affected by NC-76186 which is a KIL, it mentions the module isn’t recognized however it also might be incorrectly detected as eth.

    I have left a note to your case as the case might need to get escalated as a utility needs to be run to rename the interfaces of the module. 

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hello Doug,

    Thank you for contacting the Sophos Community.

    Adding to what LHerzog and Jprusch have mentioned, could you please provide me with the Case ID you fill out with support, and also if you are opening a new one as suggested please share that one as well?

    I checked under your account name, but I wasn’t able to find a case related to this under your account.

    I would like to check with the hardware team if they know of any change on the underline hardware.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • if you have'nt already, file a support case, either way, you'll need them.

    to ship you a correct hardware

    or to guide you on the renaming and reordering if this is even possible at all.

  • that's really a strange issue. I would say, your primary node acts fine. There is something on the aux that's weird, they should not be named with eth.

    Let us know what you find on the expansion module hardware.

  • Since the ports in question are on an add-in card, my next step is to compare the cards in both units.  I'll have to check that after hours.

  • That seems very odd to me.

    Maybe the production unit was upgraded from an older release and therfore has these names.

    And the new 18.5 firmware now uses a differnet scheme on this piece of hardware?

    Sophos Support should be able to answer these questions: did the naming scheme and/or sequence change on some hardware models  when compared to older firmware levels (like 18.x oder 17.5) ?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.