SFOS 19.0 almost bricked my XG230

Hello there,

Thank you for contacting the Sophos Community.

This is the first one I see with the failsafe mode, did you happen to check the Failure Reason?

If not, and you try to upgrade next time, run the following command from the Device Console 

failsafe> show failure-reason

More info in the following link

By any chance did you notice if most services were untouched?

Regards,

Hi,

most services was untouched. I don't remember the exact wording but it reported problems with the logging.

The garner service seems to be the problem as it was reported as dead.

Maybe flush the logs?

Hello there,

Probably Logging Daemon. 

Try running #df -h and see if the VAR partition might be getting full; if it’s as you mentioned flushing the logs might help here.

Also if you try to upgrade again and the issue resurfaces try checking the csc.log, and garner.log  for any errors.

Regards,

Hi,

I also encountered the same issue when updating my Sophos XG210 with SFOS 19.0.0 GA-Build317 going into Fail Safe Mode on 20th May 2022. Had to roll back to the previous version of 18.5.3. Second day I attempted update again and with same failure. Looks like there is some compatibility issue of the latest SFOS 19.0 with XG2XX series hardware since the same update is successfully installed in XG115 devices.

Awaiting feedback from Sophos on way forward

Nikhil

I just wanted to add some input here 

We tried the upgrade this weekend on two devices SFOS 18.5.3 MR-3-Build408 to SFOS 19.0.0 GA-Build317

One device was a DR Hardware Device, Hardly any firewall rules or config, users, logging, ect. This device was sucsessful

The second device was a Production Virtual Machine. This is where the problem came 

After downloading and applying the update remotely we noticed that the Web interface was unavilable. All other services on the sophos like SSL VPN, IPSEC VPN, SSH, HTTPS and HTTP also didnt work remotely anymore

Once we arrived onsite we logged into the firewall via the VMWare platform and noticed that the console was in Failsafe mode.

(We also noticed while onsite no internet was given to LAN, no firewall rules were working, we couldnt reach https page while on the same LAN)  SSH was our only option

When we ran the command : failsafe> "show failure-reason" - as suggested above the reason returned by the console was logging daemon had an issue.

We tried to restart the Garner service with the Advanced Shell command : "service garner:restart -ds nosyn" - This failed instantly and the Garner was unable to be restarted. 

We didnt have more time to investigate on this sophos as we needed to get it up and running asap so we reverted back to the 18.5.3 Firmware. 

Also a note for others, Be sure to make the V18.5.3 firmware the default if you install V19 and have this isssue. In the event your device reboots or power drops you do not want to have to drive back to the site due to the sophos automatically trying to boot V19 

Im going to see if i am able to boot up a clone of the sophos device and test futher and maybe look into the VAR partition again ( I didnt see an issue the first time i checked ) 

But for now we also await a fix from Sophos and donot reccomend upgrading to V19 but if you want to try it ensure to do backups before hand. 

Thanks

Hello Christo,

Thank you for the feedback.

Did you happen to check the csc.log or garner.log?

There’s a current investigation with GES and DEV about the Garner Error when upgrading to v19 investigated under NC-93936 

Regards,

Hello Nikhil,

Have you created a Support Ticket about this? 

Regards,

Yes I do, ticket number is 05269821

Hi Nikhil Patwa1 Thanks for sharing the case details and I added notes over the case for the next update and progress.

Hi,

I went trough the csca and garner logs and the amount of errors are way above my paygrade..

I'll be happy to submit them, but I guess I need to create a ticket?