Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v19.5 GA: Feedback and experiences

Release Post:  Sophos Firewall v19.5 is Now Available 

Old v19.0 MR1 thread:  Sophos Firewall: v19.0 MR1: Feedback and experiences 

EAP Sub thread:  SFOS v19.5 Early Access Program (Read Only) 

EAP 19.5 Thread:  Sophos Firewall: v19.5 EAP1: Feedback and experiences 



This thread was automatically locked due to age.
Parents
  • Since upgrade from 19.0.1 to 19.5.0 LAN and WAN Ports are flapping up and down multiple times per minute.

    Port1 is completely unplugged.

    WAN port is of course plugged. Machine has ping loss and unstable VPN due to that issues after the upgrade.

    System is HA A/P on XGS136

    SYSTEM 23.12.2022 10:41 Interface Interface Port1 is Down 17813
    SYSTEM 23.12.2022 10:41 Interface Interface Port1 is Up 17813
    SYSTEM 23.12.2022 10:41 Interface Interface WAN_Static is Up 17813
    SYSTEM 23.12.2022 10:41 Interface Interface Port1 is Down 17813
    SYSTEM 23.12.2022 10:41 Interface Interface WAN_Static is Down 17813
    SYSTEM 23.12.2022 10:41 Interface Interface Port1 is Up 17813
    SYSTEM 23.12.2022 10:40 Interface Interface Port1 is Down 17813
    SYSTEM 23.12.2022 10:40 Interface Interface Port1 is Up 17813
    SYSTEM 23.12.2022 10:40 Interface Interface WAN_Static is Up 17813
    SYSTEM 23.12.2022 10:40 Interface Interface Port1 is Down 17813
    SYSTEM 23.12.2022 10:40 Interface Interface WAN_Static is Down 17813
    SYSTEM 23.12.2022 10:40 Interface Interface Port1 is Up 17813
    SYSTEM 23.12.2022 10:40 Interface Interface WAN_Static is Up 17813
    SYSTEM 23.12.2022 10:40 Interface Interface Port1 is Down 17813
    SYSTEM 23.12.2022 10:40 Interface Interface Port1 is Up 17813
  • Link-Flap behaviour stopped after an unplanned reboot of node1. Not good what happened here.

  • This looks like a Switch problem. If you did a failover (update), this will also let the firewalls switch the vMACs + vIP. This scenario can cause fun with the switch, if there is something like spoof protection. This looks like the switch disabled the the port and enabled it back again. 

    Check the logs of the Switch, if there are any. And check if you have Spoof protection / STP enabled on those ports. 

    __________________________________________________________________________________________________________________

  • Hello LHerzog,

    It seems you are facing similar issue as mentioned in  HA flop on manual firmware upgrade to 19.5 .

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

Reply Children
  • Thank you for your both answers. I don't believe it is a Switch issue as the firewall reported The issue also for Port1. Both firewalls have an IP on that port but it is not wired / unplugged. So it is more a SFOS software issue than something with external hardware.

    We did not have a HA failover loop due to no ports monitored.

    I want to add, that the Port flapping was happening for hours, started right after the upgrades and stopped exactly with the reboot of the primary node. We have HA fall back enabled (Fail back to primary device after it recovers). So the same node that had the port flapping is primary now again. The issue did not reappear during the last days.

  • 2nd XGS136 Cluster upgraded  19.0.1 -> 19.5.0 - no port flapping on that cluster, all fine.