Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 4612 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XGS2100 to 19.5 fail- Red Interface- DGD-"stopped"

Charles Cook

I started this update this morning around 10am (14 hours ago).  I was running 19.0 with no issues.   I have the XGS2100 with the 4x 10Gb SFP+ Flexi_port module.  I have 2G fiber in my A2 (SFP+) then in Port2 (1G) I have a coax modem as my backup.  A1 (10G) DAC to a mikroTek switch feeding LAN

Everything was working until after applying the 19.5, once it came back up my interfaces all show red. and the DGD is orange.. I have some sort of WAN.  It jumps back and forth between my fiber and coax Public IPs.   I have SIP VIOP phones which can call out with, but when someone calls... it will either goto a random phone/fax or voice mail,  In the SIP PBX the phone say "some  reachable"   and if you hover over it .. they will have multiple MAC address and both public IPs.  Everyone's phone also shows they have voicemails, miscalls, and the wrong date/time.   Rebooting a phone will fix it for 2-5 mins other than the date/time. 

I have noticed that some of the routing info is straight missing... SLA, SD-WAN Route, health checks as well as a IP Sec connection. 

I rolled back to 19.0 and still all my interfaces are red other and DGD is "stopped" .    I have loaded a bunch of restore from backup.. starting with the 8:20am one this morning.  I loaded one from December 4th, 2022 that does turn the interfaces green but still works all the same and DGD is still "stopped".  It also brings the IP Sec info back. I also tried to just unplug my coax, deleted my coax interface, unplug my fiber.  Put state routes in for phones/fax to coax only and SIP ip only. Rebooted every switch/ modem/ phone/ ATA/ door controller. 

In the logs I see each time I reboot

MESSAGE  Jan 03 18:49:26Z

[4760]:  Starting DGD: Tue Jan 3 13:49:26 2023

MESSAGE  Jan 03 18:49:26Z

[4760]:

*****************************************

CRITICAL   Jan 03 18:49:26Z

[4760] line: 84, syntax error

Anyone know how to turn the DGD back on ?



This thread was automatically locked due to age.
  • 0

    Hello  ,

    Thank you for reaching out to the community, this is a recently known issue reported currently under the Dev investigation NC-112376

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Thank you for the fast reply.  I'm not sure what the Dev Investigation is,   (Developer?)  is this something I can follow along ?  My XGS is a critical part for a police department functioning at this point..IP-sec, reds connections, VPN:  Combined shows officer's locations, CAD calls, mugshots, livescan fingerprints, generate reports, run license/ NCIC checks, phones/ fax/ sever access,LPRs, cameras ect ect.      Is it possible to temporary move my licenses to an SG135?

  • 0 in reply to Charles Cook

    I would request you to open a support service request, once raised please mention the support service request number, we can help expediate the process for the resolution ! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    I am opening a ticket.  However, which issue is the known issue?  I have had my sg135 since 2016 then at some point did the XG FW.. no real issues.  Then about 7 weeks ago I deployed the XGS2100 on 19.0.1 and had a lot of SIP issues that I couldn't figure out why they were having issues.  Another guy here did figure out that creating a rule for the VOIP vlan-  permits only outbound to SIP service only.   Which wasn't a rule that we had in the SG/XG135.    He gave me an explanation of why that fixed it and its been working fine for 6 1/2 weeks or so.

    The 19.5 though created more issues and bought that issue back even though that rule is still there.  I am going to reset the XGS here around lunch time and load the FW (19.0.1) from a USB if we haven't figured this out by then. Being down for 24 hours here is pretty crazy over an update that was released as a production version that eventhough I can roll back to 19.0.1 and load previous backups.... the 19.5 (eventhough removed) has somehow broken/ deleted info on the XGS 

  • 0

    Hi Charles,

    Thank you for reaching out to Sophos Community. 

    Kindly share the Case ID.

    If there’s no case ID, as recommended by Vivek, we strongly advise you to kindly create one.

    Also, for urgent cases, kindly contact Sophos Support. https://soph.so/SophosSupport

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    Hello Charles Cook,

    Would it be possible for you to share support access ID of XGS2100 in PM?

    Please follow steps mentioned in this link to generate support access ID - https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Diagnostics/ConnectionList/SupportAccess/index.html

    Development team would like to verify whether you are facing same issue (NC-112376) as mentioned by Vivek Jagad or something else.

    We can try recovering DGD and IPSec connectivity from backend, if possible.

    Regards,

    Sanket Shah

    Director, Software Development, Sophos Firewall

  • 0 in reply to sanket.shah

    Case number is 06056481.  I will turn on send you a PM in  a few

  • 0

    The Development Team looked at my appliance and made backend clean up to start DGD and said it was safe to update to 19.5v now.  I clicked on the boot into the 19.5 firmware and I’m exactly where I was before this post. (XGS says both interfaces are offline and DGD is stopped)  I’m almost certain the DGD hasn’t been working right on the XGS since we deployed it because some of the VLANs had to have static routes and static gateways… the phones would flip back and forth from my main ISP and my backup. 

    One of my guys suggest I do a factory reset and load the config from a backup. I’m currently on 19.5… phones have been offline since 8:30pm and the PCs continue to flip from ISP to ISP and if I unplug either ISP I’m completely offline.

  • 0 in reply to Charles Cook

    Hi Charles Cook ,

    I was the engineering who looked at your setup and fixed DB inconsistencies. Subsequent migration to 19.5 should have worked as suggested by us. But it didn't worked as per  your last comment.  I think what went wrong is not doing the migration rather 'booting into 19.5'. This is called "FIRMWARE SWITCHING".  Since your system is in problematic state, I would like to take a look and confirm the same. 

    Sanket has shared me the access-id you pmed to him, I'll take a look, if it can be fixed directly on 19.5

    -HTH

    Moheed

  • 0 in reply to Moheed Ahmad

    i see you already got DGD and the interfaces both showing online.  The steps I took to get move back into 19.5 was from inside the gui-

    Backup & Firmware/ "firmware" tab... then in the listed version- "SFOS 19.5.0 GA-Build197" in the Manage column. i clicked to the boot to firmware image.   Should this firmware switching option not worked ?   

Unfiltered HTML