Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
Hi there!
I'm currently running on SFVH (SFOS 19.5.0 GA-Build197) and notice a very high CPU usage caused by the SASI service. I tried to turn off Anti-Spam in my E-Mail profile, but it didn't change.
TOP:
Control Center:
The only thing I could find was a periodic error while trying to download some Checksums (?) in the sasi.log:
Any ideas? Did anyone observe anything similar? Maybe even a fix?
Regards,
Patrick
Hi Patrick,
can you please check if automatic pattern updates are turned on under "Backup & firmware / Pattern updates / Pattern download/installation"?
Hello Janos
Yes, those updates are turned on:
OK, then please raise a support case as suggested by Mayur to get this investigated.
Hello Patrick,
Once you have the Case ID please share it with us so we can follow up.
I would open up a case, but due to my Home-License, this channel here is my only way to get help. So yea, I might be stuck with it. Sad for the otherwise good product...
please try performing a restart.
Ian
XG115W - v19.5.1 mr-1 - Home
If a post solves your question please use the 'Verify Answer' button.
If you can enable support access & share the access ID, we can take a look at the problem for you as well.
Who do I have to share the access ID with?
You can share it with JanosRapcsak , he can help take a look at this issue.
Hi,
Patrick's system fails to access SASI DB checksum files on sasi.sophosupd.com. When this happens, the system's CPU starts to spin until reaching a timeout, but then (after 140 seconds) it tries again.
I've asked Patrick to check whether a firewall rule or another network device blocks that.
your answer does cause me some concern. A user firewall rule is capable of blocking traffic that is not recorded in any report and would not not show up in the log viewer review of that firewall rule.
The traffic does not show up in daily WAN usage so how is a user supposed to identify a failure?
Hi there
I replied to Janos yesterday. My Sophos firewall is directly connected to my ISP without any active network device in between. I noticed however that trying to download the SASI DB checksum via terminal (curl command) and force it to use IPv4 (curl -ipv4), it works fine every time. If I force it to use IPv6 (curl -ipv6) it fails most of the time (curl gets stuck and has t obe aborted). Ping and Traceroute to the SASI server however work for both IPv4 and IPv6 directly from the firewall's terminal.
Regards, Patrick