Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 39 subscribers
  • Views 879 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS 2100 cluster reboots itself

Ex4

Hello, in the last weeks our XGS2100 Firewall cluster rebooted itself a few times - and there's no real pattern.

Without warning I receive this email:

Dear Administrator,

You are receiving this auto-generated message from Sophos Notification System to inform Change in HA Status.

Mode: Active-Passive
Hypervisor assigned MAC addresses: Disabled
Preferred Primary: S3RI4LNUMB3R1 (Node1)
Cluster ID: 0
Dedicated Port: Port8
Monitoring Ports:
Time: 20:02:50 , Feb 12, 2024

Serial Number (Node Name)

Model Number

Firmware Version

Current State

Administration IP

S3RI4LNUMB3R_2 (Node2)

XGS2100

SFOS 19.5.3 MR-3-Build652

Standalone

PortMGMT (10.0.1.1)

S3RI4LNUMB3R_1 (Node1)

XGS2100

SFOS 19.5.3 MR-3-Build652

Fault

PortMGMT (10.0.1.5)

And then, over the course of 8 minutes, I get these mails (extracts):

Time: 20:03

Sophos Central event details for 1234567 - My Company

What happened: One of the HA nodes isn't running or is impaired. The high availability is not impaired.

Where did it happen: S3RI4LNUMB3R_2

User assigned to the device: n/a

How serious is the event: Medium

What has Sophos done so far: There weren't taken any actions.

What you need to do: -

_____________________________________________________________________

Time: 20:04

Sophos Central event details for 1234567 - My Company

What happened: Firewall connection to Sophos Central interrupted

Where did it happen: S3RI4LNUMB3R_2

User assigned to the device: n/a

How serious is the event: High

What has Sophos done so far: No further action has been taken.

What you need to do: Check if the ISP used by the gateway is reporting any problems or outages.

___________________________________________________________________________________________

Time: 20:04

Sophos Central event details for 1234567 - My Company

What happened: Firewall connection to Sophos Central interrupted

Where did it happen: S3RI4LNUMB3R_1

User assigned to the device: n/a

How serious is the event: High

What has Sophos done so far: No further action has been taken.

What you need to do: Check if the ISP used by the gateway is reporting any problems or outages.

_____________________________________________________________________________________________

Dear Administrator,

You are receiving this auto-generated message from Sophos Notification System to inform Change in HA Status.

Mode: Active-Passive
Hypervisor assigned MAC addresses: Disabled
Preferred Primary: S3RI4LNUMB3R_1 (Node1)
Cluster ID: 0
Dedicated Port: Port8
Monitoring Ports:
Time: 20:05:54 PM, Feb 12, 2024

Serial Number (Node Name)

Model Number

Firmware Version

Current State

Administration IP

S3RI4LNUMB3R_1 (Node1)

XGS2100

SFOS 19.5.3 MR-3-Build652

Auxiliary

PortMGMT (10.0.1.5)

S3RI4LNUMB3R_2 (Node2)

XGS2100

SFOS 19.5.3 MR-3-Build652

Primary

PortMGMT (10.0.1.1)

______________________________________________________________________________________________________

Dear Administrator,

You are receiving this auto-generated message from Sophos Notification System to inform Change in HA Status.

Mode: Active-Passive
Hypervisor assigned MAC addresses: Disabled
Preferred Primary: S3RI4LNUMB3R_1 (Node1)
Cluster ID: 0
Dedicated Port: Port8
Monitoring Ports:
Time: 20:06:46 PM, Feb 12, 2024

Serial Number (Node Name)

Model Number

Firmware Version

Current State

Administration IP

S3RI4LNUMB3R_1 (Node1)

XGS2100

SFOS 19.5.3 MR-3-Build652

Standalone

PortMGMT (10.0.1.1)

S3RI4LNUMB3R_2 (Node2)

XGS2100

SFOS 19.5.3 MR-3-Build652

Fault

PortMGMT (10.0.1.5)

______________________________________________________________________________________________________

And after that just three more mails between 20:10 and 20:11 that basically inform me about everything being fine again.

I don't find anything particularly helpful in the logs, just this in the System log:

SYSTEM
2024-02-12 20:04:35
Interface
                  
Interface DMZ is Up
17813
SYSTEM
2024-02-12 20:04:35
Interface
Interface WIFI is Up
17813
SYSTEM
2024-02-12 20:04:34
Interface
Interface External is Up
17813
SYSTEM
2024-02-12 20:04:34
Interface
Interface HA link is Up
17813
SYSTEM   
2024-02-12 20:04:34   
Interface   
Interface LAN is Up
17813
SYSTEM
2024-02-12 20:04:31
HA
Interface Port8 went down. Appliance HA state BACK                                                                       
60023
SYSTEM
2024-02-12 20:04:31
Interface
Interface HA link is Down
17813
SYSTEM
2024-02-12 20:04:30
Interface
Interface DMZ is Down
17813
SYSTEM
2024-02-12 20:04:30
Interface
Interface WIFI is Down
17813
SYSTEM
2024-02-12 20:04:30
Interface
Interface External is Down
17813
SYSTEM
2024-02-12 20:04:29
Interface
Interface LAN is Down
SYSTEM   
2024-02-12 20:06:06        
Interface   
Interface HA link is Down
17813
SYSTEM
2024-02-12 20:05:54
HA
Successful 
Appliance with appliance key 'S3RI4LNUMB3R_1' and node name 'Node1' becomes auxiliary at appliance startup
60018
SYSTEM
2024-02-12 20:05:24
Interface
Interface xfrm1-Example is Up
17813
SYSTEM
2024-02-12 20:05:17
Appliance
Appliance started successfully.
SYSTEM   
2024-02-12 20:06:46   
HA            
Successful 
Appliance with appliance key 'S3RI4LNUMB3R_1' and node name 'Node1' becomes standalone  
60012
SYSTEM   
2024-02-12 20:08:09   
Interface   
                  
Interface HA link is Up

I have no idea why this happens, has anyone any idea?



This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML