Hi all
I have performance problems with the xg86w, the cpu sometimes reaches 100%
the top command gives the following result:
Thanks you.
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi all
I have performance problems with the xg86w, the cpu sometimes reaches 100%
the top command gives the following result:
Thanks you.
Hello,
Thanks for reaching out to Sophos Community.
Regret to hear about the issue you encountered.
I may recommend you open a support case for this to be further investigated: https://support.sophos.com/support/s/?language=en_US#t=AllTab&sort=relevancy
Kindly share with us the caseID generated once you have it.
Many thanks for your time and patience and thank you for choosing Sophos.
Regards,
Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Thanks Raphael Alganes
But what is this dhcpd_eve+ ??
Hello,
It should be dhcpd_events. If you would expand the terminal UI you should be able to see the whole text of dhcpd_eve+
Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Additionally, Sofos network can you check Can you check if DHCP setting has low lease time or DHCP flooding seen ?
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Additionally, Sofos network can you check Can you check if DHCP setting has low lease time or DHCP flooding seen ?
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
check for the drop-packet-capture for the port 67 or port 68 and look for the DoS category in the drop logs
> drop-packet-capture
> How to troubleshoot dropped packets
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
could be, try increasing your maximum lease time, you can set between 1-43200 mins...
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
I changed it this morning to be 7 days
How to stop this?
does sophos xg86w have dhcp flood attack protection?
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
ok,
and I think that it is the firewall that is renewing the IP,
since I disconnected the network cable from the PC concerned, but the firewall continues to renew the IP for the same PC
so Dos bupass rule can stop the renewing from FW?
Thanks & Regards,
but first need to validate if there is a flooding happening on the port 68,
ref:
Packet capture using KBA: https://support.sophos.com/support/s/article/KB-000037007?language=en_US
Collect the drop packet using KBA: https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/CommandLineHelp/DeviceConsole/index.html#drop-packet-capture
Thanks & Regards,
_______________________________________________________________
Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
Log a Support Case | Sophos Service Guide
Best Practices – Support Case | Security Advisories
Compare Sophos next-gen Firewall | Fortune Favors the prepared
Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Hi Sofos network It looks like there is a DHCP flood from a specific machine and it seems the network device is continuously producing lease requests because of a malfunction. After disconnecting the network cable of the concerned PC you may reboot the firewall once (at your most convenient time) which will clear pending DHCP operations and the CPU will be back to normal. Regarding the scenario of DHCP request flood, scaling or improving SF OS DHCP service handling with such DHCP flood is currently a backlog work at Product Management.
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'Verify Answer' link.