Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

You really don't want to buy an appliance without disk

We have an XGS87 which has experienced lock-up and reboot issues since SFOS v21 came out. Sophos is working hard on finding the problem, and I give the trouble-shooting personnel full credit.

BUT it has led me to believe that it's a crucial mistake to buy an appliance without a dedicated storage drive. Why? You don't get on-device reporting, but you can use Sophos Central for that. So...

THE issue is that debugging a crashing issue is going to involve Sophos personnel logging things and the XGS87 (and I guess second-generation bottom-of-the-line appliances) doesn't have a separate storage device. So: a) some logs are lost, b) after a reboot you can recover some logs but you have to act quickly, and MOST IMPORTANTLY c) if the logging is extensive enough to fill the tiny pseudo-disk, it will halt everything and rebooting will not fix this and you eventually have to go in via the serial console and find that log file and delete it. (You can boot off of the other image, but you need to rescue the one in which the disk went to 100% usage.)

So I would never buy an XGS without a separate, and reasonably-sized storage drive. It makes marketing sense, I guess, for a small branch office, but if anything serious goes wrong, you're hosed. For example, the current process logging that Sophos is doing to figure out the kernel panic will fill the pseudo-disk in 24-30 hours, which will in itself take down the appliance.

(I also have a suspicion that something in SFOS v21 is not happy with diskless appliances and so the XGS87 is incapable of running SFOS v21, but that's just a suspicion on my part at this point.)



Added TAGs
[edited by: Erick Jan at 12:25 AM (GMT -8) on 16 Dec 2024]
Parents
  • Basically this is an approach by a lot of vendors out there. 

    SFOS is only doing it on the entry model (XG85-XGS88). The other models always have an Disk. I think, the XG85 was introduced in 2015, so nearly 10 years now, and the issues are small compared to the advantages. 

    XGS88 is also used as an replacement for RED, which has the same "tech specs" like no Disk. But at least a full webadmin and management for the appliance. 

    Sophos is also looking into those situations (Kernel Panics etc.). But the goal is, to resolve Kernel Panics and not to store them forever. 

    __________________________________________________________________________________________________________________

  • Popular or not, I would highly recommend not buying a diskless appliance. I do appreciate that -- as you note -- Sophos is working hard on the bug, but it's been a LOT of wasted time trying to identify the reason. And diskless is the main cause of that.

    Also, it's not clear that there's a solution to the kernel panic. Last I heard, it seems like it is just plain running out of RAM and there's minimal memory leaking. I'm looking at upgrading to an XGS108, which has a disk, and therefore can be debugged more straightforwardly and can dip into swap if it needs it during a memory surge. The XGS108 is overkill for a home user, but diskless is a newbie trap.

Reply
  • Popular or not, I would highly recommend not buying a diskless appliance. I do appreciate that -- as you note -- Sophos is working hard on the bug, but it's been a LOT of wasted time trying to identify the reason. And diskless is the main cause of that.

    Also, it's not clear that there's a solution to the kernel panic. Last I heard, it seems like it is just plain running out of RAM and there's minimal memory leaking. I'm looking at upgrading to an XGS108, which has a disk, and therefore can be debugged more straightforwardly and can dip into swap if it needs it during a memory surge. The XGS108 is overkill for a home user, but diskless is a newbie trap.

Children
No Data