This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 16.01.0 known IPS issue - Work arounds?

Hey all,

Anyone have any other work around for the known IPS issue (NC-8238 [IPS] IPS Service drops legitimate traffic in very high load average conditions)? The IPS service seems to constantly fail to start and causes this issue from what I can see (CPU usage and memory usage spike all over the place). As my work around, I set the IPS service to Stop, performance and traffic return to normal. Obviously this isn't a great solution... Anyone have anything better?

I'd like to know when this will be resolved too, seems to me to be a rather big problem. I may actually just roll back to 15 if this is going to be a thing for a while.

Thanks !!

This thread was automatically locked due to age.

Parents

0 AleksandrIvanov over 7 years ago

We have similar problem - with IPS service turned ON and even if its not configured on any of firewalls rules its constantly eating 1 cpu core (on XG115) and causing latency spikes with real-time traffic degradation (VOIP)

Already opened a case about this issue, waiting for an answer.

p.s. is it really a "known" issue? Where I can find it?
Cancel
Vote Up 0 Vote Down

Cancel
0 Darrian Churchill over 7 years ago in reply to AleksandrIvanov

Hi, It is a known issue - release notes: https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-16-01-1-released

"NC-8238 [IPS] IPS Service drops legitimate traffic in very high load average conditions"

To me its pretty awful that its taken so long to get a fix out. I had to disable the IPS service on one installation. It seems fin on my Cyberoam Cr300 ing XP though, which is production so I am happy its not causing issues there.

I'm interested to hear the answer you are given :)
Cancel
Vote Up 0 Vote Down

Cancel
0 AleksandrIvanov over 7 years ago in reply to Darrian Churchill

Our situation is nowhere near "in very high load average conditions" ))

We have XG115 and 2-5mbit of traffic with no spikes (+1-2 SSL VPN clients)

Im sorry to say that but im starting to understand why palo-alto cost x5-10 times more (because they have separate management and traffic boards in one box + FPGA, and of course better quality control)
Cancel
Vote Up 0 Vote Down

Cancel
0 Aditya Patel over 7 years ago in reply to AleksandrIvanov

Hi AleksandrIvanov,

The Issue on this BUG is resolved with V16.01.1 , check if the issue persist

Regards,

Aditya Patel
Global Escalation Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Darrian Churchill over 7 years ago in reply to Aditya Patel

I think you are mistaken, as the issue is definately not resolved on 16.01.1 for me. I still have to disable IPS, or it drops all packets.

It's still listed under "Known Issues" here:

https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-16-01-1-released

Known Issues

NC-6315 [Clientless Access(HTTP/HTTPS)] Script based web forms of Web Server is not accessible with Clientless VPN

NC-12079 [Galileo Heartbeat] No heartbeat status displayed on control center with MAC End point

NC-13480 [Galileo Heartbeat] Heartbeat service taking High CPU due to same multiple UUID of End Point

NC-8238 [IPS] IPS Service drops legitimate traffic in very high load average conditions

NC-13538 [UI] Control center page is not properly displayed with IE 11

NC-13282 [Wireless] AP Deployment over IPsec VPN is not working
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Darrian Churchill over 7 years ago in reply to Aditya Patel

I think you are mistaken, as the issue is definately not resolved on 16.01.1 for me. I still have to disable IPS, or it drops all packets.

It's still listed under "Known Issues" here:

https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-16-01-1-released

Known Issues

NC-6315 [Clientless Access(HTTP/HTTPS)] Script based web forms of Web Server is not accessible with Clientless VPN

NC-12079 [Galileo Heartbeat] No heartbeat status displayed on control center with MAC End point

NC-13480 [Galileo Heartbeat] Heartbeat service taking High CPU due to same multiple UUID of End Point

NC-8238 [IPS] IPS Service drops legitimate traffic in very high load average conditions

NC-13538 [UI] Control center page is not properly displayed with IE 11

NC-13282 [Wireless] AP Deployment over IPsec VPN is not working
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data