Sophos Firewall: How to submit an RMA ticket and setup the replacement firewall

Overview

This article describes how to identify and submit RMA (Return Merchandise Authorization) and DOA (Dead on Arrival) support tickets, whom to connect to get the shipping/RMA ticket status post-RMA, and how to bring up the RMA replacement appliance.

Table of Contents

  • Submit a support ticket for RMA/DOA
  • Shipping/RMA ticket status
  • Post RMA process

Applies to the following Sophos products:

  • Sophos Firewall XG/XGS

Submit a support ticket for RMA/DOA

The following are common reasons for device failure, which can be troubleshot by gathering the information mentioned in the section applicable to your device and then submitting an RMA ticket to Sophos support. 

A) Complete power failure/Dead on Arrival  – Device fails to power ON. The device isn't turning on when pressing the Power Button.

Please create a Sophos Support Ticket (support.sophos.com) and attach the RMA form after filling it with all the information (The RMA form is provided at the end of the article) and provide answers to the following questions. Once the RMA is approved, please see the "Shipping/RMA ticket status" section to get shipping-related updates and follow the "Post RMA Process" section to finish setting up the new/replaced device.

1. What is the (approximate) purchase date of the device?

2. What is the status of the power LED and HDD LED while powering on the device?

3. Do you hear a single beep when powering on the device? (This observation does not apply to XGS).

4. Have you tried powering on with a different power cable and a different power outlet socket?

5. If your device has dual power supplies, please try powering on with the other power supply input.

6. If your device supports a hot-swappable power supply, kindly try powering on with a different power supply.

7. It is recommended to submit a video/picture showcasing the described issue for quicker RMA approval.

B) Device is being powered on but not booting further/ Device GUI/CLI/Console not accessible – When powering on the device, an error is observed on the console or the HDMI/VGA output (if applicable), and the GUI isn't accessible. 

Please create a Sophos Support Ticket (support.sophos.comand attach the RMA form after filling it with all the information(The RMA form is provided at the end of the article) and provide answers to the following questions. Once RMA is approved, please see the "Shipping/RMA ticket status" section to get shipping-related updates and follow the "Post RMA Process" section to finish setting up the new/replaced device.

1. Is the device accessible via HTTPS/SSH from LAN and WAN?

2. Were any changes made from the GUI/CLI or any other activity after Sophos Firewall lost the device access? Please describe the changes made before the incident.

3. Is there a beep sound while we're rebooting the firewall? (This observation does not apply to XGS).

4. Is the device responding over the serial console? If No, then are you connecting it directly via the provided serial cable (DB-9 serial port), USB converter cable (serial to USB converter), or via the micro-USB serial console cable (the latest XG/XGS model may have this console port)? Do you see it under the device manager of that system without any errors related to the driver, etc., for that connection? 

Note: Please ensure that the baud rate is set to 38400 and the device status over the console has been verified multiple times at different time intervals.

5. (Optional) If the device is not responding over the serial console, please try connecting with any other system via serial connection to confirm the console connectivity status of the device.

6. If you observe any errors in the console connection, please take a snapshot to share it with Sophos Support when logging an RMA ticket.

C) Sophos Firewall Interface or Port not working  – This happens when the interface's status is disconnected when physically connected to the network.

Please create a Sophos Support Ticket (support.sophos.comand attach the RMA form after filling it with all the information(The RMA form is provided at the end of the article) and provide answers to the following questions. Once RMA is approved, please see the "Shipping/RMA ticket status" section to get shipping-related updates and follow the "Post RMA Process" section to finish setting up the new/replaced device.

1. What is the Port LED status when the cable is connected? Including a snapshot of the LED status of the port in question is recommended.

2. Please check the interface status via the CLI command provided below:

console> show network Interfaces

OR

#ifconfig -a

3. Please access the device via SSH and select 5. Device Management > 3. Advanced Shell and run the following command:

#tail -f /log/syslog.log

Plug in the cable in the problematic port. If you observe any errors/log lines, please include them in the support ticket. 

4. With the cable plugged into the problematic port, please ensure that the Port test is performed and share the results in the support ticket. 

Note: Port test doesn't apply to XGS models

a. Access the device via the SSH and select 5. Device Management > 3. Advanced Shell and run the following command:

#ethtool -t PortX 
(Replace X with the problematic port number)

Optionally, you can also run the Sophos Firewall Ethernet card test (Requires downtimeNote: Port test is not applicable to XGS models.

b. Connect the problematic port with another functional port on the same firewall and run the following command again in Advanced Shell:

#ethtool -t PortX (Replace X with the problematic port number)

c. Lastly, connect the problematic port to a PC or a Laptop and confirm the interface status on the firewall.

Please share the outputs from sections a.b., and c. in the support ticket. 

7. Please try changing the cable used to connect the problematic port and confirm the port connection status.

8. Try changing the Interface duplex/speed with other available options to validate the status of the Port/Interface connection by going through the following steps:

Please access the device via the SSH and select 4. Device Console and execute the following command:

console> set network [interface-speed [Port<port name or number > <1000fd | 1000hd | 100fd | 100hd | 10fd | 10hd | auto >] 

 

9. Optional: Insert an unmanaged switch between the Sophos appliance and a computer and confirm the port/interface status. If it shows disconnected, follow steps 7 and 8 after adding the switch and validating port/interface status.

Lastly, access the device via SSH and select 5. Device Management > 3. Advanced Shell and run the following command to view Syslog: 

#tail -f /log/syslog.log

Please share the observations in the support ticket.

Note: Our support team will review and validate the information provided and may reach out to perform further diagnosis if necessary.

Shipping/RMA ticket status:

The Customer Care Team will provide an RMA case number once the RMA is approved. To comply with export compliance regulations worldwide, the RMA team will review the regulatory requirements, and once the RMA has cleared these regulatory requirements, a replacement will be dispatched from the regional RMA center as soon as possible.

Note: There might be delays in the RMA unit delivery for a few regions due to export compliance checks.

As soon as the package is sent out, you'll receive a notification with the tracking number of the shipment in the RMA case number, along with our regional RMA Team's email address. Getting in touch with your regional RMA Team for shipment-related queries is recommended.

Service Region

RMA Team Email

UK, Ireland & Non-EU member countries of Europe

EMEA_RMA@sophos.com

European Union (EU Member countries)

NL_RMA@sophos.com

Africa

africarma@sophos.com

APAC

apacrma@sophos.com

Japan

JPRMA@sophos.com

USA, Canada, LATAM

AMERICAS.RMA@sophos.com

India

INDIARMA@sophos.com

Post RMA Process:

Once the RMA replacement appliance has been received, one can go through the steps below to bring it up.

1. Sophos Firewall: License transfer after RMA
2. Backup and restore
3. Backup-restore compatibility check

5383.RMA form.txt
Technical Issue
======================================
Description: [Insert description]

 
License Details
======================================
License Number: [License #]


Defective Product Details
======================================
Model: 
Revision: 
Required Firmware:
Serial Number:
Fault Code:
Sub-fault code:

Shipping Info (All fields required):
======================================
Company: 
Name:
Address:
City:
Zip/Postal code:
Country:
Phone:
Email: 
Special Instructions:



Formatting changes
[edited by: Yashraj at 12:18 PM (GMT -7) on 21 Jun 2022]