Internet becomes unresponsive after several days?

This is the second time this has occurred since using v18 EAP. I've also had this issue occur a couple times when running v17 but it wasn't as frequent. With v18 EAP, after Sophos XG has been running for several days (over a week), sometimes the internet becomes unresponsive as in I can't access anything. For example, if I try to access a website, it just continues trying to load and eventually times out. At first, I thought it was an ISP issue so I would reset my cable modem but that didn't fix the issue. I can still access devices on my local network just fine, such as the Sophos XG web UI. What I did notice in the web UI is the "Sessions" count under System in the Control Center indicates a very high number when I'm having these issues. It seems to fluctuate from ~800 up to 2.5k. I have about 30-40 devices on my network (one computer, mobile devices, smart home devices, etc.). Typically, my Sessions count is somewhere around 20-50. After restarting Sophos XG, the count goes back down to what I normally see and everything works fine.

Anyone else experiencing similar issues? Is there any specific log I can save when this issue occurs? Unfortunately, I'm running this on my home network so I can't just leave it in an unusable state.

Parents Reply Children
  • Such issues with multiple sessions could be caused still by WAN ISP. 

    If your client cannot connect properly, he will access multiple times, all the times, and XG will hold those sessions. 

    Without a Dump, it is hard to tell, what is going on. 

     

    If this issue appears, could you take a look at the tcpdump? 

    Which Provider / box do you use? Something on this box? 

     

    I found an issue with my Unitymedia box in Germany. This ISP box did some similar issues. Actually it responded to all DNS request with his own IP. So Google was 192.168.1.1 etc. All my clients started to connect to this unitymedia box. 

    This issue came up couple of times and stopped after some weeks. 

    __________________________________________________________________________________________________________________

  • Ah, makes sense. I’ll try to get a tcpdump next time. I’m not too familiar with using tcpdump - is there any specific parameters I should run tcpdump with to capture what is needed to troubleshoot this particular issue?

    My ISP is Cox (U.S.), which is a cable internet service (1Gb down/35Mbps up). I have my Sophos XG device connected directly to a Motorola cable model I own.

    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/