Internet becomes unresponsive after several days?

This is the second time this has occurred since using v18 EAP. I've also had this issue occur a couple times when running v17 but it wasn't as frequent. With v18 EAP, after Sophos XG has been running for several days (over a week), sometimes the internet becomes unresponsive as in I can't access anything. For example, if I try to access a website, it just continues trying to load and eventually times out. At first, I thought it was an ISP issue so I would reset my cable modem but that didn't fix the issue. I can still access devices on my local network just fine, such as the Sophos XG web UI. What I did notice in the web UI is the "Sessions" count under System in the Control Center indicates a very high number when I'm having these issues. It seems to fluctuate from ~800 up to 2.5k. I have about 30-40 devices on my network (one computer, mobile devices, smart home devices, etc.). Typically, my Sessions count is somewhere around 20-50. After restarting Sophos XG, the count goes back down to what I normally see and everything works fine.

Anyone else experiencing similar issues? Is there any specific log I can save when this issue occurs? Unfortunately, I'm running this on my home network so I can't just leave it in an unusable state.

  • Hi there

    What country are you in?

    What is the model of the cable modem?

    How is the WAN interface in the Sophos configured?



    Gavin Daniels. DipIT(Networking)


  • I’m located in USA. It’s a Motorola MB8600 cable modem and the WAN interface is the default configuration. The only addition I made was adding an IPv6 interface.


    Sophos XG guides for home users:

  • Hi,

    In Australia we use HFC cable and Arrias Cable Modems. Several ISP's will use PPPOE Authentication for their connections.

    I found that I would get a lockup of the interface for a while when the WAN port was configured at a 1500MTU size. Dropping it to a 1492MTU size to allow for the 8 byte pppoe Header.


    When I moved to another carrier who also uses PPPOE over a Vlan connection, I needed to reduce the MTU size to 1460.

    Which is also where I added the forum request to make the MTU size of an unconfigured WAN port adjustable. As configuring the hardware port as WAN or DMZ with a static IP was a waste,


    Gavin Daniels. DipIT(Networking)


  • Ah, I see. My ISP is Cox which does not use PPoE.

    , The issue started occurring again last night. Same issue and symptoms. I left everything alone to see if the problem would still be there in the morning and sure enough, it was. I left everything as is for about an hour while I was digging around to see if I could see anything abnormal, but nothing appeared out of ordinary other than the increasing/decreasing session counts that I also see associated with this issue. Instead of restarting the entire thing, I tried restarting just the ips service from the advanced shell and after doing so, it appears the issue is resolved. Session counts are back down to “normal” levels and I also noticed the memory usage dropped from ~50% to ~38%. I did take a Consolidated Troubleshooting Report when the issue was occurring.

    So, as far as I can tell, the issue appears to be caused by the ips service that is resolved with an ips service restart. Here are my ips settings: 

    Sophos Firmware Version SFOS 18.0.0 EAP3-Refresh1

    console> show ips-settings
    -------------IPS Settings-------------
    stream on
    lowmem off
    maxsesbytes 0
    maxpkts 8
    enable_appsignatures on
    http_response_scan_limit 65535
    search_method hyperscan
    sip_preproc enabled
    sip_ignore_call_channel enabled
    inspect untrusted-content

    -------------IPS Instances------------
    1 0
    2 1
    3 2
    4 3


    Sophos XG guides for home users:

  • Well, restarting the ips service seemed to have fixed it for about an hour. Unfortunately, the issue is back.

    Edit: So I restarted the ips service again and everything has been working fine for the past two hours.

    I’m wondering if the issue is with ATP. Before I was having the issue last night, I enabled ATP and the issue started occurring shortly after. I notice when I enable ATP, the memory usage jumps up quite a bit. Even after disabling ATP, the issue remained and the memory usage remained as well. This morning when I restarted the ips service to see if it fixed the issue, I did the same thing of enabling ATP and shortly after the issue started occurring. Same symptoms after disabling ATP (increased memory usage remained, issue still existed). I restarted the ips service this last time but left ATP enabled and so far, everything seems to be working fine.


    Sophos XG guides for home users:

  • Seems like I experienced the exact same issues after activating ATP on EAP3 and I have left ATP offline since then. Gonna try it again now if it still persists. I notice it that my internet connected IoT devices like Tado heating and so on are suddenly offline. This gets fixed turning off the ATP. If I don‘t do that sooner or later normal browsing gets affected as well.
  • Hi,

    there is a bug in the ATP which will be fixed in the V18 GA I am advised. You will need to restart your XG if you disable ATP and re-enable it.


    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data