New Sophos Support Phone Numbers in Effect July 1st, 2023

Thread Info
  • State Verified Answer
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 7107 views
  • Users 0 members are here
Options
Suggested

Unable to start Fastpath?

James Panther

Hello All,

I am having Sophos XG v18 Refresh-1 Installed as a ISO file in VMware Fusion 10.1.6  in which I am trying to enable fastpath but getting below error.

console> system firewall-acceleration show
Firewall Acceleration is Enabled. Fastpath Load Failed.
console> system firewall-acceleration

Device information

Appliance Model:                SFVUNL
Firmware Version:               SFOS 18.0.0 EAP3-Refresh1
Firmware Build:                 279
Firmware Loader version:
HW version:                     SO01

I've came across same kind of error starting from EAP-1 till EAP-3 refresh.I have also tried to re-install again but still it was same.

I can see that VFP module is also not loaded due to the fact that fastpath is not been loaded.

SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# lsmod | grep vfp

I am not sure what needs to be done next, can someone please help me out?

  • 0

    Which virtual network adapter are you using. I suggest you use vmxnet3

     

    Currently fastpath supports the following NIC drivers: i40e, e1000, e1000e, igb, ixgbe, vmxnet3.  If fastpath is enabled when system has no supported NICs, fastpath load will fail but system will still be fully functional without the performance enhancements provided by fastpath

  • 0 in reply to PMStuart

    Stuart, I am not sure about selection of virtual network adapter, Can you please let me know how can I confirm it?

  • 0 in reply to James Panther

    Hi James,

    please read this thread that Stuart answered sometime ago.

    https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-and-issues/118242/questions-about-the-fastpath-feature

    Ian

    XG115W - v19.5.2 mr-2 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to James Panther

    Its been a long time since I used Fusion but I think you need to shutdown the VM, then edit the .vmx file for the VM to change the adapter type.

    ethernet*.virtualDev = "vlance" - thats the PCnet32 driver which is likely what yours has defaulted to.
    ethernet*.virtualDev = "vmxnet"
    ethernet*.virtualDev = "vmxnet3" - thats what you want

    ethernet*.virtualDev = "e1000"
    ethernet*.virtualDev = "e1000e" - a newer version of the E1000 which uses an PCI-express slot

     

    the * is obviously a number for your adapter.

  • 0 in reply to PMStuart

    Hello Stuart, I am getting below options

    virtualHW.version = "14"
    pciBridge0.present = "TRUE"
    pciBridge4.present = "TRUE"
    pciBridge4.virtualDev = "pcieRootPort"
    pciBridge4.functions = "8"
    pciBridge5.present = "TRUE"
    pciBridge5.virtualDev = "pcieRootPort"
    pciBridge5.functions = "8"
    pciBridge6.present = "TRUE"
    pciBridge6.virtualDev = "pcieRootPort"
    pciBridge6.functions = "8"
    pciBridge7.present = "TRUE"
    pciBridge7.virtualDev = "pcieRootPort"

    Shall I replace pcieRootPort with vmxnet3?

  • 0 in reply to James Panther

    Actually, I am unable to get that exact details which you have mentioned, please help me test this feature properly

    .encoding = "UTF-8"
    config.version = "8"
    virtualHW.version = "14"
    pciBridge0.present = "TRUE"
    pciBridge4.present = "TRUE"
    pciBridge4.virtualDev = "pcieRootPort"
    pciBridge4.functions = "8"
    pciBridge5.present = "TRUE"
    pciBridge5.virtualDev = "pcieRootPort"
    pciBridge5.functions = "8"
    pciBridge6.present = "TRUE"
    pciBridge6.virtualDev = "pcieRootPort"
    pciBridge6.functions = "8"
    pciBridge7.present = "TRUE"
    pciBridge7.virtualDev = "pcieRootPort"
    pciBridge7.functions = "8"
    vmci0.present = "TRUE"
    hpet0.present = "TRUE"
    displayName = "V18"
    guestOS = "other"
    nvram = "V18 EAP0.nvram"
    virtualHW.productCompatibility = "hosted"
    powerType.powerOff = "soft"
    powerType.powerOn = "soft"
    powerType.suspend = "soft"
    powerType.reset = "soft"
    tools.syncTime = "TRUE"
    tools.upgrade.policy = "upgradeAtPowerCycle"
    sound.autoDetect = "TRUE"
    sound.fileName = "-1"
    sound.present = "TRUE"
    memsize = "5304"
    ide0:0.fileName = "Virtual Disk.vmdk"
    ide0:0.present = "TRUE"
    ide1:0.deviceType = "cdrom-imageJa"
    ide1:0.fileName = "/Downloads/SW-18.0.0_EAP0-43.iso"
    ide1:0.present = "TRUE"
    ethernet0.addressType = "generated"
    ethernet0.linkStatePropagation.enable = "TRUE"
    ethernet0.present = "TRUE"
    extendedConfigFile = "V18 EAP0.vmxf"
    floppy0.present = "FALSE"
    ethernet1.connectionType = "hostonly"
    ethernet1.addressType = "generated"
    ethernet1.present = "TRUE"
    ethernet2.addressType = "generated"
    ethernet2.present = "TRUE"
    numa.autosize.cookie = "30001"
    numa.autosize.vcpu.maxPerVirtualNode = "3"
    uuid.bios = "56 4d f3 17 83 42 0a d4-d7 50 6e ba 9a 04 ee a0"
    uuid.location = "56 4d f3 17 83 42 0a d4-d7 50 6e ba 9a 04 ee a0"
    migrate.hostlog = "./V18 EAP0-e66b1684.hlog"
    ide0:0.redo = ""
    pciBridge0.pciSlotNumber = "17"
    pciBridge4.pciSlotNumber = "21"
    pciBridge5.pciSlotNumber = "22"
    pciBridge6.pciSlotNumber = "23"
    pciBridge7.pciSlotNumber = "24"
    ethernet0.pciSlotNumber = "32"
    ethernet1.pciSlotNumber = "33"
    ethernet2.pciSlotNumber = "34"
    sound.pciSlotNumber = "35"
    vmci0.pciSlotNumber = "36"
    ethernet0.generatedAddress = "00:0C:29:04:EE:A0"
    ethernet0.generatedAddressOffset = "0"
    ethernet1.generatedAddress = "00:0C:29:04:EE:AA"
    ethernet1.generatedAddressOffset = "10"
    ethernet2.generatedAddress = "00:0C:29:04:EE:B4"
    ethernet2.generatedAddressOffset = "20"
    vmci0.id = "-1710952800"
    monitor.phys_bits_used = "43"
    vmotion.checkpointFBSize = "92274688"
    vmotion.checkpointSVGAPrimarySize = "92274688"
    cleanShutdown = "TRUE"
    softPowerOff = "TRUE"
    gui.exitOnCLIHLT = "TRUE"
    checkpoint.vmState = ""
    gui.viewModeAtPowerOn = "windowed"
    ethernet2.connectionType = "hostonly"
    ethernet3.addressType = "generated"
    ethernet3.present = "TRUE"
    ethernet3.linkStatePropagation.enable = "TRUE"
    ethernet3.pciSlotNumber = "37"
    ethernet3.generatedAddress = "00:0c:29:04:ee:be"
    ethernet3.generatedAddressOffset = "30"
    toolsInstallManager.updateCounter = "4"
    numvcpus = "3"
    cpuid.coresPerSocket = "3"
    ethernet4.connectionType = "nat"
    ethernet4.addressType = "generated"
    ethernet4.present = "TRUE"
    ethernet4.pciSlotNumber = "38"
    ethernet4.generatedAddress = "00:0c:29:04:ee:c8"
    ethernet4.generatedAddressOffset = "40"
    bios.bootOrder = "ethernet0"

  • +1 in reply to James Panther

    James, your installation is using the pcnet32 driver by default hence why it's not listed. Simply add

    ethernet*.virtualDev = "vmxnet3"

    replace the * with unique number for each interface. eg ethernet0.virtualdev = "vmxnet3"

  • 0 in reply to PMStuart

    Stuart, You are my savior. Issue got resolved as per changes suggested from your end

    SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# ethtool -i Port1
    driver: vmxnet3
    version: 1.4.a.0-k-NAPI
    firmware-version:
    expansion-rom-version:
    bus-info: 0000:03:00.0
    supports-statistics: yes
    supports-test: no
    supports-eeprom-access: no
    supports-register-dump: yes
    supports-priv-flags: no
    SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# cish
    console> system firewall-acceleration show
    Firewall Acceleration is Enabled.
    console>

  • 0 in reply to James Panther

    Stuart, I tried to follow your steps which resolved this issue  for fastpath but suddenly all traffic from my WAN interface is not working after applying this changes

    console> ping 10.10.5.100 (It is my upstream gateway)
    PING 10.10.5.100 (10.10.5.100): 56 data bytes
    ^C
    --- 10.10.5.100 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss


    console> system diagnostics utilities arp ping interface Port2 10.10.5.100
    ARPING to 10.10.5.100 from 10.10.5.2 via Port2
    ^CSent 3 probe(s) (3 broadcast(s))
    Received 0 reply (0 request(s), 0 broadcast(s))

    SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# ethtool -i Port1
    driver: vmxnet3

    console> system firewall-acceleration show
    Firewall Acceleration is Enabled.
    console> system firewall-acceleration disable
    Firewall Acceleration Disabled Successfully.
    console> system firewall-acceleration show
    Firewall Acceleration is Disabled.

     

    SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# drppkt host 8.8.8.8
    ^CSFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1#

     

    SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# tcpdump -ni any host 8.8.8.8
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
    ^C
    0 packets captured
    0 packets received by filter
    0 packets dropped by kernel

     

    SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    ^C
    --- 8.8.8.8 ping statistics ---
    5 packets transmitted, 0 packets received, 100% packet loss
    SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1#

  • 0 in reply to James Panther

    I dont have Fusion as I said, but the fact this doesnt work when you have acceleration disabled or enabled tells me this is a straight networking issue. I would look at the overall vmware network configuration, especially how the VM is bridged to your local adapter.

     

    Probably the first step would be to comment out the changes you just made and make sure you still have connectivity with the default driver.

Unfiltered HTML