Hello All,
I am having Sophos XG v18 Refresh-1 Installed as a ISO file in VMware Fusion 10.1.6 in which I am trying to enable fastpath but getting below error.
console> system firewall-acceleration show Firewall Acceleration is Enabled. Fastpath Load Failed.console> system firewall-acceleration
Device informationAppliance Model: SFVUNLFirmware Version: SFOS 18.0.0 EAP3-Refresh1Firmware Build: 279Firmware Loader version:HW version: SO01
I've came across same kind of error starting from EAP-1 till EAP-3 refresh.I have also tried to re-install again but still it was same.
I can see that VFP module is also not loaded due to the fact that fastpath is not been loaded.SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# lsmod | grep vfpI am not sure what needs to be done next, can someone please help me out?
Which virtual network adapter are you using. I suggest you use vmxnet3
Currently fastpath supports the following NIC drivers: i40e, e1000, e1000e, igb, ixgbe, vmxnet3. If fastpath is enabled when system has no supported NICs, fastpath load will fail but system will still be fully functional without the performance enhancements provided by fastpath
Stuart, I am not sure about selection of virtual network adapter, Can you please let me know how can I confirm it?
Hi James,
please read this thread that Stuart answered sometime ago.
https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/feedback-and-issues/118242/questions-about-the-fastpath-feature
Ian
Its been a long time since I used Fusion but I think you need to shutdown the VM, then edit the .vmx file for the VM to change the adapter type.
ethernet*.virtualDev = "vlance" - thats the PCnet32 driver which is likely what yours has defaulted to.ethernet*.virtualDev = "vmxnet"ethernet*.virtualDev = "vmxnet3" - thats what you want
ethernet*.virtualDev = "e1000"ethernet*.virtualDev = "e1000e" - a newer version of the E1000 which uses an PCI-express slot
the * is obviously a number for your adapter.
Hello Stuart, I am getting below optionsvirtualHW.version = "14"pciBridge0.present = "TRUE"pciBridge4.present = "TRUE"pciBridge4.virtualDev = "pcieRootPort"pciBridge4.functions = "8"pciBridge5.present = "TRUE"pciBridge5.virtualDev = "pcieRootPort"pciBridge5.functions = "8"pciBridge6.present = "TRUE"pciBridge6.virtualDev = "pcieRootPort"pciBridge6.functions = "8"pciBridge7.present = "TRUE"pciBridge7.virtualDev = "pcieRootPort"Shall I replace pcieRootPort with vmxnet3?
Actually, I am unable to get that exact details which you have mentioned, please help me test this feature properly.encoding = "UTF-8"config.version = "8"virtualHW.version = "14"pciBridge0.present = "TRUE"pciBridge4.present = "TRUE"pciBridge4.virtualDev = "pcieRootPort"pciBridge4.functions = "8"pciBridge5.present = "TRUE"pciBridge5.virtualDev = "pcieRootPort"pciBridge5.functions = "8"pciBridge6.present = "TRUE"pciBridge6.virtualDev = "pcieRootPort"pciBridge6.functions = "8"pciBridge7.present = "TRUE"pciBridge7.virtualDev = "pcieRootPort"pciBridge7.functions = "8"vmci0.present = "TRUE"hpet0.present = "TRUE"displayName = "V18"guestOS = "other"nvram = "V18 EAP0.nvram"virtualHW.productCompatibility = "hosted"powerType.powerOff = "soft"powerType.powerOn = "soft"powerType.suspend = "soft"powerType.reset = "soft"tools.syncTime = "TRUE"tools.upgrade.policy = "upgradeAtPowerCycle"sound.autoDetect = "TRUE"sound.fileName = "-1"sound.present = "TRUE"memsize = "5304"ide0:0.fileName = "Virtual Disk.vmdk"ide0:0.present = "TRUE"ide1:0.deviceType = "cdrom-imageJa"ide1:0.fileName = "/Downloads/SW-18.0.0_EAP0-43.iso"ide1:0.present = "TRUE"ethernet0.addressType = "generated"ethernet0.linkStatePropagation.enable = "TRUE"ethernet0.present = "TRUE"extendedConfigFile = "V18 EAP0.vmxf"floppy0.present = "FALSE"ethernet1.connectionType = "hostonly"ethernet1.addressType = "generated"ethernet1.present = "TRUE"ethernet2.addressType = "generated"ethernet2.present = "TRUE"numa.autosize.cookie = "30001"numa.autosize.vcpu.maxPerVirtualNode = "3"uuid.bios = "56 4d f3 17 83 42 0a d4-d7 50 6e ba 9a 04 ee a0"uuid.location = "56 4d f3 17 83 42 0a d4-d7 50 6e ba 9a 04 ee a0"migrate.hostlog = "./V18 EAP0-e66b1684.hlog"ide0:0.redo = ""pciBridge0.pciSlotNumber = "17"pciBridge4.pciSlotNumber = "21"pciBridge5.pciSlotNumber = "22"pciBridge6.pciSlotNumber = "23"pciBridge7.pciSlotNumber = "24"ethernet0.pciSlotNumber = "32"ethernet1.pciSlotNumber = "33"ethernet2.pciSlotNumber = "34"sound.pciSlotNumber = "35"vmci0.pciSlotNumber = "36"ethernet0.generatedAddress = "00:0C:29:04:EE:A0"ethernet0.generatedAddressOffset = "0"ethernet1.generatedAddress = "00:0C:29:04:EE:AA"ethernet1.generatedAddressOffset = "10"ethernet2.generatedAddress = "00:0C:29:04:EE:B4"ethernet2.generatedAddressOffset = "20"vmci0.id = "-1710952800"monitor.phys_bits_used = "43"vmotion.checkpointFBSize = "92274688"vmotion.checkpointSVGAPrimarySize = "92274688"cleanShutdown = "TRUE"softPowerOff = "TRUE"gui.exitOnCLIHLT = "TRUE"checkpoint.vmState = ""gui.viewModeAtPowerOn = "windowed"ethernet2.connectionType = "hostonly"ethernet3.addressType = "generated"ethernet3.present = "TRUE"ethernet3.linkStatePropagation.enable = "TRUE"ethernet3.pciSlotNumber = "37"ethernet3.generatedAddress = "00:0c:29:04:ee:be"ethernet3.generatedAddressOffset = "30"toolsInstallManager.updateCounter = "4"numvcpus = "3"cpuid.coresPerSocket = "3"ethernet4.connectionType = "nat"ethernet4.addressType = "generated"ethernet4.present = "TRUE"ethernet4.pciSlotNumber = "38"ethernet4.generatedAddress = "00:0c:29:04:ee:c8"ethernet4.generatedAddressOffset = "40"bios.bootOrder = "ethernet0"
James, your installation is using the pcnet32 driver by default hence why it's not listed. Simply add
ethernet*.virtualDev = "vmxnet3"
replace the * with unique number for each interface. eg ethernet0.virtualdev = "vmxnet3"
Stuart, You are my savior. Issue got resolved as per changes suggested from your endSFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# ethtool -i Port1driver: vmxnet3version: 1.4.a.0-k-NAPIfirmware-version: expansion-rom-version: bus-info: 0000:03:00.0supports-statistics: yessupports-test: nosupports-eeprom-access: nosupports-register-dump: yessupports-priv-flags: noSFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# cishconsole> system firewall-acceleration show Firewall Acceleration is Enabled.console>
Stuart, I tried to follow your steps which resolved this issue for fastpath but suddenly all traffic from my WAN interface is not working after applying this changes
console> ping 10.10.5.100 (It is my upstream gateway)PING 10.10.5.100 (10.10.5.100): 56 data bytes^C--- 10.10.5.100 ping statistics ---3 packets transmitted, 0 packets received, 100% packet loss
console> system diagnostics utilities arp ping interface Port2 10.10.5.100ARPING to 10.10.5.100 from 10.10.5.2 via Port2^CSent 3 probe(s) (3 broadcast(s))Received 0 reply (0 request(s), 0 broadcast(s))
SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# ethtool -i Port1driver: vmxnet3
console> system firewall-acceleration show Firewall Acceleration is Enabled.console> system firewall-acceleration disable Firewall Acceleration Disabled Successfully.console> system firewall-acceleration show Firewall Acceleration is Disabled.
SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# drppkt host 8.8.8.8^CSFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1#
SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# tcpdump -ni any host 8.8.8.8tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes^C0 packets captured0 packets received by filter0 packets dropped by kernel
SFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1# ping 8.8.8.8PING 8.8.8.8 (8.8.8.8): 56 data bytes^C--- 8.8.8.8 ping statistics ---5 packets transmitted, 0 packets received, 100% packet lossSFVUNL_SO01_SFOS 18.0.0 EAP3-Refresh1#
I dont have Fusion as I said, but the fact this doesnt work when you have acceleration disabled or enabled tells me this is a straight networking issue. I would look at the overall vmware network configuration, especially how the VM is bridged to your local adapter.
Probably the first step would be to comment out the changes you just made and make sure you still have connectivity with the default driver.