This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Proxy failures - general oddness

For the past several weeks my UTM has been acting flaky - Issues with the WiFi (AP55) staying connected, web not responding, email quarantine release website giving errors... just general not behaving. I've tried clearing out a few things, turned off EndPoint protect (which as a problem, but resetting my UTM ID seemed to have fixed it), and rebooted. But I'm still getting issues.

I've been sorting through logs trying to see if I can figure out what's going on. I was having some WiFi issues before, but I found some lose connection on my patch panel so i attributed it to that - however after correcting that issue still having some connectivity issues - I'm not suspecting any issues with the AP55 at this point though.

Right now I get an email ~ every hour:

INFO-141] Http proxy not running - restarted

Http proxy not running - restarted
--
System Uptime      : 9 days 15 hours 46 minutes
System Load        : 5.69
System Version     : Sophos UTM 9.508-10

Digging through the log's I'm seeing:

Kernel Log:

2018:04:02-09:20:04 utm kernel: [837290.810516] ConfdReload[60002]: segfault at 33f0e996 ip 00000000f73a9103 sp 00000000e4e7ae70 error 4 in libtcmalloc.so.4.1.0[f7382000+48000]
2018:04:02-09:21:08 utm kernel: [837355.307681] ConfdReload[60674]: segfault at 30459 ip 00000000f759ae08 sp 00000000e4e25bd0 error 6 in libcrypto.so.1.0.0[f74a8000+1b4000]
2018:04:02-09:25:22 utm kernel: [837608.670408] ConfdReload[61080]: segfault at 33f0e996 ip 00000000f739d103 sp 00000000e4e6ee70 error 4 in libtcmalloc.so.4.1.0[f7376000+48000]
2018:04:02-09:29:13 utm kernel: [837839.989362] ConfdReload[61823]: segfault at 0 ip 00000000f7379103 sp 00000000e4e4afe0 error 4 in libtcmalloc.so.4.1.0[f7352000+48000]
2018:04:02-09:36:15 utm kernel: [ 217.193988] ConfdReload[8439]: segfault at 8070455 ip 00000000f686e5ba sp 00000000e4ea68ac error 7 in libc-2.11.3.so[f67f2000+16c000]
2018:04:02-09:36:52 utm kernel: [ 254.219874] ConfdReload[8906]: segfault at 30459 ip 00000000f75e1e08 sp 00000000e4e6cbd0 error 6 in libcrypto.so.1.0.0[f74ef000+1b4000]
2018:04:02-09:38:08 utm kernel: [ 330.497729] ConfdReload[9258]: segfault at 9060455 ip 00000000f73d9b96 sp 00000000e4e99c40 error 4 in libtcmalloc.so.4.1.0[f73a1000+48000]
2018:04:02-09:42:27 utm kernel: [ 588.853698] Confd[9414]: segfault at 6 ip 00000000f7392697 sp 00000000f64aab80 error 4 in libtcmalloc.so.4.1.0[f7359000+48000]
2018:04:02-09:43:25 utm kernel: [ 647.012638] ConfdReload[10419]: segfault at 9007375 ip 00000000f735eb96 sp 00000000e4e1e950 error 4 in libtcmalloc.so.4.1.0[f7326000+48000]

 

Self monitoring log:

2018:04:02-10:03:46 utm selfmonng[4917]: W child returned status: exit='0' signal='0'
2018:04:02-10:04:06 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 1 - 3
2018:04:02-10:04:11 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 2 - 3
2018:04:02-10:04:16 utm selfmonng[4917]: W check Failed increment httpproxy_running counter 3 - 3
2018:04:02-10:04:16 utm selfmonng[4917]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2018:04:02-10:04:16 utm selfmonng[4917]: W triggerAction: 'cmd'
2018:04:02-10:04:16 utm selfmonng[4917]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2018:04:02-10:04:18 utm selfmonng[4917]: W child returned status: exit='0' signal='0'
2018:04:02-10:04:48 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 1 - 3
2018:04:02-10:04:53 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 2 - 3
2018:04:02-10:04:58 utm selfmonng[4917]: W check Failed increment httpproxy_running counter 3 - 3
2018:04:02-10:04:58 utm selfmonng[4917]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2018:04:02-10:04:58 utm selfmonng[4917]: W triggerAction: 'cmd'
2018:04:02-10:04:58 utm selfmonng[4917]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2018:04:02-10:05:00 utm selfmonng[4917]: W child returned status: exit='0' signal='0'
2018:04:02-10:07:10 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 1 - 3
2018:04:02-10:07:15 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 2 - 3
2018:04:02-10:07:20 utm selfmonng[4917]: W check Failed increment httpproxy_running counter 3 - 3
2018:04:02-10:07:20 utm selfmonng[4917]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2018:04:02-10:07:20 utm selfmonng[4917]: W triggerAction: 'cmd'
2018:04:02-10:07:20 utm selfmonng[4917]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2018:04:02-10:07:57 utm selfmonng[4917]: W child returned status: exit='0' signal='0'
2018:04:02-10:10:37 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 1 - 3
2018:04:02-10:10:42 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 2 - 3
2018:04:02-10:10:47 utm selfmonng[4917]: W check Failed increment httpproxy_running counter 3 - 3
2018:04:02-10:10:47 utm selfmonng[4917]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2018:04:02-10:10:47 utm selfmonng[4917]: W triggerAction: 'cmd'
2018:04:02-10:10:47 utm selfmonng[4917]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2018:04:02-10:10:53 utm selfmonng[4917]: W child returned status: exit='0' signal='0'
2018:04:02-10:13:23 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 1 - 3
2018:04:02-10:13:28 utm selfmonng[4917]: I check Failed increment httpproxy_running counter 2 - 3
2018:04:02-10:13:33 utm selfmonng[4917]: W check Failed increment httpproxy_running counter 3 - 3
2018:04:02-10:13:33 utm selfmonng[4917]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2018:04:02-10:13:33 utm selfmonng[4917]: W triggerAction: 'cmd'
2018:04:02-10:13:33 utm selfmonng[4917]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2018:04:02-10:13:35 utm selfmonng[4917]: W child returned status: exit='0' signal='0'

When I get quarantine report and click on it via e-mail I get this:


I do have a wildcard SSL cert applied, however it works no problem when accessing either the admin page nor the user portal (both produce green bars):



The UTM is running on an ESXi 6.0 (on an old dell R710), the VM has 8GB of RAM, 200GB HDD and 4 CPU's - all hardware indicator's seen to be fine:


One thing to note, since I have the home license I'm getting close to the 50 max - have about 45 devices (yeah, I know... between gaming consoles, computers, roku's, voip, work laptops, kid's school ipads, cell phones... we got lot's of crap), so I'm getting low on licenses but the hardware spec's shouldn't have any issues handling it.

Any suggestions, help, chicken sacrifices, etc.. would be greatly appreciated.


This thread was automatically locked due to age.
Parents
  • This proxy crash is not a problem seen here frequently, but there does seem to be an issue that several people have reported in the last month.  I think at least two of the other reports were on VMs.

    First (it's a long shot), try restoring a backup from 9.506 made just before the 507 and 508 Up2Dates were applied.  If that doesn't work, try installing a new VM from ISO using 64-bit SUSE Enterprise Linux.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I'm seeing the same behavior but not within a vm.  I'm running Sophos UTM 9 on my own dedicated Intel box.  Over the years I've seen it happen a single time in 2011, and handful of single times throughout all of 2012, once in 2013, not at all from 2014-2017, and now 281 times in the last month.  SOMETHING is up...  since I'm not running on a virtual machine, is the proposed solution to redo my entire physical machine and restore from a backup prior to the 9.507/508 updates just like the vms?  

  • Honestly, in my case I'm suspecting that it won't fix the problem. When I restored an older backup I had, I then ran into the issue I was having when I was testing out using endpoint protection, so I again had to try and fix that. I'm not convinced that whatever caused that to start with, wasn't the original issue - so a restore would be from months back. And since this is a home firewall... I'm not exactly doing tickets and change logs on it :)

    Based on the suggested fix, the only course I can see as fixing it would be to basically start over from scratch.... which isn't a really fun option to think about.

  • Same Problem here - link: https://community.sophos.com/products/unified-threat-management/f/german-forum/101296/http-proxy-restarted-on-9-508-10/370441#370441

    We need a fix for this problem, maybe sophos can throw a minor update as a quick-win against this show-stopping situation.

Reply Children
No Data