This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DO NOT INSTALL 9.703-2!!!

DO NOT INSTALL 9.703-2!!!

My lab system was Up2Dated to 9.703-2 Thursday evening at 10PM CDT (UTC -0500) and all connection with the outside world immediately stopped.  My local connection would work normally a few minutes at a time and then everything would lock up for a few minutes.  I could not identify the problem with top, but did see a lot of zombie confd processes.  I lost the entire day of Friday because my wife has a big project due next week and was working via Microsoft Teams all day with her colleagues.

I will suggest to Sophos that the file be removed from the ftp site. Grumble.

Cheers - Bob



This thread was automatically locked due to age.
Parents
  • Ugly.  I was unprepared for disaster recovery with my wife working from home.  I found out that my USB stick that hadn't been used in over a year was dead as was the monitor connected to the UTM that hadn't been turned on probably since I replaced the computer several years ago.  Oh, and I was reminded that my client that borrowed my portable DVD burner had never returned it.  Here's an extract from the case I have open with Sophos Support...

    My initial attempt to fix this problem was to restore from a backup made automatically the morning before the 9.703 Up2Date was applied.  That had no effect, so I rebooted the UTM (a UTM 320 running as a generic PC).  Again, the problems continued.

    Note: I don't remember if I changed /etc/asg five years ago after installing an ssi ISO or if I changed it before installing an asg ISO.  That might be something to test: https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/10917/asg-425-display-with-homelicense/32959#32959

    First, more description of the situation.  Both Reporting and the logs showed that there was no more traffic on the External interface after the reboot following the application of the Up2Date at 22:00 local time on 09 April.

     

    Something was causing things to lock up for several minutes and then work for several minutes.  I decided that I would capture all of the logs from 2020 using WinSCP.

    When the "lock" was on:

    1. I couldn't log into WebAdmin, or, if already logged in, could do nothing or, if something had been started, it was hung.  The same was true with WinSCP.
    2. When trying to ping my laptop from the console, I got a message that the action was not allowed (sorry, don't remember the exact wording) or that the network was unreachable.  I couldn't even ping 10.x.y.34, the IP of the Internal interface.
    3. From my laptop, I got something like "Not found" when I tried to ping 10.x.y.34.

    Strangely, top on the console continued running.  I was surprised that there were so many confd zombies.  Another big user of CPU was mdw - which made no sense to me as I was changing nothing.  At one point, during a lock, I noticed httpproxy take 95% of one CPU, so I waited for WebAdmin to be responsive again and disabled Web Filtering and Snort.  That made no difference and the lock-work cycle continued.

    Finally, I was able to get all of the 2020 logs from /var/log, re-imaged with 9.702 (asg ISO) and restored from backup.  All is now running normally as it was prior to installing 9.703.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    Thanks for a thorough walthrough of your isses.

    I installed 9.703 when it came out on 1 SG 210, and have not seen anything yet, regarding issues - no explosions.

     

    I run it as ASG (Software) on the appliance to use the home / partner license :)

     

    Looking forward to hear your feedback ;)

    Happy easter ;)

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer 9.5
    Sophos  XG  Certified Engineer 17.1
    Homelab: 1 x SG210 XG v18 - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

Reply
  • Hi Bob,

     

    Thanks for a thorough walthrough of your isses.

    I installed 9.703 when it came out on 1 SG 210, and have not seen anything yet, regarding issues - no explosions.

     

    I run it as ASG (Software) on the appliance to use the home / partner license :)

     

    Looking forward to hear your feedback ;)

    Happy easter ;)

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer 9.5
    Sophos  XG  Certified Engineer 17.1
    Homelab: 1 x SG210 XG v18 - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

Children