DO NOT INSTALL 9.703-2!!!

DO NOT INSTALL 9.703-2!!!

My lab system was Up2Dated to 9.703-2 Thursday evening at 10PM CDT (UTC -0500) and all connection with the outside world immediately stopped.  My local connection would work normally a few minutes at a time and then everything would lock up for a few minutes.  I could not identify the problem with top, but did see a lot of zombie confd processes.  I lost the entire day of Friday because my wife has a big project due next week and was working via Microsoft Teams all day with her colleagues.

I will suggest to Sophos that the file be removed from the ftp site. Grumble.

Cheers - Bob

Parents
  • Hmmm Sophos is still rolling this update to the firewalls, just got mails from several UTM's that the fw is ready for install....

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer 9.5
    Sophos  XG  Certified Engineer 17.1
    Homelab: 1 x SG210 XG v18 - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

  • Today, I can report ugly behaviour from 9.703 UTMs, high CPU usage (before during normal activities 7-15%, now always up to 55% with our SG210.

    Sluggish internet access, sometimes minutes with no DNS / Web like something is "stuck"

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

  • What about system-log and fallback-logs?! ;)

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer 9.5
    Sophos  XG  Certified Engineer 17.1
    Homelab: 1 x SG210 XG v18 - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

  • You mean me looking at that?

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

  • Yes :-)

     

    I have upgraded the devices i have in my lab, no issues at all, but I can see that others are seeing the same, I just wonder what could be wrong.

     

    Often the system log and fallback logs are good places.

     

    Coud you post how they look maybe?

     

    Think many people hear are curious on what the h... is wrong with the update.

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer 9.5
    Sophos  XG  Certified Engineer 17.1
    Homelab: 1 x SG210 XG v18 - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

  • Here they are, these are from the SG210 that jumped to unusual 55% percent CPU usage, while being in lox 7%-15% range normally.
    I see strange ntpd things, why is this creating interfaces all the day?

     

    system-logfiles_20200416125538.zipfallback-logfiles_20200416125737.zip

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

  • Definately something going on with your interfaces, mine does not have all theese:

     

    2020:04:16-00:15:29 fw ntpd[5124]: Listen normally on 69 eth3 xxx.xxx.xxx.xxx:123
    2020:04:16-00:15:29 fw ntpd[5124]: Deleting interface #68 eth3, xxx.xxx.xxx.xxx#123, interface stats: received=0, sent=0, dropped=0, active_time=32 secs
    2020:04:16-00:15:29 fw ntpd[5124]: new interface(s) found: waking up resolver

     

    What does Self monitoring show?

    ----

    Best regards Martin ;-)

    Sophos UTM Certified Engineer 9.5
    Sophos  XG  Certified Engineer 17.1
    Homelab: 1 x SG210 XG v18 - 3xAPX530 - 1 x SG210 v9.7 - 1 x UTM 220 v9.7 - 1 x SG135 v9.7 (All Fullguard Plus licenses)

  • Selfmonitoring as of  today (complete log)

    2020:04:16-10:34:39 fw selfmonng[4722]: I check Failed increment afc_running counter 1 - 3
    2020:04:16-14:24:35 fw selfmonng[4722]: T Global skip state now 'ON'
    2020:04:16-14:26:15 fw selfmonng[4561]: T Selfmonitor Daemon successfully started
    2020:04:16-14:26:15 fw selfmonng[4561]: T Loading Selfmonitoring Checks complete  new=93 failed=0 retained=0 dropped=0
    2020:04:16-14:26:30 fw selfmonng[4561]: I check Failed increment dnsresolver_running counter 1 - 3
    2020:04:16-14:26:45 fw selfmonng[4561]: T read config file '/etc/selfmonng.conf'
    2020:04:16-14:26:45 fw selfmonng[4561]: I check Failed increment service_monitor_running counter 1 - 3
    2020:04:16-14:26:50 fw selfmonng[4561]: I check Failed increment pluto_running counter 1 - 15
    2020:04:16-14:26:50 fw selfmonng[4561]: I check Failed increment starter_running counter 1 - 3

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

Reply
  • Selfmonitoring as of  today (complete log)

    2020:04:16-10:34:39 fw selfmonng[4722]: I check Failed increment afc_running counter 1 - 3
    2020:04:16-14:24:35 fw selfmonng[4722]: T Global skip state now 'ON'
    2020:04:16-14:26:15 fw selfmonng[4561]: T Selfmonitor Daemon successfully started
    2020:04:16-14:26:15 fw selfmonng[4561]: T Loading Selfmonitoring Checks complete  new=93 failed=0 retained=0 dropped=0
    2020:04:16-14:26:30 fw selfmonng[4561]: I check Failed increment dnsresolver_running counter 1 - 3
    2020:04:16-14:26:45 fw selfmonng[4561]: T read config file '/etc/selfmonng.conf'
    2020:04:16-14:26:45 fw selfmonng[4561]: I check Failed increment service_monitor_running counter 1 - 3
    2020:04:16-14:26:50 fw selfmonng[4561]: I check Failed increment pluto_running counter 1 - 15
    2020:04:16-14:26:50 fw selfmonng[4561]: I check Failed increment starter_running counter 1 - 3

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

Children
No Data