Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weird UTM freezes randomly approximately once a day ...

I have experienced a strange lockup on my "new" UTM box, but I checked log files and they don't reveal anything, just a bunch of weird characters ...

2023:03:16-01:32:01 escape75 /usr/sbin/cron[25494]: (root) CMD (  nice -n19 /usr/local/bin/gen_inline_reporting_data.plx)
2023:03:16-01:35:01 escape75 /usr/sbin/cron[25649]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
�����������������������������������������������������������������������������������������������������������
2023:03:16-09:03:10 escape75 syslog-ng[4942]: syslog-ng starting up; version='3.4.7' 2023:03:16-09:03:12 escape75 ddclient[5361]: WARNING: cannot connect to checkip.dyndns.org:80 socket: IO::Socket::INET: Bad hostname 'checkip.dyndns.org' 2023:03:16-09:03:24 escape75 system: System was restarted



So,- I've been running the software version of UTM (9.714) on my old unit (an XG115 r2) for a couple of years without any issues,
and recently I have migrated my saved config over to a new unit (XG115 r3) and a few hours after setting up the new unit (at night)

it froze up, and interfaces were not pingable (LAN) so I powered it down and rebooted. It's working again ...

Just wondering if there's something more I can look at to see what the issue was .. I have a hunch maybe it was DHCP related,
as my devices on the LAN were renewing the IP addresses and they were not in the table on the new unit, but it's a wild guess,
so if this doesn't happen again then maybe it's nothing to worry about.

I don't know if there would be an issue moving the config file (and license) from the old unit, but I wouldn't think so.

The new unit was installed the same way as the old unit, using the ssi-9.714-4.1.iso file and removing the /etc/asg with a software license,
and the old unit hasn't experienced any weird issues in years, and the ethernet ports and devices are setup in an identical way, nothing changed.

Just looking for thoughts and ideas ...

Stats from top:

top - 11:32:20 up 2:31, 1 user, load average: 0.09, 0.29, 0.25
Tasks: 163 total, 1 running, 160 sleeping, 0 stopped, 2 zombie
Cpu(s): 0.6%us, 0.5%sy, 0.0%ni, 98.5%id, 0.1%wa, 0.0%hi, 0.3%si, 0.0%st
Mem: 3898468k total, 3558768k used, 339700k free, 111124k buffers
Swap: 4194300k total, 112k used, 4194188k free, 1352808k cached

Zombies:

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 18256 0.0 0.0 0 0 ? Z 11:30 0:00 [aua.bin] <defunct>
root 18595 0.6 0.0 0 0 ? Z 11:32 0:00 [confd.plx] <defunct>



This thread was automatically locked due to age.
Parents
  • Hello there!

    Good day and thanks for reaching out to Sophos Community and hope you are well. 

    Wanted to check if this freeze happens often at night? or just a single occurence? 

    If ths happens often I may recommend you to open a support ticket to have this further checked, if just a single occurence we may want to observe and see if this would persist in the future. 

    Have a nice day ahead and thank you for choosing Sophos

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • I have just had another freeze but during the day, again logs show no strange information that I could find ...

    This was not happening with XG115 r2, and only with XG115 r3, and they are running the exact same configuration.
    The unit wasn't very active at the moment it happened, in fact there was no major downloads/uploads.

    It again did not respond to a single push of the power button to initiate a power down, I had to hold the button in.

    I'm wondering if it's somehow related to using configuration from the r2 unit.

    I have in the meantime run disk check via smartctl and it passed, badblocks did not find any issues as well.
    I have also performed a postgresql rebuild just in case,- after doing all that the unit still locked up ...

    Thank you!

  • This reply was deleted.
  • I could re-install using the asg-9.714-4.1.iso instead of ssi-9.714-4.1.iso and removing the asg file,
    but I'm guessing the installation would be identical at least as far as this problem is concerned ...

    I have also just updated to 9.715-3 ...

    Next step would be to re-create my configuration from scratch and run on a more basic config to see if that helps,
    unless there's some further debugging that could be achieved by tech support personnel Slight smile

  • I'd run a disk and memory diag on the hardware before reinstalling again.

  • I have temporarily installed SFOS HW Firmware 19.x SF300, and run both disk and memory checks from sfloader.
    Both tests showed no errors so I think we can rule out any hardware related issues.

    I have now loaded the software version of UTM (asg instead of ssi) and running on my previous config to see what happens ...

Reply
  • I have temporarily installed SFOS HW Firmware 19.x SF300, and run both disk and memory checks from sfloader.
    Both tests showed no errors so I think we can rule out any hardware related issues.

    I have now loaded the software version of UTM (asg instead of ssi) and running on my previous config to see what happens ...

Children
No Data