While I wait for Sophos "Premium Support" to call me back, I thought I would drop in here with a back story and a couple of questions.
We purchased a SG330 about a year ago, and we haven't been able to use it. Every time we deploy it into production (3 times), things start breaking. The first time we deployed it was July 2015. After configuring and testing it for a couple of months, we deployed it, and we had the typical minor issues you get when you deploy a new firewall. We'd tweak the rules or settings, and all was fine - or so we thought. Later during the day, we had phones start dropping offline randomly. We discovered they would drop off once their DHCP lease was expired and they tried to renew. We checked the DHCP relay settings in the UTM, and they were fine. We checked the logs, and we saw no DHCP traffic (allowed or blocked). Verified our internal->Any->internal->allow rule was at the top and logging traffic. Still no DHCP traffic in the logs. Fine, we'll setup DHCP on the UTM. Reset phones, they start getting IP addresses, and we see DHCP traffic in the logs. A few hours go by, and we start having issues with DHCP renewals again. This time we have workstations that are unable to pull IP addresses. Some get a lease, others do not. Check the logs, and we see that the ones that get a lease show in the logs, but the ones that don't get a lease do not show in the logs. We realize something is wrong, set the DHCP back from server to forward, and engage Sophos support. Long story short, they identify the "cause" as the DHCP clients refusing the offer because the IP address is already in use. I try to explain to them that was the case because of us moving the DHCP services to the UTM, but according to the documentation, their DHCP server pings an IP address before it offers it to a client, so that is not really what's going on since we still had the no lease issue when we used the UTM DHCP server. I showed them that the UTM was having issues with UDP, but they weren't having any of it and closed the case against my protest. We took the UTM out, put our WatchGuard back in place, and had no more issues.
Fast forward to the beginning of April 2016, and upper management is wanting their expensive new UTM installed. Fine, there are a few updates, lets install those and try it again. Maybe those fixed the issue. Nope. Put the updated UTM in place when everything was down, turned on our VMWare servers, and started having issues. The servers would not register with vCenter, but we could control them directly. Called VMWare support (which answered the phone right away), explained the issue, and they identified the problem as the servers were unable to contact the vCenter server on UDP port 900. Once she said that, I swapped out the router, and the servers had no issues registering. Finished up maintenance, and had no more issues.
Fast forward to yesterday, and see that I can install 9.4. Hopefully that's the fix... nope. Call Sophos "Premium Support" and I hang up after an hour and a half of being told an engineer will be with me "as soon as possible." Put the WatchGuard back in place, and call it a night. I'm still waiting for Sophos to call me back from the email I sent them. /rant
TLDR; SG330 has issues with UDP packets, Sophos "support" is helpless, can't use our new UTM
Now to the questions. I see that a factory reset only deletes the configs, clears cache, and removes the logs. How would I go about doing a wipe and reload of the firmware on the SG330? And, where would I go about getting the latest firmware to do that install?
Thanks,
Carl
This thread was automatically locked due to age.
