This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Potential hardware failure alert for SG 125 and SG135 users..Faulty Intel SOC bricking devices.

The c2000 SOC these appliances are based upon have a problem with their internal clocks that upon reboot if the clock has failed the machine is bricked.  intel has quashed just about all direct mention of this by vendors.  However the spike in failures has to deal with c2000 soc based appliances.  The flaw is widespread affecting Cisco, Synology, IX Systems, Netgate systems just to name a few.  All vendors have been denied the ability to mention which soc directly..but folks have managed to verify independently of Intel's blocks that the c2000 chipsets are dying after around 18 months of powered on time.  If the lpc clock fails during powered on time as long as you do not reboot the device will continue to operate.  the instant you reboot(hard of soft) the system bricks.  I have already inquired with Sophos directly about their policies.  Right now it appears they do not have a proactive replacement plan in place.  However if you have a subscription to a support plan(usually included with any kind of paid module) if your device fails they will ship you replacement that's good.  Cisco has carefully worded things that unless you are within their initial 90 days of purchase or you have one of their support contract they will not replace the devices.  Netgate has extended their warranty to 3 years for all devices based on the c2000.  Other vendors have not announced plans.  Keep an eye on your sg125 and sg135 based devices..a reboot wil one day brick them.  If your device is 18+ months old be sure you have a contingency plan in place(HA of some kind) so you can recover quickly while you get your replacement when these devices brick themselves.  This is NOT a Sophos fault but one by Intel.


Please do not go screaming at Sophos as this one is NOT THEIR FAULT.  Intel is hampering things trying to contain the damage by not allowing the vendors to say exactly which chips are hit..but a little self-research makes it very easy to figure out whoe SOC is screwed up and which devices are a time bomb.

This thread was automatically locked due to age.
  • Thanks for bringing this to our attention, William!

    Yesterday at 4PM PST, one hour past same-day shipping from Sophos in California, I got a call from a client in Ohio who was in his office at 7PM his time.  High winds in Ohio had caused a power outage mid-afternoon and he was concerned that he couldn't reach his SG 135 from home after the power came back on just after 6PM.

    I had him unplug the unit to do a hard reboot.  He plugged a monitor in so he could watch it boot, but when the power was plugged back in, nothing appeared on the screen.  There was no disk activity light nor any one other than the blue power light.  The unit was "bricked" just as we were warned.  It had been purchased in April of 2015.

    Today, he will decide whether to connect directly to the Internet with no protection or if their business with over 50 people will be cut off until the replacement arrives tomorrow.  Ouch!

    I had already asked this client and others with potentially-affected devices to consider getting a second unit for Hot-Standby to avoid this scenario.  I've now emailed each of them with the yesterday's sad tale.

    This client had a Rev.1 SG as do my 3 other 125/135 clients without a Hot-Standby.  All with S12002 (125) and S13003 (135) S/Ns.

    My question is this: does this affect only Rev.1 devices or does it also affect Rev.2?  I'll push Sophos to get me an answer to this and return with their response.

    Cheers - Bob
    PS I'll move this thread to the top of the forum for awhile.

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • So does this failure affect also rev 2 devices? I have a sg125 rev2 (january 2017) here...

  • I don't remember, but it would be good to have that answer in this thread.  Please check with your distributor and come back here and let us know.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • To chime into this old conversation, we had multiple "sudden deaths" within the last 2 Months of SG125 and 135 devices. Rev1 was the most, we also had one Rev3 which might be an unrelated issue with this device.



  • we've now had the 2nd faulty SG135 within weeks and now also two SG310 seem to have died the same Death, all rev1. The Sg135 dates from 2015, the SG310 around mid 2017.

  • ...but it seems to be, taht only the atoms would be affected only the 125 and 135...not the sg 2xx,3xx

  • Hi,

    we had one dead SG125 and one dead SG135 this year, both Rev. 2 and both installed 2016.

    bye Josef

    Firewall consultant since 1995
    Astaro consultant since 2001
    Sophos partner since 2012
    BERGMANN engineering & consulting GmbH, Wien/Austria


    Found that 150 Ohm Resistor in a Refurbished SG125 ;)






  • and with that resistor the device is working again?