This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG650 SSL VPN & Webadmin periodically unstable

Hi,

In our HQ we have two SG650 (UTM 9.510-5) setup in HA (hot standby).

For many months we have periodically experienced that our SSL remote access VPN & site-to-site SSL VPN stops working and webadmin becomes unstable to the point where we can't login.

 

What usually helps is SSH'ing into our UTM and restarting httpd (/etc/rc.d/httpd restart) - sometimes we even have to restart one or both of the UTMs.

 

Our Sophos supplier/partner and Sophos support have looked into this without finding a solution.

 

What we have tried:

Upgraded UTM version

Upgraded UTM boxes (used backup from our old Sophos UTM...)

Turned on more extensive logging

 

Have any of you experienced this and if so what was the solution?

 

A little more about our setup:

- 2 SG650 (UTM 9.510-5) setup in HA hot/standby with Fullguard license

- 11 SSL site-to-site VPN connections to other Sophos UTM/XG boxes

- 4 IPSec site-to-site VPN connections to other Sophos UTM/XG boxes

- 20 RED devices

- 100+ Sophos APs

- Many SSL remote access VPN users

 

Thanks.



This thread was automatically locked due to age.
Parents
  • Hey Vilhelm and welcome to the UTM Community!

    "our SSL remote access VPN & site-to-site SSL VPN stops working" - Do you mean that all SSL VPN services suddenly stop simultaneously? 

    "webadmin becomes unstable to the point where we can't login." - Again, is this suddenly, or do you see declining capability and then another admin can not login?

    1. Does top show that any particular service is using an inordinate amount of CPU cycles or RAM?
    2. Does ifconfig show that any interface has errors?
    3. If you change AV scanning to single using Avira, does the situation change?
    4. What about single to the Sophos AV engine?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hey Vilhelm and welcome to the UTM Community!

    "our SSL remote access VPN & site-to-site SSL VPN stops working" - Do you mean that all SSL VPN services suddenly stop simultaneously? 

    "webadmin becomes unstable to the point where we can't login." - Again, is this suddenly, or do you see declining capability and then another admin can not login?

    1. Does top show that any particular service is using an inordinate amount of CPU cycles or RAM?
    2. Does ifconfig show that any interface has errors?
    3. If you change AV scanning to single using Avira, does the situation change?
    4. What about single to the Sophos AV engine?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi BAlfson and thank you! :)


    "our SSL remote access VPN & site-to-site SSL VPN stops working" - Do you mean that all SSL VPN services suddenly stop simultaneously?
    Webadmin first becomes unresponsive and also remote access VPN doesn't work.
    Then after a few hours site-to-site SSL VPN & RED stops working too. Sometimes email also...

     

    "webadmin becomes unstable to the point where we can't login." - Again, is this suddenly, or do you see declining capability and then another admin can not login?
    This happens suddenly and then no admin can login - SSH works but last time this happened SSH stopped working too. The webadmin page loads slowly and we can sometimes enter our credentials and then the site hangs and asks if we want to wait another 30 seconds.

     

    1. Does top show that any particular service is using an inordinate amount of CPU cycles or RAM?
      Everything looks normal and CPU/RAM is not high
    2. Does ifconfig show that any interface has errors?
      We will check this next time this happens
    3. If you change AV scanning to single using Avira, does the situation change?
      We are using dual scan - will try single scan. Is it only Web Protection which uses AV scan?
    4. What about single to the Sophos AV engine?
      We are using dual scan - will try single scan. Is it only Web Protection which uses AV scan?

    We have an agreement with Sophos support that next time this happens we will call them and they will log into our UTM.

  • Great response, Vilhelm,

    2. You can run ifconfig now to see if there's been a problem.

    3&4. Web Filtering, FTP Proxy and Mail Protection.

    5. (new) When there's a problem with things connected with the External interface, is access possible over another interface?

    I would grant 2 month access to Support and get a case open now.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA