Excessive Up2Date Traffic

Recently (2-3 days) I've noticed regular periodic spikes of Up2Date traffic. Checking the flow monitor, I see a 5-6MB/s spike tagged  Sophos UTM Upd2Date every 25 seconds. The total (in Top Clients by Application) was 142GB just yesterday.

There's nothing unusual in the Up2Date log. Checks every 15 minutes with the occasional new pattern successfully installed. Nothing in the IPS log either except regular DNS Amplification Attacks every few minutes, but those have been happening for months.

I can't really see any way to debug this from within the firewall. Do I have to put a monitor on the outside interface and run a packet capture?

Thanks as always for suggestions,

Paul

Parents
  • I am having the same issue. It started immediately after updating to  9.706-9. It downloads over 150GB of updates per day and make my internet unusable. Setting pattern updates to manual stops this but that is not a valid solution. Interestingly when set to manual update and the patterns are up to date it still gives you the option to download and install the same version. 

    This makes me think the automatic update is just downloading the same patterns over and over again.

    The added bonus is that since the update to 9.706-9 not a single email has been detected as spam.

    This has to be the most fubar release Sophos has ever let loose, and I have been using UTM since the early days of Astaro.

    Simon

  • UTM Up2Date 9.707 Released. The notes don't address this issue, but I wonder if a new Up2Date would tickle this issue.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Downloaded and installed 9.707 and turned pattern up2date back on.

    Clearly not fixed. As soon as I turn it off again the downloads stop. This is ridiculous. It is downloading new patterns every 30 seconds!
    After 20+ years using Astaro/UTM I am now looking at alternatives for a number of reasons.

  • Hi anybody!


    I have the same problem since the update from 9.705-3 to 9.706-8

    The traffic to Sophos is increasing and the Spamfilter isn't working good.

    Normaly i have about 40 GB on data in a week and know i have about 450 to 940 GB in one week!!!

    A few days ago i have updated to 9.707-5 but there is no change.
    If i chance the update (pattern and firmware) to manuel there is only the normal traffic.

    Is there an other solution?



    regards Peter

Reply
  • Hi anybody!


    I have the same problem since the update from 9.705-3 to 9.706-8

    The traffic to Sophos is increasing and the Spamfilter isn't working good.

    Normaly i have about 40 GB on data in a week and know i have about 450 to 940 GB in one week!!!

    A few days ago i have updated to 9.707-5 but there is no change.
    If i chance the update (pattern and firmware) to manuel there is only the normal traffic.

    Is there an other solution?



    regards Peter

Children
No Data