Recently (2-3 days) I've noticed regular periodic spikes of Up2Date traffic. Checking the flow monitor, I see a 5-6MB/s spike tagged Sophos UTM Upd2Date every 25 seconds. The total (in Top Clients by Application) was 142GB just yesterday.
There's nothing unusual in the Up2Date log. Checks every 15 minutes with the occasional new pattern successfully installed. Nothing in the IPS log either except regular DNS Amplification Attacks every few minutes, but those have been happening for months.
I can't really see any way to debug this from within the firewall. Do I have to put a monitor on the outside interface and run a packet capture?
Thanks as always for suggestions,
Paul
I have found this community-entry:
Please take a look at this KB article.Email Catchrate issue on UTM 9.706 (sophos.com)The issue seems to be limited…
Has anyone got a solution from sophos for the update-traffic-problem?regards Peter
Please take a look at this KB article.Email Catchrate issue on UTM 9.706 (sophos.com)The issue seems to be limited to devices running on old hardware or on KVM/QEMU environments that are configured to suppress advanced processor features.
I have change my virtuel cpu to have ssse3 - maybe this is the solution.
regards peter
Yes, I just got an email from Sophos support confirming this to be our issue. Makes sense as our UTM is running on an old 2002 HP Server box. It spent 10 years as a server, and nearly another 10 as a firewall.
support.sophos.com/.../KB-000042345
Guess we'll have to move it to something newer...
Thank you everyone for your contributions,