This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.601 - RED issues!

Since upgrading all our customers to 9.601, a bigger part of them are complaining about RED's re/disconnection in a no-pattern way.

It started for all of them just the night we upgraded to 9.601, and they all are on different ISP's and located different places around the country.

Been with Sophos support for 2 hours today, and now they escalated it to higher grounds.

Will return with an update....

Suspicious entries in the log - but all connected REDs do this before connection:

2019:03:06-15:15:38 fw01-2 red_server[17509]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems

2019:03:06-15:15:46 fw01-2 red2ctl[12420]: Missing keepalive from reds3:0, disabling peer xxx.xxx.xxx.xxx

I know the last line is written before the tunnel disconnects, because there was no "PING/PONG" answer...

One customer has 2 x RD 50, one 1 100% stable and the other fluctuates in random intervals - we replaced this with a new RED 50, but the same thing occurs.



This thread was automatically locked due to age.
Parents
  • So I had previously switched to the non Unified Firmware for my RED 15s (all my REDs are RED 15s) which helped noticeably but we were still experiencing random dropouts of random REDs.  As of now I have upgraded manually to 9.700-5.  My question is do I need to re-enable/switch back to Unified Firmware or not?

     

    Thanks,

    Tracy 

  • Check the status by going to the command line and issue command "cc get red use_unified_firmware"

    If it returns a 1 then your upgrade has automatically turned the Unified firmware back on. In previous upgrades this was the default behavior. See previous posts in this thread about the best way to perform an upgrade and still retain the old RED firmware on the devices.

     

    Whether or not you "need" to be on the Unified firmware is a matter of choice. I am still seeing people here reporting big problems with the Unified firmware (note Twisters many issues). I am not using the Unified firmware until I am convinced the issues have been completely fixed.

  • Hi all,

    I can confirm the problems with various firmware versions. We lost 7 RED50 devices so far. Most of them during normal operating times and some even during "low load" times during the night. The last RED50 was bricked 2 days ago during the update from 9.700-5 to 9.701-6 - no connection and nothing on the display anymore. 

    This situation is not acceptable, especially as there is no clear statement from the sophos support to the cause of the problem and when it will be fixed. 

    In addition to the RED50 devices we use 4 RED15. They are not affected yet (fingers crossed!). 

     

    Best regards, 

    Falk

  • I have taken all of my RED50 out of circulation, they are horrendous - my RED15W devices seem to work OK (for now).

    The locations where the RED50 were I have had to replace them with UTM SG115W, which is overkill, but they are connected via site-to-site tunnel and at least I can control the updates so that they don't automatically get junk firmware and brick themselves!

    Terrible support on this Sophos, really really bad.

  • James Stoy said:

     

    Terrible support on this Sophos, really really bad.

     
    Totally Agree !!
     
    Two RED50 have been bricked. We replaced them with Red15 on our own to bring the location back, but nevertheless i need a new setup soon, because we want to push VLANs to the Remote-Location which is not very easy with Red15. Also tried to connect via serial connection and there are a lot of errors while the RED50 was booting!
     
    After talking to our partner, what happens now with the open tickets at sophos support regarding this issue, there is no feedback at all from Sophos !!! Now we have thrown them away! 
     
    We have other Tickets open at Sophos Support, regarding WiFi and Mesh Issues e.g. over half a year now! Response time is awfull and they cannot/do not help, always investigating, update to newest firmware, check again, etc. etc. 
     
    We will definetly move away from Sophos in Future! A pity we refreshed our Hardware not long time ago.
  • Hi All,

     

    we have finally found and addressed the route cause of the RED50 failures that we have been seeing. The just-released UTM 9.702 https://community.sophos.com/products/unified-threat-management/b/blog/posts/utm-up2date-9-702-released contains a fixed firmware for RED50 that will resolve these issues. Updating to this firmware will prevent RED50 units of running into this issue in the future and can be applied online for any RED50.

    More details are available in this KBA https://community.sophos.com/kb/en-us/135240

     

    Jan

  • Hello Jan,

    This is good news and I hope that Sophos has finally fixed this issue. We have had assurances of this in the past that did not turn out as advertised.

    My question is whether this fix is in the Unified Firmware or Legacy. I am running 9.603-1 with "Use Unified Firmware = 0" and have been afraid to upgrade or switch to Unified firmware.

    Are you recommending for users to upgrade all the way to 9.702 even with "Use Unified firmware =0" and then turn on Unified firmware?

    I think a lot of RED50 users are running the legacy firmware like me in order to be safe.

  • Hi Jan,

     

    I am wondering, updating to the new firmware on XG, does not trigger a firmware update on the RED, and moreover, the firmware on the RED with 2.0.019 gives this version:

    Linux version 2.6.38.8 (jenkins@kar-nsgci) (gcc version 4.5.4 20110808 (prerelease) (Linaro GCC 4.5-2011.08) ) #1 SMP Tue Sep 3 15:44:53 CEST 2019

     

    UTM 9.7 MR1:

    Linux version 3.18.43 (jenkins@kar-nsgci-node-21) (gcc version 5.4.0 (LEDE GCC 5.4.0 1-433-2023f2ad6-e9f0c31) ) #0 SMP Tue Sep 3 13:59:42 2019

     

    Moreover the firmware with UTM 9.7 MR 2 gives this:

     Linux version 3.18.43 (jenkins@kar-nsgci-node-21) (gcc version 5.4.0 (LEDE GCC 5.4.0 1-442-bdae8a94a-e9f0c31) ) #0 SMP Mon Feb 24 13:32:44 2020

     

    And when you look at the LCD on the RED 50, the boot cycle is way different between the two firmwares, so it looks like it to me , that with XG you do not use Unified firmware?

     

    Could this be because you do not want the XG's image to get hit :-)

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Jan, for XG, as posted before, I wrote that I think XG is not running the Unified Firmware as 9.702 does, and I have noticed that when I on Xg run firmware 2.0.18 and upgrade to 2.0.19 the firmware revision doe snot change, nor does the RED 50 perform firmware upgrade, it just reconnects, here is the log from the XG, is this intetionally ?!?! or an error:

     

    Firmware 2.0.18

    Wed Feb 19 12:50:57 2020 REDD INFO: server: Using RED firmware in /content/redfw/
    Wed Feb 19 12:50:57 2020 REDD INFO: server: RED10 fw version set to 10224R2
    Wed Feb 19 12:50:57 2020 REDD INFO: server: RED15(w) fw version set to 10224
    Wed Feb 19 12:50:57 2020 REDD INFO: server: RED50 fw version set to 10224

     

    Firmware 2.0.19

    Tue Mar  3 12:58:55 2020 REDD INFO: server: RED10 fw version set to 10224R2
    Tue Mar  3 12:58:55 2020 REDD INFO: server: RED15(w) fw version set to 10224
    Tue Mar  3 12:58:55 2020 REDD INFO: server: RED50 fw version set to 10224

     

    ?!?!?

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Further funny evidence :-O

     

     

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Hi  

    Followed up with the team to confirm the behavior.

    • Users who are upgrading and are currently on the legacy firmware will not be forced onto the unified firmware (at the moment).

    Regards,


    Florentino
    Director, Global Community & Digital Support

    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Reply Children
No Data