Since upgrading all our customers to 9.601, a bigger part of them are complaining about RED's re/disconnection in a no-pattern way.
It started for all of them just the night we upgraded to 9.601, and they all are on different ISP's and located different places around the country.
Been with Sophos support for 2 hours today, and now they escalated it to higher grounds.
Will return with an update....
Suspicious entries in the log - but all connected REDs do this before connection:
2019:03:06-15:15:38 fw01-2 red_server: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems
2019:03:06-15:15:46 fw01-2 red2ctl: Missing keepalive from reds3:0, disabling peer xxx.xxx.xxx.xxx
I know the last line is written before the tunnel disconnects, because there was no "PING/PONG" answer...
One customer has 2 x RD 50, one 1 100% stable and the other fluctuates in random intervals - we replaced this with a new RED 50, but the same thing occurs.