XG Firewall v18 MR-3: Feedback and experiences

Hi all,

Shall we start this new thread with the looks and feels of XG v18 MR-3?

community.sophos.com/.../xg-firewall-v18-mr3

Parents
  • Still seeing traffic drops in MR-3.

    We have two sites that definitely have/had this issue. One has been OK for a week since its MR-3 upgrade but as it seems to have been a bit intermittent, I'm reserving judgement. The other we have only just been made aware of and is already running MR-3. Apparently they have has the issue since the unit was installed a few weeks ago but have only just mentioned it.

    We setup trace route monitoring and within an hour saw the XG drop traffic for over two minutes before it recovered.

    Several other people reported this issue with MR-1 in the MR-3 thread. How has your experience been with MR-3? I was really hoping that the cause of this would be fixed. Looks like I will have to suffer Sophos support to get it looked at.

  • Had the same problem on a XG210 HW v3, had to revert to MR1-396.
    Intermittent ping reply between zones LAN/DMZ/VPN. Active Directory replication got too strange and a DAG Exchange Cluster got failed with server behing XG210 being considered offline.
    Other 2 appliances on different hardware doesn't seem to be affected but restored everything to the MR1-396 and suddenly all services started working well.

  • Had the problem at two sites (out of four total) with MR1-396. Seems to have stopped with MR-3 at one site but the other still has multiple drops a day lasting 2-3 minutes. Opened a support case but 24 hours in still no response.

  • Do you use STAS? Sounds like the log off detection (STAS Quarantine) is hitting in your case.

    https://support.sophos.com/support/s/article/KB-000035623?language=en_US

    If you use STAS, select:

     

    If this is not matching your Issue. Please open another Thread to keep the visibility here. 

    __________________________________________________________________________________________________________________

  • Thanks . I clearly don't learn because you resolved exactly the same problem for me at our own site about a year ago. Now made big notes on our STAS documentation. I find it difficult to understand why the default is 'yes'. It is more secure but who on earth would want to have their internet traffic stopped for a couple of minutes every few hours? Had only one drop in nearly a week. That was after an IPS definition update so i suspect a different issue and am monitoring to see if that is a recurring problem. Will follow up in a new post if it is.

Reply
  • Thanks . I clearly don't learn because you resolved exactly the same problem for me at our own site about a year ago. Now made big notes on our STAS documentation. I find it difficult to understand why the default is 'yes'. It is more secure but who on earth would want to have their internet traffic stopped for a couple of minutes every few hours? Had only one drop in nearly a week. That was after an IPS definition update so i suspect a different issue and am monitoring to see if that is a recurring problem. Will follow up in a new post if it is.

Children
No Data