This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

intermittent firewall connection

Hi,

We recently deployed a brand new Sophos XG115W with the latest firmware SFOS 18.0.3 MR-3 but for some reason everyday the customer has to reboot the firewall and connection will be restored. I checked the events and nothing shows up except the attached screen capture

Sophos support really slow in responding and not a good impact for a new sophos admin like me. This is the first time our team decides to use Sophos for Customers.

Thanks

Jeff

This thread was automatically locked due to age.

Top Replies

Jeff Co over 3 years ago in reply to LuCar Toni +1 suggested

Ok Sophos support called me yesterday (finally!) and only to find out that this model XG115W has a known issue and the 2nd support was more knowledgeable of this product. He said that the previous tech…

0 Jeff Co over 3 years ago

So on the screen capture above, you'll notice that the heartbeat stopped around 1:15am (Nov 19)
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to Jeff Co

Hello Jeff,

Thank you for contacting the Sophos Community!

Please provide me the Case ID so I can follow-up!

What is the exact issue the customer is experiencing? The device stops processing traffic?

If so please try running this command and monitor if the issue resurfaces. (The command must be run from the Console of the XG, to which you will need to SSH and then press 5>4).

console> system firewall-acceleration disable

regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Jeff Co over 3 years ago in reply to Jeff Co

So the case ID is: 03351988. This case ID basically is asking how to check for system events, because I needed these events for further troubleshooting.

Basically everyday the customer's firewall which we deployed loses it's heartbeat and will disconnect all of them from the internet. It has been straight 3 days where the first thing in the morning as soon as they arrive the office, they notice they don't have a connection and had to call us and the only way to resolve it is we had to ask them to reboot the device. Not sure if traffics stops processing because just like yesterday, the Central Admin report shows it stopped 1:15am.

Can we do remote ssh on this device?

Thanks

Jeff
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to Jeff Co

Hello Jeff,

Thank you for the follow-up!

Yes, you can SSH remotely to the XG.

I would recommend you to create a Local ACL exception, for the Public IP where you are going to be connecting from, so this way you don't have to enable SSH on the WAN publicly.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 3 years ago

Do you have a Display at hand, which the customer can plug in before rebooting the appliance?

So we can better understand, why the appliance hangs.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 Jeff Co over 3 years ago in reply to LuCar Toni

No, the thing is prior to rebooting the device, it still has power/lights on it. FYI, it happened again this morning and they had to reboot to restore the connection. What's frustrating is, this community responds faster than the support/tickets.
Cancel
Vote Up 0 Vote Down

Cancel
0 Jeff Co over 3 years ago in reply to emmosophos

I just noticed a pattern on the logs prior it goes down, every time an AV definition upgrade then it stops there. I will test by turning of AV and see how it goes tom.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 3 years ago in reply to Jeff Co

You should get a display to this device. Because the power LED etc could be on but the appliance could hang in a Boot loop or something like that.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 Jeff Co over 3 years ago in reply to LuCar Toni

Quick question, does the Sophos XG firewall reboots after an AV definition upgrade? I checked the last 5 days of event logs and all shows the same pattern of after an AV definition upgrade, then the logs stops there
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to Jeff Co

Hello Jef,

No, it doesn't reboot!

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel