When using packet capture in Sophos XG the graphical user interface hangs sooner or later. Besides the normal firewall log that comes in handy when finding packets that are either being allowed or blocked, Sophos XG also has a very good packet capture tool inside the GUI. With this tool you can granularly dive into each individual packet if needed to see what is really going on.
There is however one flaw that still exists in version 18.0.4 MR-4 of the XG firewall. To my experience it is almost a guarantee that the Sophos XG GUI will completely hang at some point.
Luckily it’s just the GUI and traffic will continue normally, however you can’t do anything anymore in the GUI.
Pulling the plug and restarting the firewall is one solution that solves this issue, but it will inevitably disrupt your connections. The quickest way to restore when Sophos XG hangs is by restarting the Tomcat service.
Restarting the Tomcat service when Sophos XG GUI hangs
You can restart any service from a remote shell. To be able to use it you must have set up a remote shell before from the GUI.
Once you have set it up, connect your SSH-client (PuTTY is a good Windows client) and connect to the XG-firewall. After logging in choose option 5 (Device Management) followed by option 3 (Advanced Shell) then type in the following command:
service tomcat:restart -ds nosync
If everything works out, you will get a ‘200 OK’ message indicating that the service has restarted. You can then almost immediately connect back to the GUI (but you will have to logon again).
If that is not possible because you didn’t set up SSH-access beforehand, than you can also just wait. Usually after a couple of minutes the situation will restore itself.
If you find this post interesting, you may also like my other posts about Sophos XG.