Sophos has recently identified an issue where, in certain environments, a memory leak can occur in the HTTP proxy on the UTM. A number of causes have been identified and these have been fixed in the v9.005 release, which will improve the stability of the HTTP proxy for many affected customers. However, we have not yet identified and fixed all possible causes, but investigating and fixing these is a high priority.
This knowledgebase article will help you to identify whether your UTM is exhibiting a memory leak.
Known to apply to the following Sophos product(s) and version(s)
Sophos UTM Software Appliance v9.005
Sophos UTM 625 v9.005
Sophos UTM 525 v9.005
Sophos UTM 425 v9.005
Sophos UTM 320 v9.005
Sophos UTM 220 v9.005
Sophos UTM 100/110/120 v9.005
What To Do
Log into Webadmin and navigate to Logging & Reporting / Hardware. There you will see the Memory Usage (Monthly) Graph.
If after updating to v9.005, you see memory usage continuously increasing, this indicates that you are still affected by the memory leak (see the picture below).
As long as the memory usage doesn't reach 100%, you can work around the memory leak issue without rebooting the device. To do this you need to restart the HTTP service:
- In Webadmin, navigate to Web Protection / Web Filtering / Global
- Click the "disable" and "enable" button. This will restart the HTTP service.
This will clear the memory temporarily.
Note: During the restart process, end users using the web proxy will have their browsing interrupted. The stop/start process should take no more than 30 seconds.
- On devices with less than 4 GB of RAM, if the memory usage reaches 100%, you will have to manually reboot the device in order to address the memory leak.
- On devices with 4 GB or more of RAM, the HTTP-Proxy will segfault* and restart automatically.
* segfault is an abbreviation of segmentation fault.
If you believe that your UTM is experiencing a memory leak, please contact support immediately for assistance.