I am a network admin for a small company with 3 physical hosts. I recently switched to a virtual Sophos UTM firewall and have been having issues with losing connectivity on everything that shares the physical adapter with my Sophos UTM appliance.
I can migrate my Sophos UTM appliance to a different host and after about a week the physcial NIC that is tied to it's internal interface starts dropping all traffic again. I have tried different physical adapters, different cords, and different physical switches. I currently have a support ticket open with both Sophos and VMware.
Most recently VMware is saying that it is Sophos. They did two separate packet captures, one was at stage 0 and they were able to capture packets and we discovered that two VMs on the same virtual switch can communicate. The other was at stage 1 and it doesn't show any packets at all. When I had time to restart my physical host everything came back up good. Based on that VMware said "Please engage Sophos UTM team and review the configuration for any IOChain activity leading to blocking the traffic on the NIC."
I just got off the phone with Sophos for the first time since I passed that information along to them and they are saying their VM is not receiving packets which means it is a physical issue/VMware since it is a virtual machine. He agreed to pass the information along to higher people in their support staff, but seemed to indicate he strongly believed it was not their issue.
So right now I have VMware pointing at Sophos and Sophos pointing at VMware. Does anybody know if there is some log if my Sophos firewall is telling VMware to drop traffic on the physical NIC, or a command to view possible settings there? Currently every time this happens the only confirmed fix I have is to restart my entire host. I am just trying to not reboot my host every week because of this issue.
Thanks if advance for any help.