Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/support/help/en-us/index.html?contextId=rma-process

RMA process

The return merchandise authorization (RMA) process includes identifying the device failure, gathering the required device information, submitting a case to Sophos Support, shipping the replacement device, transferring the license, and returning the faulty device.

Identifying the device failure

Gather the information based on your device failure. The common reasons for device failure are as follows:

Complete power failure or dead on arrival (DOA)

The device doesn't turn on when you press the power button.

Gather the following information:

  1. The purchase date of the device (approximate).
  2. When you turn on the device, what is the status of the power LED and HDD LED?

  3. When you turn on the device, do you hear a single beep?

    Note

    This doesn't apply to XGS devices.

  4. Have you tried a different power cable and a different power outlet socket?

  5. If your device has a dual power supply, does it turn on when you use the other power supply input?
  6. If your device supports a hot-swappable power supply, does it turn on when you use a different power supply?
  7. We recommend you take a video or picture of the device failure and submit it to the support case for faster RMA approval.
The device turns on but doesn't boot up. The GUI, CLI, and console aren't accessible.

When you turn the device on, there's an error on the console or the HDMI or VGA output, and the GUI isn't accessible.

Gather the following information:

  1. Can you access the device via HTTPS or SSH from the LAN and WAN?
  2. Were any changes made from the GUI, CLI, or was there any other activity before you lost access to the device? Describe the changes made before the incident.

  3. Is there a beep sound while the device reboots?

    Note

    This doesn't apply to XGS devices.

  4. Does the device respond over the serial console? If not, did you connect it directly via the provided serial cable (DB-9 serial port), USB converter cable (serial to USB converter), or the micro-USB serial console cable (the latest XG/XGS devices may have this console port)? Do you see the device under the device manager of the endpoint device without any errors related to the driver? Do you see any other errors for that connection?

    Note

    Make sure that the baud rate is set to 38400 and the device status over the console has been verified multiple times at different intervals.

  5. (Optional) If the device isn't responding over the serial console, try connecting it with any other system via serial connection to confirm the console connectivity status of the device.

  6. If you observe any errors in the console connection, take a snapshot and upload it during case submission.
The device port or interface isn't working.

The interface status is Disconnected even though it's physically connected to the network.

Gather the following information:

  1. What is the port LED status when the cable is connected? We recommend that you take a picture of the port LED status.

  2. Check the interface status. Access the device via SSH and enter 4 to select Device Console. Run one of the following commands:

    show network interfaces or ifconfig -a

  3. Access the device via SSH, enter 5 to select Device Management, and enter 3 to select Advanced Shell. Run the following command:

    tail -f /log/syslog.log

    Connect the cable to the problematic port. If you observe any errors or log lines, save the logs.

  4. Do a port test and ensure the cable is connected to the problematic port. Do as follows:

    1. Access the device via SSH, enter 5 to select Device Management, and enter 3 to select Advanced Shell. Run the following command:

      ethtool -t Port<number>

      Optionally, you can also run the ethernet card test. See Sophos Firewall: Test the ethernet card.

      Warning

      The ethernet card test requires downtime.

    2. Connect the problematic port with another functional port on the same firewall and run the following command in the advanced shell:

      ethtool -t Port<number>

      Example

      ethtool -t Port1

    3. Connect the problematic port to an endpoint computer. Follow step 1 to check the interface status.

    Note

    XGS devices don't support port test.

  5. Change the cable used to connect the problematic port. Follow step 1 to check the interface status.

  6. Change the interface duplex and speed settings to validate the status of the port or interface connection. Access the device via SSH and enter 4 to select Device Console. Run the following command:

    set network interface-speed Port<number> speed [1000fd | 1000hd | 100fd | 100hd | 10fd | 10hd | auto ]

    Example

    set network interface-speed Port1 speed 1000fd

  7. (Optional) Insert an unmanaged switch between the firewall and an endpoint computer. Follow step 1 to check the interface status. If it shows as Disconnected, follow steps 5 and 6 after adding the switch.

  8. Access the device via SSH, enter 5 to select Device Management, and enter 3 to select Advanced Shell. Run the following command:

    tail -f /log/syslog.log

    Save the logs.

Include all the results in the support case.

Submitting a case

  1. To submit a case, copy and paste the RMA form below to a text file, fill it up, and save it.

    RMA form:

Please complete the form below (Please fill in all the parameters):

=====================================
Technical Issue
======================================
Description/RMA Reason: [ ]
Fault Code:
Sub Fault Code:
======================================
Defective Product Details/License Details
======================================
Model/Product:
Revision:
Firmware version:
Serial # of faulty device:
License #: (was used in the faulty device)
Dead on arrival: Y/N
Is this part of a HA Cluster: Y/N
======================================
Shipping Info (All fields required):
======================================
Company:
TAX ID #: (EU countries, Brazil, and India)
Name:
Address:
City:
Zip/Postal code:
Country:
Phone:
Email:
Special Instructions:
======================================

    Warning

    The TAX ID is required for tax reporting purposes. We can't ship a replacement device without this number.

  2. Create and submit a technical support case. Include the RMA form and the information gathered from your respective device. See Create a Technical support case.

Sophos Support will review and validate the information provided and may contact you for further diagnosis if necessary.

Shipping and shipment status

The Customer Care team provides an RMA case number when the RMA is approved. The RMA team reviews the regulatory requirements to comply with export compliance regulations worldwide. Once the RMA has cleared the regulatory requirements, a replacement is dispatched from the regional RMA center as soon as possible.

Note

There might be delivery delays for a few regions due to export compliance checks.

Once the package is shipped, an email notification with the shipment tracking number and the regional RMA team's email address is sent to you.

Contact your regional RMA team for shipment status inquiries. See RMA centers.

Transferring the license

Once you receive the replacement device, check if the model and revision are correct.

To transfer your license to the replacement device, see Claim a device and transfer the license.

If your device is in a high availability (HA) setup, see HA license transfer and HA license transfer steps.

Optionally, you can restore your backup configuration to the replacement device. See Backup and restore.

Returning the faulty device

Once you transfer your license to the replacement device, you must return the faulty device to us.

  • A return shipping label is included in the replacement box or sent to you via email. There's also an instruction letter on how to contact and return the device to us.
  • The return shipping is free.
  • The replacement device doesn't come with accessories. You must remove any accessories from the faulty device, such as transceivers, connectivity or flexi port modules, rack mount kits, power supplies, and power cords.
  • We recommend you pack the faulty device using the same box as the replacement device.

  • You must return the faulty device within 15 days of receiving the replacement device. If we don't receive the faulty device within 15 days, or any components or parts are missing upon return, we have the right to do as follows:

    • Send you an invoice at the manufacturer's suggested retail price (MSRP) value of the replacement device or charge you for the missing components or parts.
    • Suspend the subscription transfer from the faulty device to the replacement device.

  • The RMA case is considered closed once we receive the faulty device at the RMA center.

More resources