Hello ABDEEN AJWATH,

how did you install the software? Did you mount the applicable bootstrap location?

Christian

Dear Christian,

Thank you for your response,

yes, I mount the application from bootstrap location. I found following error in sophos-Av logs " MIclient:connectLfailed to get router's from supplied address and port"SAV_diagnose_20180530_114720.zip

Hello ABDEEN AJWATH,

according to the logs in the diagnose archive (BTW: they reveal a publicly resolvable name for the AIX)  the install was on May 29th and it looks like the endpoint not only registered with the management server but also received the AV and the Updating policy which is only possible when the endpoint is assigned to a specific group that in turn is only possible if it is visible. Of course it might have been deleted from the console since then.

The situation shown by the screenshot is some other problem: The endpoint can't connect to the management server though it has been able to do so a week before. It tries at least 192.168.22.167:8192, fe80::c9:d7ae:f3c7:989:8192, and 10.10.125.70:8192 (only the latter could be reached when it worked) what other addresses it possibly tries is in this day's Router log.

To summarize: It was able to communicate and must have been visible. It can't communicate now because it does not get a response on port 8192 for any of the addresses tried.

Christian

Hello ABDEEN AJWATH,

according to the logs in the diagnose archive (BTW: they reveal a publicly resolvable name for the AIX)  the install was on May 29th and it looks like the endpoint not only registered with the management server but also received the AV and the Updating policy which is only possible when the endpoint is assigned to a specific group that in turn is only possible if it is visible. Of course it might have been deleted from the console since then.

The situation shown by the screenshot is some other problem: The endpoint can't connect to the management server though it has been able to do so a week before. It tries at least 192.168.22.167:8192, fe80::c9:d7ae:f3c7:989:8192, and 10.10.125.70:8192 (only the latter could be reached when it worked) what other addresses it possibly tries is in this day's Router log.

To summarize: It was able to communicate and must have been visible. It can't communicate now because it does not get a response on port 8192 for any of the addresses tried.

Christian

Dear christian,

Thank you for your update,

We have three firewall between Sophos server and t Unix agent. we have  opened all required ports (8192.8193.8194) in all three firewall by direction.  when do manual update from agent it taking update successfully,  but the agent is not appearing the console. also when checked the traffic in firewall, we could not get any hit for sophos server and Unix  in the firewall.

I would like to share more description for our setup, we have two sophos update manger (SUM) and one Sophos enterprise console(SE5.5) one SUM is running in HQ site which is SEC.5.5 installed,other SUM is running in DRC site (DRC we are using for only sophos update manager )

The sophos console (SEC.5.5) is running in HQ network, but current unix agent was installed from DRC.

Best Regards,

A.Ajwath

Hello A.Ajwath,

agent is not appearing the console
as said, the logs suggest that it successfully connected on May 29th and must have appeared then and been visible in the console. Was it all the time in the DRC?
The addresses I quoted - are these from the SEC server? Is the DRC SUM configured as message relay?

when do manual update
update is either via UNC or HTTP, both are not related to communication.

we could not get any hit for sophos server
a recent Router log from the AIX machine would help, I assume the addresses involved are private so it wouldn't really leak information (except for, as said, DNS names which potentially resolve to public IPs).

Christian