This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUM fail to connect on 8194

I have a SUM server connected several thousands of clients, in command netstat -an , I can see lots of clients have established the connection to this server on port 8194

C:\Users\winsvruser>netstat -an | findstr :8194
  TCP    0.0.0.0:8194           0.0.0.0:0              LISTENING
  TCP    10.116.218.56:8194     10.12.24.32:52781      FIN_WAIT_1
  TCP    10.116.218.56:8194     10.12.46.33:65403      ESTABLISHED
  TCP    10.116.218.56:8194     10.13.19.149:53312     ESTABLISHED
  TCP    10.116.218.56:8194     10.14.110.31:52731     ESTABLISHED
  TCP    10.116.218.56:8194     10.16.205.2:55731      FIN_WAIT_1
  TCP    10.116.218.56:8194     10.26.82.159:61126     ESTABLISHED
  TCP    10.116.218.56:8194     10.27.51.31:54096      ESTABLISHED
  TCP    10.116.218.56:8194     10.27.82.15:57170      ESTABLISHED
  TCP    10.116.218.56:8194     10.27.82.31:50926      ESTABLISHED
  TCP    10.116.218.56:8194     10.27.97.31:58211      ESTABLISHED
  TCP    10.116.218.56:8194     10.27.203.51:53286     ESTABLISHED
  TCP    10.116.218.56:8194     10.30.67.47:59904      ESTABLISHED
  TCP    10.116.218.56:8194     10.30.78.31:51429      ESTABLISHED
  TCP    10.116.218.56:8194     10.30.113.21:53755     ESTABLISHED
  TCP    10.116.218.56:8194     10.30.162.72:61626     ESTABLISHED
  TCP    10.116.218.56:8194     10.30.162.113:49742    ESTABLISHED
  TCP    10.116.218.56:8194     10.32.36.25:59584      ESTABLISHED
  TCP    10.116.218.56:8194     10.35.44.31:57023      ESTABLISHED
  TCP    10.116.218.56:8194     10.35.222.66:59997     ESTABLISHED
  TCP    10.116.218.56:8194     10.37.116.246:52857    ESTABLISHED

but if I try to test the port on local , the port cannot be connected:

C:\Users\winsvruser>telnet 127.0.0.1 8194
Connecting To 127.0.0.1...Could not open connection to the host, on port 8194: C
onnect failed

I want to know why this happen? This problem still exist even I reinstall the sum client or OS . 

Thanks.



This thread was automatically locked due to age.
Parents
  • Hello BenkitShi

    Have you solve this issue ? it also happens to me after i change our existing router (act as GW of SEC).

  • Hello oki.herdian,

    the original poster described that the server apparently could not connect to itself. The post doesn't mention the preceding issue that lead to this test in the first place.
    Is it indeed that the server can't connect to itself but the endpoints can or are the endpoints unable to connect to the server? What is the issue that caused you to investigate?

    Christian

  • I have seen an issue with the Direct Access role in single NIC mode where the local Sophos Agent process can't connect to the local router process on 8194 using the IP address in the IOR which has to be the name/IP as the server.  

    Note: The IOR can't contain the loopback or anything that resolves to the loopback address.

    Direct Access uses the port range: 6000-47000

    Just using, with PythonV2:

    python -m SimpleHTTPServer 5999

    vs

    python -m SimpleHTTPServer 6000

    You can see the issue (in that you can't connect to 6000 but 5999 will) but you can remove a few ports from this range for RMS using the Powershell command:

    Set-NetNatTransitionConfiguration –IPv4AddressPortPool @("10.0.0.1, 6001-8097", "10.0.0.1, 8099-47000")

    Changing the IP as required.

    Regards,

    Jak

Reply
  • I have seen an issue with the Direct Access role in single NIC mode where the local Sophos Agent process can't connect to the local router process on 8194 using the IP address in the IOR which has to be the name/IP as the server.  

    Note: The IOR can't contain the loopback or anything that resolves to the loopback address.

    Direct Access uses the port range: 6000-47000

    Just using, with PythonV2:

    python -m SimpleHTTPServer 5999

    vs

    python -m SimpleHTTPServer 6000

    You can see the issue (in that you can't connect to 6000 but 5999 will) but you can remove a few ports from this range for RMS using the Powershell command:

    Set-NetNatTransitionConfiguration –IPv4AddressPortPool @("10.0.0.1, 6001-8097", "10.0.0.1, 8099-47000")

    Changing the IP as required.

    Regards,

    Jak

Children
  • Hello Jak,

    In my case, endpoint agents in both segment (same segment and different segment) is failed to connect using 8194 only, is your advice applicable to our case ? because it's been almost 15000 agents here, and i just worry if there's any config changes, it will affect other services.

    Thanks 
    Oki