Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 1546 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Synchronization issues after installing Ubiquiti USG-Pro4

Jim Walls

We recently installed an Ubiquiti USG-Pro4 in our environment and are finding that our Sophos SafeGuard Endpoint clients are able to connect to our SGN Server but they are not synchronizing.

They are unable to receive new Keys, Policies and I assume Certificates (No changes there as of now).

Using the SGNCSCC utility we show that all is well.

The USG is setup with minimal changes at this point - just those needed to integrate into our network at a functional level.

 

Does anyone have any experience with Ubiquiti/Sophos combinations or ideas in general?



This thread was automatically locked due to age.
  • 0

    Sorry to hear this...what a nightmare! Is every single client affected, and how many? Is there a mix of Win/Mac?

     

    The communication with the server is done with SSL, so something must now be interfering with this.

     

    I would first check the Server - When did the affected clients last "talk" to the server? Does the client also have the same information?

     

    I would then crack open Wireshark and see what's happening to the traffic - Where does it get to? 

     

    Can you confirm that the ONLY thing that has changed is this new USG?

     

    Sadly a quick Googley would indicate that SSL blocking is not uncommon on the Ubiquiti USG's.

     

    https://community.ui.com/questions/SSL-errors-on-random-websites-with-USG/b831d830-989b-4105-b551-c3d79a3ebdf7?page=4

     

    Some have suggested making sure the box FW is up to date AND modifying MSS Clamping in that thread at least?

     

    I would also open a call with Ubiquiti. My own experience of their support is not that great, but worth doing anyway - I'm confident it's their appliance causing this issue!

     

    Good luck and keep us updated....

  • 0 in reply to MichaelMcLannahan

    All clients are Windows 7 or Windows 10 pcs.

    Each Client appears to successfully connect to the server upon Startup.

    Checking the STATUS display

    There synchronization does not proceed - either automatically or with a manual attempt.

    I do see communications between the server and my pc when I attempt a manual sync. - plus other traffic.

    However I am a noob when it comes to wireshark and am less than adept at deciphering the readouts.

    Client machines have received varying updates from Microsoft - the server has not.

    Due to the difference in OS - the updates are not necessarily the same.

    There has been no change on the server in respect to SSL that I can determine.

    As far as hardware in the environment - we removed the Sophos XG 85 and Netgear Router and replaced with the USP Pro 4.

    And yes, I am inclined to believe the problem is the USG in some way.

     

    I have opened a ticket with Ubiquiti - no response yet.

  • 0 in reply to Jim Walls

    Status update..

    Have been working with Ubiquiti and we have ruled out, it seems, that the Ubiquiti USG is blocking any traffic between the clients and the SGNSRVR .

    This leaves me with issues possibly arising from the firmware updates on the Ubiquiti switches or it has nothing to do with the Ubiquit HW changes at all.

    Which then puts me on the path of Microsoft Update issues perhaps.

    Maybe.

    Sophos SafeGuard itself does not appear to have had any changes made during the time frame involved as far as I can determine.

     

    If its Microsoft - ugh.

Unfiltered HTML