This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ACC with dynamic IP (DynDNS)

Hello everyone,

I just set up an ACC for testing purposes. The ACC is behind an ASG with dynamic external IP (dyndns enabled).
Remote ASGs loose connection as soon as the dynamic IP of my ACC changes. The remote ASGs are configured to connect to a dns-host object using the dyndns name of the ACC which gets updated without a problem and I can see that the remote ASGs resolve the host-object flawlessly after an IP change. Other things that rely on this object (like access control) work fine. However, this does not change the IP the ASGs try to connect to.
Disabling and enabling central management on those ASGs solves the issue immediately and the ASGs can connect to our ACC without a problem.

Is this "design" or maybe a bug?

Thanks a lot!


This thread was automatically locked due to age.
  • Hi

    At this time, the ASG does not respect DNS-Hosts for the connection to ACC. After you connected successfully to the ACC at least once, the ASG does not look up the IP of the ACC again, unless you restart 'Central Management' (as you figured out by yourself).

    So just for now, let's call it 'design'.

    If you are interested, please contact me directly. I would consider adding this as a feature, and maybe we can test it with your setup.

    cheers
    robert
  • Interesting thread.

    I posted this issue as a bug in the ACC 3.000b beta forum. Hasn't received any replies so far.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • In trying a new instance of ACC 3.0 on Amazon EC2, I discovered that this problem occurs with 8.202 as well as 8.103.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Interesting thread.

    I posted this issue as a bug in the ACC 3.000b beta forum. Hasn't received any replies so far.

    Ian


    I, too, reported this issue at the end of the beta --- the response was similar.  In my case, we were changing the static IP that the ACC server was on, and I ended having to manually restart ACC on every single remote ASG to get them talking again after the IP change (necessitated by an ISP change)... I "chuckle" when I hear this is a "feature request" when other functions on the ASG recognize an IP change via DNS lookup... but that's another story [:)]

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • This issue is fixed with ASG V8.300

    The device Agent will now respect changes of the ACC IP address.
  • Very cool, looking forward to testing that.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.