This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ACC with dynamic IP (DynDNS)

Hello everyone,

I just set up an ACC for testing purposes. The ACC is behind an ASG with dynamic external IP (dyndns enabled).
Remote ASGs loose connection as soon as the dynamic IP of my ACC changes. The remote ASGs are configured to connect to a dns-host object using the dyndns name of the ACC which gets updated without a problem and I can see that the remote ASGs resolve the host-object flawlessly after an IP change. Other things that rely on this object (like access control) work fine. However, this does not change the IP the ASGs try to connect to.
Disabling and enabling central management on those ASGs solves the issue immediately and the ASGs can connect to our ACC without a problem.

Is this "design" or maybe a bug?

Thanks a lot!

This thread was automatically locked due to age.

0 rleibl over 13 years ago

Hi

At this time, the ASG does not respect DNS-Hosts for the connection to ACC. After you connected successfully to the ACC at least once, the ASG does not look up the IP of the ACC again, unless you restart 'Central Management' (as you figured out by yourself).

So just for now, let's call it 'design'.

If you are interested, please contact me directly. I would consider adding this as a feature, and maybe we can test it with your setup.

cheers
robert
Cancel
Vote Up 0 Vote Down

Cancel
0 RFCat_vk_01 over 12 years ago in reply to rleibl

Interesting thread.

I posted this issue as a bug in the ACC 3.000b beta forum. Hasn't received any replies so far.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

In trying a new instance of ACC 3.0 on Amazon EC2, I discovered that this problem occurs with 8.202 as well as 8.103.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 12 years ago in reply to RFCat_vk_01

Interesting thread.

I posted this issue as a bug in the ACC 3.000b beta forum. Hasn't received any replies so far.

Ian

I, too, reported this issue at the end of the beta --- the response was similar. In my case, we were changing the static IP that the ACC server was on, and I ended having to manually restart ACC on every single remote ASG to get them talking again after the IP change (necessitated by an ISP change)... I "chuckle" when I hear this is a "feature request" when other functions on the ASG recognize an IP change via DNS lookup... but that's another story [:)]

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 rleibl over 12 years ago

This issue is fixed with ASG V8.300

The device Agent will now respect changes of the ACC IP address.
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 12 years ago in reply to rleibl

Very cool, looking forward to testing that.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel