Learn about the Benefits of Multi-Factor Authentication (MFA) . Turn your MFA on now!
Information: Three minute survey on Exploring more ways to contact Sophos Technical Supportt. If you can spare the time, we would love your feedback!
We'd love to hear about it! Click here to go to the product suggestion community
Long time lurker here...
I tried adding a NIC to my Sophos UTM running under vSphere ESXi 5.1, and that pretty much killed the firewall. I managed to bring it back up by deleting recently added NIC, but the behavior is definitely strange. So now to the explanation of what I observed:
1. Current config: 3 NICs VMXNET3 (eth0, eth1, eth2)
2. Added 4th NIC VMXNET3, rebooted the firewall - eth2 disappeared, new NIC shows up as eth3. So ended up with eth0, eth1, eth3. Firewall is dead.
3. Analyzed boot messages in the log. Here is where it gets funky:
vmxnet3 0000:04:00.0 eth0: NIC Link is Up 10000 Mbpsvmxnet3 0000:0b:00.0 eth1: NIC Link is Up 10000 Mbpsvmxnet3 0000:13:00.0 eth2: NIC Link is Up 10000 Mbps
so it does detect eth2. Then it detects a new NIC eth3
vmxnet3 0000:1b:00.0 eth3: NIC Link is Up 10000 Mbps
and things go haywire:
irqd: eth0 ether (mac address of eth0) <broadcast,multicast> group 0 irqd: rename3 (mac address of eth2) <broadcast,multicast> group 0 irqd: eth1 ether (mac address of eth1) <broadcast,multicast> group 0 irqd: eth3 ether (mac address of eth3) <broadcast,multicast> group 0
Ethernet adapter eth2 gets the name "rename3" and doesn't show up under adapters list in Sophos.
Any Linux gurus who know how to fix it? I'd like to avoid rebuilding the firewall if possible.
I am not sure of the Linux way, but what about reinstall with new hardware and then restore the latest backup. That could be done in about 30 minutes.
Hi and welcome to the UTM Community!
This "smells" like a VMware problem to me. You might make backups of your VMs and re-install VMware.
Cheers - Bob
In reply to BAlfson:
Actually Sophos problem, surprise surprise...
Rebuild the FW, restored from backup, and it detected all NICs.
The question why it renames the existing NIC when adding a new one remains a mystery...
In reply to Kir:
This may answer the question as I've had this problem before.
Linux (erego Sophos UTM) assigns eth# based on Mac addresses in a hexadecibetical order so adding the new vNIC may have shifted the NIC ordering. If you CLI on the UTM, this guide by NetworkGuy may still apply and you can then see what VMWare and Linux have decided to do with the new NIC.
https://networkguy.de/?p=577You may have to re-assign the old eths back to their old NICs.
BAlfson I remember a Sophos guy saying that old guide was not possible anymore but was brought back to be possible to re-order NICs, is this still the case?
In reply to EmileBelcourt:
It didn't change the MAC address, I specifically checked that.
It may not have changed the mac addresses but if you check the NIC ordering and see if it has put the NICs out of whack?
Nothing like that. eth0 and eth1 stayed the same, eth3 got added, and eth2 got renamed into rename3
Does it show that name in the /etc/udev/rules.d/70-persistent-net.rules file?
Well, since I did rebuilt the UTM... )