This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.601 - RED issues!

Since upgrading all our customers to 9.601, a bigger part of them are complaining about RED's re/disconnection in a no-pattern way.

It started for all of them just the night we upgraded to 9.601, and they all are on different ISP's and located different places around the country.

Been with Sophos support for 2 hours today, and now they escalated it to higher grounds.

Will return with an update....

Suspicious entries in the log - but all connected REDs do this before connection:

2019:03:06-15:15:38 fw01-2 red_server[17509]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems

2019:03:06-15:15:46 fw01-2 red2ctl[12420]: Missing keepalive from reds3:0, disabling peer xxx.xxx.xxx.xxx

I know the last line is written before the tunnel disconnects, because there was no "PING/PONG" answer...

One customer has 2 x RD 50, one 1 100% stable and the other fluctuates in random intervals - we replaced this with a new RED 50, but the same thing occurs.



This thread was automatically locked due to age.
Parents
  • Hi All,

    Since the advisory came out, I have been having issues with a RED50, which was replaced under RMA (so now I have 2 units).

    The first issue was an inability to configured itself to use FQDN (and work), it would only configure & work with a Public IP address.

    The second issue I had was that I was unable to ping/communicate with the RED50 or any device beyond the RED50.

    Basically the RED50 firmware was being an unruly teenager.

    I spoke with Support who were initially very good (UK side) and said they would escalate to their 2nd (or is it third line), then support fell flat as the support section, finally I was assigned to one of the techs on East Coast USA, we exchanged emails for sometimes, and had one phone call with them, as time difference was an issue.

    • At no point was I informed of the Advisory (https://community.sophos.com/kb/en-us/134398) I had to find it on here (this post I think).
    • I also found out about the FQDN issue, which I did some testing in-house on the 'faulty' unit.
    • This issue does not happen on the XG (I performed some testing with my own XG which I then realised the 'faulty' unit was not faulty).

    This does have rings of QC/QA not performing, for the SG UTM software(similar to the Microsoft Windows updates test dept. which is a shadow of it's former self).

    The problem I had existed on 9.602 & 9.605 (Virtual & Hardware based units), it was only when 9.7 came out did I test further and can confirm that all my issues were fixed.

    Although I did notice that after I ran "cc set red use_unified_firmware 1", on initial reboot it didn't work as it should (stating it was unable to configure itself), physically switching it off (using the power cable) fixed the issue.

     - Good news - my customer (who bought this unit just prior to the advisory) can now use the RED50 (at last).

     

     

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

  • You must be sure to test some further :-)

    We have now exchanged (RMA'ed) 26 RED 50 devices, some of them just broke after a month, and they where all running 9.605-1, which supposedly, should have fixed it. 9.7 "just" came out, but be carefull as 9.605-1 shoud also have "fixed" the RED-50-IS-NOW-BRICKED-BUG, but did not, give it a month with 9.7 and let's see if anything is fixed :-)

    Also this very morning, a RED 50 just crashed, and was showing "Booting..." and never came any further :-(

    Just for the note, when you get a RED 50 RMA, you now receive this with the new RMA device:

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Architect

  • regarding 9.7   

     

    https://community.sophos.com/kb/en-us/134717

     

     

    Sophos is investigating reports from some customers experiencing RED site-to-site tunnel issues after upgrading from v9.605 to v9.7.

  • neildonaldson said:

    regarding 9.7   

     

    https://community.sophos.com/kb/en-us/134717

     

     

    Sophos is investigating reports from some customers experiencing RED site-to-site tunnel issues after upgrading from v9.605 to v9.7.

     

     

    yes that was with 9.700-4, it's fixed in 9.700-5 :-)

     

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Architect

  • When did 9.7 come out?? The UTM I'm looking at right now still says 

    Firmware version:   9.605-1

    and no updates are available. To add insult to injury - one of the Red 15wi tunnels to a site office has just gone down again (despite the disabling of the Unified Firmware). Seems to only be good for a max of two weeks and I have to send a tech back out ... kinda glad I don't have 50 (or more) of these like other blokes. Starting to re-think the entire network infrastructure at this point. Having this drag on for months is ridiculous.

Reply
  • When did 9.7 come out?? The UTM I'm looking at right now still says 

    Firmware version:   9.605-1

    and no updates are available. To add insult to injury - one of the Red 15wi tunnels to a site office has just gone down again (despite the disabling of the Unified Firmware). Seems to only be good for a max of two weeks and I have to send a tech back out ... kinda glad I don't have 50 (or more) of these like other blokes. Starting to re-think the entire network infrastructure at this point. Having this drag on for months is ridiculous.

Children
  • Dread said:

    When did 9.7 come out?? The UTM I'm looking at right now still says 

    Firmware version:   9.605-1

    and no updates are available. ...

     

     

    The release will be rolled out in phases.

    • In phase 1 you can download the update package from the download area.
    • In phase 2 we will make it available via our Up2Date servers in several stages.
    • In phase 3 we will make it available via our Up2Date servers to all remaining installations.

    So, I think Sophos is still in phase 1. See https://community.sophos.com/products/unified-threat-management/b/blog/posts/utm-up2date-9-700-released for the download links.

    Best regards

    Alex

    -

  • I am glad this forum is here!

    As I have an open ticket with support and have done since the original advisory came out, I would have expected Sophos to tell me about the updates (both of them)!

    I have now replied to the emails asking for more information.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!