Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 14473 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding IView breaks SCFM

JeffBrunner
Anyone else find that adding IView to devices that are connected to SCFM breaks the connection? I had a bunch of XG85W that were talking to SCFM just fine but because that model lacks on-box reporting we decided to fire up an IView server and point them to it in logging. I did the configuration change through SCFM and noticed that devices that received the IView config started dropping connection to SCFM. It seems that you can have IView or CFM on syslog but not both. My workaround for now is to set Central Management to use HTTPS rather than the 'recommended' syslog. This is a bit annoying because I no longer have central management and have to remote into each location to make the change. Hopefully with the release of CFM v16 this will be resolved although I'm not holding my breath.


This thread was automatically locked due to age.
  • 0

    Jeff,

    what about configuring iView to collect logs from SFM directly? Page 56 of SFM guide will instruct you on how to connect SFM and iView.

    Thanks for sharing your issue.

  • 0 in reply to lferrara

    Thanks for the suggestion, unfortunately that document only applies to SFM, not Central Firewall Manager, there is no option to configure iView in CFM. I had found another document that details setting up iView and SFM, however, it directs you to do exactly what I did, configure all XG firewalls to use the iView server as a syslog server from SFM which is exactly what broke all of my connections. Interestingly when I remoted into the devices to configure central management for HTTPS I found many of them did NOT have my iView entry in Logging. I will try rebooting a device that lost contact with CFM and see if it connects again without configuring for HTTPS.

  • 0 in reply to JeffBrunner

    Maybe it is a bug. can investigate and give you more details on SFM/SCFM.

    Regards

  • 0 in reply to lferrara

    It very well may be a bug, here is what I found with the last one I worked on. This one had received the settings from CFM for the iView server. I went into the Central Management page and changed from Syslog (recommended) to HTTPS. Almost immediately it began communicating with both the CFM AND iView. Here is the real kicker, I'm using port 514 for iView and 6514 for CFM. I could sort of understand if they were sharing ports but they are not. It appears that the latest firmware for the XG (at least on the 85 series) cannot handle two logging servers at once.

  • 0

    Oddly enough this morning devices that had not connected since Friday afternoon suddenly returned, no reboot, no nothing, they just showed up again. Not sure if Sophos did something, perhaps the servers that CFM run on reboot late Sunday early Monday and that fixed it???

  • 0 in reply to JeffBrunner

    Hi Jeff,

    I have checked the issue and issue did not recreated. What is firmware version of XG device?

    Heartbeat syslog port value is 6514 and iView syslog port is 514 so it does not affect communication between XG device and CFM.

    Ravi

  • 0 in reply to RaviPatel

    Yes, thank you, if you notice my last post it fixed itself magically on Monday. Nothing worked from Friday afternoon until Monday morning, suddenly everything was fine. Does Sophos reboot the servers that host SCFM over the weekend, Sunday night perhaps?

  • 0 in reply to JeffBrunner

    Hi Jeff,

    No, Sophos does not reboot the servers that host SCFM over the weekend.

    Ravi

Unfiltered HTML