Local XG can't connect to local SFM

I'm encountering a problem connecting a local XG 230 appliance to a local SFM server.   I have seven remote XG appliances connecting to SFM fine, the problem is only with the local SFOS box connecting to SFM.

After configuring Central Management within XG the SFM discovers the device.   When I attempt to add the device the "test connection" link very quickly causes a popup containing "Connection timeout".   

Both devices are connected to the same Ethernet switch.   From the command line each device is able to ping the other.

I'm connecting SFM to XG using HTTPS on port 4444.   The SFOS appliance has the IP 10.3.0.1 and SFM is 10.3.0.3.     Checking netstat immediately after receiving the "Connection timeout" error shows the following:
tcp        0      0 ::ffff:10.3.0.3:59984   ::ffff:10.3.0.1:4444    TIME_WAIT   
tcp        0      0 ::ffff:10.3.0.3:44492   ::ffff:10.3.0.1:4444    TIME_WAIT   

We're using IPv4, but I configured IPv6 on the SFM as well as on the XG interface with the IP 10.3.0.1.   I get exactly the same problem with this config (except netstat lists IPv6 addresses).

I'm stumped.   Does anyone have any suggestions?

Thanks,
Bob

  • Hi Bob,

    Please check HTTPS in LAN Zone is allowed for SF device on SF Device access page.If it is not allowed then allow it and check status of the  issue.

    Ravi

  • In reply to RaviPatel:

    Ravi,


    Thanks for the reply.   HTTPS was already enabled.   As a test I enabled HTTPS device access for all of my zones and tried again.   This made no difference.

    Bob

  • In reply to Bob_Dushok:

    Hi Bob,

    Please provide below detail to analyze issue further.

    1. SFOS Admin Console HTTPS Port value (System --> Administration --> Setting Page)

    2. SFOS Central management page screenshot (System > Administration > Central Management)

    3. Access port value for SFOS device in SFM (System Management > Device Settings > Managed Devices > Devices)

    Ravi Patel

  • In reply to RaviPatel:

    Ravi,


    Thanks for your assistance.

    1) The SFOS Admin Console HTTPS port is 4444

    2) Screenshot of the Central management page:

    3) The Access port value for the SFOS device in SFM is HTTPS(4444)

    I spoke to someone from support this morning regarding this problem.   We worked together and was unable to get push working.   I use push on the other eight appliances connecting to the SFM.   After tinkering for awhile we were able to get the pull (fetch) working.   The screenshot above reflects pull working.

    It is working now, but I would prefer to use push. 

    Thanks,

    Bob

  • In reply to Bob_Dushok:

    Hi Bob,

    We haven't observed such type of issue.

    Please email me (ravi.b.patel@sophos.com) SF and SFM device SSH, GUI access and  credential so i can check issue and guide you further.

    Ravi

  • In reply to RaviPatel:

    Hi Bob,

    SFM does not support certificate key length greater than 2048.Because of that your XG device is not able to connect in PUSH mode.
    Reference JIRA ID: NCCC-4069.
    Issue will be covered in future release of SFM. Till the time you have to use SFOS device in PULL mode to manage devices via SFM.

    Ravi