Since a few days one of our firewalls is refusing to sync properly
I have already tried to remove the firewall from the group and adding it back, but syncing will keep as PENDING at 0%. I have also tried to switch primary and auxiliary but so far all to no avail.
Firewall is currently at firmware SFOS 19.0.1 MR-1-Build365 and has until recently always synced.
What can I do to get it to sync again?
Hello there,
Thank you for contacting the Sophos Community.
If you push a change from Central, for example, create a Test user on central, does the change get applied to the Firewall?
If you click the blue PENDING bottom, what does the log show?
Regards,
When I try to create a test user, this also keeps "PENDING" and nothing happens, user is never created.
When clicking on the PENDING for this last task, it shows the following:
{ "opcodeID": 7, "entityID": 301, "entityName": "create_access_time_policy", "opcodeType": 1, "orderID": 0, "opcodeString": "", "responseStatus": null, "uniqueName": "Allowed all the time-301", "updateFlag": "f", "mainEntity": "f" } { "opcodeID": 2, "entityID": 301, "entityName": "edit_access_time_policy", "opcodeType": 1, "orderID": 1, "opcodeString": "", "responseStatus": null, "uniqueName": "Allowed all the time-301", "updateFlag": "t", "mainEntity": "f" } { "opcodeID": 5, "entityID": 302, "entityName": "create_surfing_quota_policy", "opcodeType": 1, "orderID": 2, "opcodeString": "", "responseStatus": null, "uniqueName": "Unlimited Internet Access-302", "updateFlag": "f", "mainEntity": "f" } { "opcodeID": 6, "entityID": 302, "entityName": "edit_surfing_quota_policy", "opcodeType": 1, "orderID": 3, "opcodeString": "", "responseStatus": null, "uniqueName": "Unlimited Internet Access-302", "updateFlag": "t", "mainEntity": "f" } { "opcodeID": 3, "entityID": 304, "entityName": "create_group", "opcodeType": 1, "orderID": 8, "opcodeString": "", "responseStatus": null, "uniqueName": "Guest Group-304", "updateFlag": "f", "mainEntity": "f" } { "opcodeID": 8, "entityID": 304, "entityName": "update_group", "opcodeType": 1, "orderID": 9, "opcodeString": "", "responseStatus": null, "uniqueName": "Guest Group-304", "updateFlag": "t", "mainEntity": "f" } { "opcodeID": 1, "entityID": 305, "entityName": "add_user", "opcodeType": 1, "orderID": 12, "opcodeString": "", "responseStatus": null, "uniqueName": "sophoscentraltest-305", "updateFlag": "f", "mainEntity": "t" } { "opcodeID": 4, "entityID": 305, "entityName": "update_user", "opcodeType": 1, "orderID": 13, "opcodeString": "", "responseStatus": null, "uniqueName": "sophoscentraltest-305", "updateFlag": "t", "mainEntity": "t" }
On the previous task it just shows an extermely long list with items that should be synced since I have removed and then added back the firewall to the group.
In the meantime I have also upgraded the firewall to firmware 19.5 and after that again removed it from the group and added it back, but it stays the same.
Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Thank you for the update.
Is your Firewall able to resolve the following?
nslookup dzr-utm-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com
If not make sure you are using a Public DNS in the Firewall.
If it is able to resolve the above, what is the output of:
# cat /var/fwcm_data/pending_trx.dat
# ll /sdisk/fwcm_data/pending_trx.dat
If there is no pending transaction in the Firewall, the above commands will show an error.
/log/fwcm-updaterd.log
Hi emmosophos ,
URL is resolvable by both forwarders from firewall
Both commands for pending_trx.dat tell me the file does not exist.
The fwcm_updaterd.log files contains recurring entries (about every minute) that all look similar to this:
Feb 07 13:39:32.252Z dbg There is data in UPD TLV FD. Starting Recv Feb 07 13:39:32.252Z dbg Received TLV length:148 Feb 07 13:39:32.252Z dbg id:159,type:2,resp:1,len:140,body:{"forceSync":0,"skipTransaction":"0","trxnId":"0","grp_id":"9aefbe97-776e-405f-89c4-8e51b59b686e","transaction_type":"1","trxnStatus":"200"} Feb 07 13:39:32.252Z dbg process_tlv Entry (0xffe91138) Feb 07 13:39:32.252Z dbg Received FWCMTLV_UPDATERD_START_PULL, body:{"forceSync":0,"skipTransaction":"0","trxnId":"0","grp_id":"9aefbe97-776e-405f-89c4-8e51b59b686e","transaction_type":"1","trxnStatus":"200"} Feb 07 13:39:32.252Z dbg Preparing to send GET to: URL: https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com/sophos/api/v1/firewalls/transactions/520a87e4-94a0-4b1f-a79e-2d43688207bd Feb 07 13:39:33.380Z dbg Response code: '404' Feb 07 13:39:33.380Z dbg Response content len: '0' Feb 07 13:39:33.380Z dbg Response content: '' Feb 07 13:39:33.380Z err Error in GET transactions: code: 404, msg: null. No processing required Feb 07 13:39:33.380Z dbg update_transaction_id Entry (0, sts:200, type:1) Feb 07 13:39:33.380Z dbg Sending TrxId Update to HB: {"grp_id":"9aefbe97-776e-405f-89c4-8e51b59b686e","trx_id":"0", "trx_status":"200", "transaction_type":"1"} Feb 07 13:39:33.576Z dbg Completed: fwcm-heartbeatd:update_trx: status:200, err:SUCCESS, output:OK Feb 07 13:39:33.576Z dbg update_transaction_id Exit Feb 07 13:39:33.576Z dbg process_tlv Exit(0) Feb 07 13:39:33.576Z dbg process_tlv returned:0 Feb 07 13:39:33.576Z dbg Starting Wait for message TLVs
Please open a case with Support and share the Case ID once you have it, this most likely will have to go to GES/DEV.
Case ID: 06162869
Hello,
Thank you for the Case ID.
I have added a note.
Problem was resolved by deregistering and reregistering the firewall to Sophos Central.