Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

Firewall remains pending

Since a few days one of our firewalls is refusing to sync properly

I have already tried to remove the firewall from the group and adding it back, but syncing will keep as PENDING at 0%. I have also tried to switch primary and auxiliary but so far all to no avail.

Firewall is currently at firmware SFOS 19.0.1 MR-1-Build365 and has until recently always synced.

What can I do to get it to sync again?



Mistakenly added the picture twice.
[edited by: apijnappels at 2:07 PM (GMT -8) on 3 Feb 2023]
Parents
  • Hello there,

    Thank you for contacting the Sophos Community.

    If you push a change from Central, for example, create a Test user on central, does the change get applied to the Firewall?

    If you click the blue PENDING bottom, what does the log show?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • When I try to create a test user, this also keeps "PENDING" and nothing happens, user is never created.

    When clicking on the PENDING for this last task, it shows the following:

    {
      "opcodeID": 7,
      "entityID": 301,
      "entityName": "create_access_time_policy",
      "opcodeType": 1,
      "orderID": 0,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Allowed all the time-301",
      "updateFlag": "f",
      "mainEntity": "f"
    }
    {
      "opcodeID": 2,
      "entityID": 301,
      "entityName": "edit_access_time_policy",
      "opcodeType": 1,
      "orderID": 1,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Allowed all the time-301",
      "updateFlag": "t",
      "mainEntity": "f"
    }
    {
      "opcodeID": 5,
      "entityID": 302,
      "entityName": "create_surfing_quota_policy",
      "opcodeType": 1,
      "orderID": 2,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Unlimited Internet Access-302",
      "updateFlag": "f",
      "mainEntity": "f"
    }
    {
      "opcodeID": 6,
      "entityID": 302,
      "entityName": "edit_surfing_quota_policy",
      "opcodeType": 1,
      "orderID": 3,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Unlimited Internet Access-302",
      "updateFlag": "t",
      "mainEntity": "f"
    }
    {
      "opcodeID": 3,
      "entityID": 304,
      "entityName": "create_group",
      "opcodeType": 1,
      "orderID": 8,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Guest Group-304",
      "updateFlag": "f",
      "mainEntity": "f"
    }
    {
      "opcodeID": 8,
      "entityID": 304,
      "entityName": "update_group",
      "opcodeType": 1,
      "orderID": 9,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Guest Group-304",
      "updateFlag": "t",
      "mainEntity": "f"
    }
    {
      "opcodeID": 1,
      "entityID": 305,
      "entityName": "add_user",
      "opcodeType": 1,
      "orderID": 12,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "sophoscentraltest-305",
      "updateFlag": "f",
      "mainEntity": "t"
    }
    {
      "opcodeID": 4,
      "entityID": 305,
      "entityName": "update_user",
      "opcodeType": 1,
      "orderID": 13,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "sophoscentraltest-305",
      "updateFlag": "t",
      "mainEntity": "t"
    }

    On the previous task it just shows an extermely long list with items that should be synced since I have removed and then added back the firewall to the group.

    In the meantime I have also upgraded the firewall to firmware 19.5 and after that again removed it from the group and added it back, but it stays the same.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hello there,

    Thank you for the update.

    Is your Firewall able to resolve the following?

    nslookup dzr-utm-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com

    If not make sure you are using a Public DNS in the Firewall. 

    If it is able to resolve the above, what is the output of:

    # cat /var/fwcm_data/pending_trx.dat

    # ll /sdisk/fwcm_data/pending_trx.dat

    If there is no pending transaction in the Firewall, the above commands will show an error.

    /log/fwcm-updaterd.log


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi  ,

    URL is resolvable by both forwarders from firewall

    Both commands for pending_trx.dat tell me the file does not exist.

    The fwcm_updaterd.log files contains recurring entries (about every minute) that all look similar to this:

    Feb 07 13:39:32.252Z dbg There is data in UPD TLV FD. Starting Recv
    Feb 07 13:39:32.252Z dbg Received TLV length:148
    Feb 07 13:39:32.252Z dbg id:159,type:2,resp:1,len:140,body:{"forceSync":0,"skipTransaction":"0","trxnId":"0","grp_id":"9aefbe97-776e-405f-89c4-8e51b59b686e","transaction_type":"1","trxnStatus":"200"}
    Feb 07 13:39:32.252Z dbg process_tlv Entry (0xffe91138)
    Feb 07 13:39:32.252Z dbg Received FWCMTLV_UPDATERD_START_PULL, body:{"forceSync":0,"skipTransaction":"0","trxnId":"0","grp_id":"9aefbe97-776e-405f-89c4-8e51b59b686e","transaction_type":"1","trxnStatus":"200"}
    Feb 07 13:39:32.252Z dbg Preparing to send GET to: 
    URL: https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com/sophos/api/v1/firewalls/transactions/520a87e4-94a0-4b1f-a79e-2d43688207bd
    Feb 07 13:39:33.380Z dbg  Response code: '404'
    Feb 07 13:39:33.380Z dbg  Response content len: '0'
    Feb 07 13:39:33.380Z dbg  Response content: ''
    Feb 07 13:39:33.380Z err Error in GET transactions: code: 404, msg: null. No processing required
    Feb 07 13:39:33.380Z dbg update_transaction_id Entry (0, sts:200, type:1)
    Feb 07 13:39:33.380Z dbg Sending TrxId Update to HB: {"grp_id":"9aefbe97-776e-405f-89c4-8e51b59b686e","trx_id":"0", "trx_status":"200", "transaction_type":"1"}
    Feb 07 13:39:33.576Z dbg Completed: fwcm-heartbeatd:update_trx: status:200, err:SUCCESS, output:OK
    Feb 07 13:39:33.576Z dbg update_transaction_id Exit
    Feb 07 13:39:33.576Z dbg process_tlv Exit(0)
    Feb 07 13:39:33.576Z dbg process_tlv returned:0
    Feb 07 13:39:33.576Z dbg Starting Wait for message TLVs


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hello there,

    Thank you for the update.

    Please open a case with Support and share the Case ID once you have it, this most likely will have to go to GES/DEV.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply Children