Thread Info
  • State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 4062 views
  • Users 0 members are here
Options
Suggested

Sophos Switch - Server did not respond to client hello

Bruce Mathers

Hi 

We have a switch which was connected to Sophos Central, however it now shows up as disconnected

When we look in the firewall SSL/TLS inspection logs we are seeing this regularly from the switch 

cswitch-proxy.cloudstation.us-west-2.prod.hydra.sophos.com
Server did not respond to client hello

2023-08-23 17:54:50SSL/TLS inspectionmessageid="19017" log_type="Content Filtering" log_component="SSL" log_subtype="Error" severity="Information" user="" src_ip="172.16.16.10" dst_ip="54.187.224.189" user_group="" src_country="R1" dst_country="USA" src_port="55679" dst_port="443" app_name="" category="Software Updates" con_id="3608504512" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="" key_type="KEY_TYPE__UNKNOWN" key_param="Unknown" fingerprint="" resumed="0" cert_chain_served="TRUE" cipher_suite="" sni="cswitch-proxy.cloudstation.us-west-2.prod.hydra.sophos.com" tls_version="Unknown" reason="Server did not respond to client hello" exception="" message=""

Parents Reply Children
  • 0 in reply to Erick Jan

    Hi Erick

    Thanks I will take a look through that material, however since this switch was already registered and connected to Sophos central and then simply became disconnected after a firmware update, it would appear the issue is either firmware related or the server cswitch-proxy.cloudstation.us-west-2.prod.hydra.sophos.com is unreachable.  I have tried factory resetting the switch and reconnecting to sophos cloud from scratch, but we can no longer get it to connect / register at all.  worked pefectly out of the box, and nothing else has really changed apart from the firmware update.

  • 0 in reply to Erick Jan

    I have read through the basic trouble shooting document above, but I dont feel any of those situations apply here.

    You can see from my last adoption attempt, the switch successfully connected to a number of the Sophos servers but the last server simply fails to respond and the switch never shows as connected.  This attempt was after a factory reset of the switch and a sicific sophos firewall rule explicily allowing all traffic with no WEB/Application or IPS profiles assigned for traffic from this switch.  I have logged into the switch locally and confirmed it has the correct time and the all the DHCP IP Address settings are correct in terms of default gateway and DNS Servers etc.

    I see no denied traffic from the switch, only this TLS Error suggesting the server never replied.

    I cant see any reason why it simply wont connect.

    As mentioned earlier, this switch had already been adopted and was showing up as connected in sophos central until after the Firware update that was forced out to it when it connected the first time.

    very bizare, and quite annoying Disappointed

  • 0 in reply to Bruce Mathers

    Hi Bruce,

    Since you have already followed the KB for troubleshooting and had factory reset the switch.

    I would recommend creating a case to Sophos Support and inform that the issue occur upon a firmware upgrade.

    Also, kindly share the case ID here for us to monitor. 

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Bruce Mathers

    Hi Bruce,

    how did you resolve the issue?

    Thank you

    Valerio

Unfiltered HTML