Thread Info
  • State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 4005 views
  • Users 0 members are here
Options
Suggested

Sophos Switch - Server did not respond to client hello

Bruce Mathers

Hi 

We have a switch which was connected to Sophos Central, however it now shows up as disconnected

When we look in the firewall SSL/TLS inspection logs we are seeing this regularly from the switch 

cswitch-proxy.cloudstation.us-west-2.prod.hydra.sophos.com
Server did not respond to client hello

2023-08-23 17:54:50SSL/TLS inspectionmessageid="19017" log_type="Content Filtering" log_component="SSL" log_subtype="Error" severity="Information" user="" src_ip="172.16.16.10" dst_ip="54.187.224.189" user_group="" src_country="R1" dst_country="USA" src_port="55679" dst_port="443" app_name="" category="Software Updates" con_id="3608504512" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="" key_type="KEY_TYPE__UNKNOWN" key_param="Unknown" fingerprint="" resumed="0" cert_chain_served="TRUE" cipher_suite="" sni="cswitch-proxy.cloudstation.us-west-2.prod.hydra.sophos.com" tls_version="Unknown" reason="Server did not respond to client hello" exception="" message=""

Parents
  • 0

    Hi Bruce,

    Thank you for reaching out to Sophos Community.

    Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue?

    Based on the logs, the switch can't reach the server. To isolate the issue, kindly check the following KB first.

    Sophos Switch: Troubleshoot connectivity with Sophos Central

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    I have read through the basic trouble shooting document above, but I dont feel any of those situations apply here.

    You can see from my last adoption attempt, the switch successfully connected to a number of the Sophos servers but the last server simply fails to respond and the switch never shows as connected.  This attempt was after a factory reset of the switch and a sicific sophos firewall rule explicily allowing all traffic with no WEB/Application or IPS profiles assigned for traffic from this switch.  I have logged into the switch locally and confirmed it has the correct time and the all the DHCP IP Address settings are correct in terms of default gateway and DNS Servers etc.

    I see no denied traffic from the switch, only this TLS Error suggesting the server never replied.

    I cant see any reason why it simply wont connect.

    As mentioned earlier, this switch had already been adopted and was showing up as connected in sophos central until after the Firware update that was forced out to it when it connected the first time.

    very bizare, and quite annoying Disappointed

Reply
  • 0 in reply to Erick Jan

    I have read through the basic trouble shooting document above, but I dont feel any of those situations apply here.

    You can see from my last adoption attempt, the switch successfully connected to a number of the Sophos servers but the last server simply fails to respond and the switch never shows as connected.  This attempt was after a factory reset of the switch and a sicific sophos firewall rule explicily allowing all traffic with no WEB/Application or IPS profiles assigned for traffic from this switch.  I have logged into the switch locally and confirmed it has the correct time and the all the DHCP IP Address settings are correct in terms of default gateway and DNS Servers etc.

    I see no denied traffic from the switch, only this TLS Error suggesting the server never replied.

    I cant see any reason why it simply wont connect.

    As mentioned earlier, this switch had already been adopted and was showing up as connected in sophos central until after the Firware update that was forced out to it when it connected the first time.

    very bizare, and quite annoying Disappointed

Children
Unfiltered HTML