Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Subscribers 41 subscribers
  • Views 16826 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why does sophos XG not recognise that I have a connection

Ashruf Rodrigues

I have been using sophos XG for about a week now but have yet to register the product. I have tried everything from reinstalling to swapping nics in my server but still get the following error.
None of the other suggestion on this topic seems to work for me. I am using the default config and all connected client can connect. What is my way forward as I can clearly ping the sophos servers? 

 



This thread was automatically locked due to age.
  • +1

    Hi Ashruf,

     

    SSH into the XG -- go to option 5 then 3. 

    Run the command tail -f /log/licensing.log 

    Reproduce the synchronization and it will tell you where it is failing. 

    I would recommend opening a support case for this as well. 

  • 0 in reply to MasterRoshi

    Thanks,

    The log revealed the following

    INFO Jan 02 09:46:11 [0]: --requestType = 1
    INFO Jan 02 09:46:11 [0]: --serial = C01001Y7K2P42CC
    INFO Jan 02 09:46:11 [0]: --deviceid = 566c840b-f906-4655-8f32-1afc770ed7df
    INFO Jan 02 09:46:11 [0]: --model = SF01V
    INFO Jan 02 09:46:11 [0]: --vendor = SO01
    INFO Jan 02 09:46:11 [0]: --upgradedFrom = 0
    INFO Jan 02 09:46:11 [0]: --fwversion = 17.5.1.347
    INFO Jan 02 09:46:11 [0]: --cert = /_conf/certificate/licensing/mfgr_vendor_SO.pem
    INFO Jan 02 09:46:11 [0]: --token = Token-Id:SO-D5C052A8
    INFO Jan 02 09:46:11 [0]: --key = /_conf/certificate/licensing/mfgr_vendor_SO.key
    INFO Jan 02 09:46:11 [0]: URL : eu-prod-utm.soa.sophos.com/.../applianceactivation
    INFO Jan 02 09:46:11 [0]: request : { "serialNumber": "C01001Y7K2P42CC", "deviceId": "566c840b-f906-4655-8f32-1afc770ed7df", "model": "SF01V", "deviceFirmwareVersion": "17.5.1.347", "vendorCode": "SO01" }
    ERROR Jan 02 09:46:12 [0]: curl_easy_perform(60) failed: Peer certificate cannot be authenticated with given CA certificates
    ERROR Jan 02 09:46:12 [0]: licensing_do_activation() : Problem in contacting Server
    { "statusmessage": "Operation failed due to an unknown error. Please contact Support.", "status": "510" }

     

    I applied the workaround at https://community.sophos.com/kb/en-us/132458 but the error stays the same.

  • 0 in reply to Ashruf Rodrigues

    Perhaps try rebooting and if the issue persists, try the KB steps once more.

    If that does not resolve things and the logs are the same, I would suggest opening a support ticket to investigate what is going on at a deeper level. 

  • 0 in reply to MasterRoshi

    Is there any HTTPs Inspection between XG WAN and the Internet? 

    Any Kind of Proxy? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    He can try this command:

    openssl s_client -showcerts -connect eu-prod-utm.soa.sophos.com:443

    then paste the output here. 

  • 0 in reply to MasterRoshi

    I would suggest he doesn't have the XG DNS setup correctly.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 EAP

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Next Guess: Do you have the proper Timezone selected? 

    __________________________________________________________________________________________________________________

  • 0 in reply to MasterRoshi

    Thanks,

    I got a bit further this time after fixing the system time and applying the workaround. The web interface now seems to be stuck on the "Retrieving Eligible Source Devices!" page.

    The Log contains:

    generate certificate signing request (CSR) Fri Feb 15 10:19:19 SAST 2019


    Fri Feb 15 10:19:20 SAST 2019 certificate signing request generated with status :: 0
    ####################################################
    INFO Feb 15 10:19:20 [0]: --requestType = 4
    INFO Feb 15 10:19:20 [0]: --serial = C01001Y7K2P42CC
    INFO Feb 15 10:19:20 [0]: --deviceid = af45b180-0114-488f-9ad2-6b08188be78d
    INFO Feb 15 10:19:20 [0]: --cert = /_conf/certificate/licensing/mfgr_vendor_SO.pem
    INFO Feb 15 10:19:20 [0]: --key = /_conf/certificate/licensing/mfgr_vendor_SO.key
    INFO Feb 15 10:19:20 [0]: URL : eu-prod-csr.soa.sophos.com/.../signing
    INFO Feb 15 10:19:20 [0]: certificate_signing_request() : request : { "serialNumber":"C01001Y7K2P42CC", "deviceId":"af45b180-0114-488f-9ad2-6b08188be78d", "certificateSigningRequest":"-----BEGIN CERTIFICATE REQUEST-----
    MIIDIjCCAgoCAQAwgZcxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtPeGZvcmRzaGly
    ZTERMA8GA1UEBwwIQWJpbmdkb24xFDASBgNVBAoMC1NvcGhvcyBMdGQuMQwwCgYD
    VQQLDANOU0cxGzAZBgNVBAMMElNGX0MwMTAwMVk3SzJQNDJDQzEeMBwGCSqGSIb3
    DQEJARYPaW5mb0Bzb3Bob3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
    CgKCAQEAns7ld+jupslhEBNQ8MbG8HW0IMuYs1N+r/Y12jyDou1kYK1kQdMHd9AQ
    2W1nsM5RwjJbXZC5ClmW+17lvw0klKIk3RR1dhdbZHtN7xCeTIm4LhrxN8EvHA+/
    Mu89XeIPyb7jRBPIWDcXVRrrnwtEJkDNdb7zBpta0Kbz5W7YpgPu25bdj7JaPDUB
    /eXZeOaCHgGqrjSoWESob5/dozcgD4evnxPEtRNM6Oe1LUZyJyeazKoYuBZ1gwi5
    FRY41dN8DjkcsxSaUzhjA1cu3QOn5Nm0+1ZjntsQAmAw8ktuIL1wzjaxIdBvCwS7
    pFWBYYYBvNWZ+yKWguh/OmXSO5hDhwIDAQABoEUwGgYJKoZIhvcNAQkCMQ0MC1Nv
    cGhvcyBMdGQuMCcGCSqGSIb3DQEJDjEaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMC
    BeAwDQYJKoZIhvcNAQELBQADggEBAHfeScipFFnOBlnRrR4FP7LlNmVs9D9x4E/R
    qks4A3l7bjy1QYyCsnP7YwkGRz362BdoIZmeq0ejBlrC/R3HK9LtHhHxZ1a0WzZi
    CGjuiNSXv2uvrccm+e6GlaxLnPdZBqbtzZl86Z491jdHXFM7YmLVYjCBBWmSO82s
    hMVxT7uMJyW8iAS1h66u4pGMnpv6IRQUbGvvyPQIQCKvgg2SQrLMMKJqGNzGi9un
    mvomCujPmLe4/LGkeY2LoboRJTyojL22i9W+kHOdpKsQ4U9oZvJAYs97vWXTIQGI
    lnVfzw1lQATy+sJWc7mrcyAn8sUrw9uhXp4VZrJm1efFFMsb/TU=
    -----END CERTIFICATE REQUEST-----
    "}
    INFO Feb 15 10:19:22 [0]: certificate_signing_request() : response : {"errorCode":"ITSERVICELAYER_PROVIDER_REQUEST_ERROR","message":"Device must be activated and registered","statusCode":400,"trackingId":"289de8e9-a08a-4588-8d17-da17af2cfba5"}

    ERROR Feb 15 10:19:22 [0]: Certificate signing Failed : Device must be activated and registered...:(
    ERROR Feb 15 10:19:22 [0]: certificate signing request() : parsing failed...

  • 0 in reply to rfcat_vk

    I have my DNS setup by DHCP and I made no changes to the default config.

  • 0 in reply to Ashruf Rodrigues

    Like mentioned in the Log.

    You need to restart the Appliance.

    It should come up and after login into the webadmin, the appliance should ask for a activation and everything should work fine. 

    __________________________________________________________________________________________________________________

Unfiltered HTML