Hi,
i need some urgent help.
I had a fine running XG 17.5.14-1 with RED60 Device, connected to Remote Office with Fibre (German Telekom Connect IP).All was fine.
I upgtrade to XG 18.0.3 MR13 and the AP got some new Firmware, this seems fine for a few hours.
Today the RED60 device in the Remote Office doesn´t assign any DHCP IPv4 Leases to the client.After a reboot of the RED60 or with a manual IP Assignment to the Remote Office Client all connectivity is lost.
I did´nt change any rules yet, but Remot Office is complaining that they can´t connect to Head Office or internet.
Is there any log i can verify or should i load the old stable 17.5.14-1 ?
Thanks
Jürgen
Hi juergenb52,
Thank you for reaching out to the Community!
Did you check the red.log file on the firewall for any log entry that might help identify the issue?
Is there any pending RED firmware update on the firewall?
Thanks,
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Thanks for you responds,
i only see red logs unter /log/red and the last directory is from 2020-11-10, created on Dec 10 with a single log file inside.
This log has some PONG and poe chip status messages.
Thu Dec 10 14:05:27 2020 REDD INFO command '{"data":{"poe_chip_status":{"type":"chip","id":46,"totalPower":2,"totalPowerReg":0,"temperature":57.48,"volt":53.652825,"totalPowerCalc":15,"maxTotalPower":34,"firmware":12}},"type":"STATUS"}'Thu Dec 10 14:05:34 2020 REDD INFO command '{"data":{"seq":1108},"type":"PING"}'Thu Dec 10 14:05:34 2020 REDD INFO Sending json message {"data":{"seq":1108},"type":"PONG"}
Red Firmware is 3.0.002
can anyone help me with some information?
What log files should is parse?
What services do i need to verifiy for RED60/DHCP issue?
Should i relay the DHCP from HO (192.168.0.0/24) to BO (192.168.10.0/24)?
Thanks in advance
And, yes i have opened a case.
Start with posting some screenshots of the config. Are you using DHCP Relay or DHCP server on XG? Is any VLAN or Bridge involved.
__________________________________________________________________________________________________________________
DHCP Settings for reds1, device
RED Config
After i Reboot the RED60 (off/on) all is fine for a few minutes or 2-3 hours.
No VLAN, no Bridge.Firewall Rules are not touched, these are the RED Setup recommendations.
And all worked fine with 17.5.14-1 before the upgrade.
I have this case open 03440168 as critical, but it seems that the supporter is not working on this case?
In what log files can i view and where would i find some more error for RED60...
found the red.log
i see this information
Sat Dec 12 18:44:37 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocolSat Dec 12 18:44:37 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocolSat Dec 12 18:44:37 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocolSat Dec 12 18:44:38 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocolSat Dec 12 18:44:38 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocolSat Dec 12 18:44:38 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocolSat Dec 12 18:44:38 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocolSat Dec 12 18:44:40 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failedSat Dec 12 18:44:40 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocolSat Dec 12 18:44:41 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocolSat Dec 12 18:45:07 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL wants a read firstSat Dec 12 18:45:07 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL wants a read firstReading REDv2 key from STDIN:Sat Dec 12 18:47:27 2020 REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0Sat Dec 12 18:49:21 2020 REDD INFO: server: (Re-)loading device configurationsSat Dec 12 18:49:41 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from 'public RED60 ip': SSL accept attempt failed because of handshake problemsSat Dec 12 18:49:42 2020 REDD INFO: server: New connection from 217.239.136.66 with ID R600019JQ44MRB5 (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1
Do you use the Beta Firmware on XG for RED? Looks like this RED cannot establish the SSL Channel anymore for some reason. A RED Firmware upgrade to Unified Firmware could be a better approach.
Also try to delete and recreate this red.
what do you mean Beta? RED60 has 3.0.002
I had the RED60 withouth Unified fw and it fails, so i switched to Unified Firmware. Makes no difference.
I though XG 18.0.3 MR3 has Unified in a stable realese. GUI says so, the green popup message said Beta..
I did some more test.
If i reboot the RED60 all is fine for a while.
But the tunnel does not fail at all, the tunnel is solid (i think, i can ping the RED60 IP).
On the HO i can ssh to the XG and can do some testes.
I can ping the IP of the RED60, this is fine (192.168.10.254)I can see the routing table, it shows
Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface...192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 reds1
I have no static route configured for the BO, documentation for RED60 doesn´t say so.
But i can`t ping any clients behind the RED60.
IPS is disabled.
Any idea?
i tried to call Sophos Support internationl.
(It`s a very bad support, no one answering the phone, maybe after 40 minutes you get the wrong support departemend).
But after 40 min i got an engineer, he asked some details and just before the call was interrupted, he said something like...
Yes, this is a known bug with the firmware. We need to downgrade to the last release.
The RED 60 firmware 3.0.002 was from July 10 2020, so it could be only the XG 18.0.3 Release.
So i am back at XG 17.5.14 MR14-1, lets see if this wild guess will help.
So,
faster than i thought, it fails again.
So the RED 60 firmware 3.0.002 must be the bad boy.I am not shure when the upgrade was done.
I wish that someone from sophos support would take over the case.