This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Urgent: Sophos XG 18.0.3 MR-3 , RED60 loses connectivity / NO DHCP

Hi,

i need some urgent help.

I had a fine running XG 17.5.14-1 with RED60 Device, connected to Remote Office with Fibre (German Telekom Connect IP).
All was fine.

I upgtrade to XG 18.0.3 MR13 and the AP got some new Firmware, this seems fine for a few hours.

Today the RED60 device in the Remote Office doesn´t assign any DHCP IPv4 Leases to the client.
After a reboot of the RED60 or with a manual IP Assignment to the Remote Office Client all connectivity is lost.

I did´nt change any rules yet, but Remot Office is complaining that they can´t connect to Head Office or internet.

Is there any log i can verify or should i load the old stable 17.5.14-1 ?

Thanks

Jürgen



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Did you check the red.log file on the firewall for any log entry that might help identify the issue?

    Is there any pending RED firmware update on the firewall? 

    Thanks,

  • Thanks for you responds,

    i only see red logs unter /log/red and the last directory is from 2020-11-10, created on Dec 10 with a single log file inside.

    This log has some PONG and poe chip status messages.

    Thu Dec 10 14:05:27 2020 REDD INFO command '{"data":{"poe_chip_status":{"type":"chip","id":46,"totalPower":2,"totalPowerReg":0,"temperature":57.48,"volt":53.652825,"totalPowerCalc":15,"maxTotalPower":34,"firmware":12}},"type":"STATUS"}'
    Thu Dec 10 14:05:34 2020 REDD INFO command '{"data":{"seq":1108},"type":"PING"}'
    Thu Dec 10 14:05:34 2020 REDD INFO Sending json message {"data":{"seq":1108},"type":"PONG"}

    Red Firmware is 3.0.002

  • Start with posting some screenshots of the config. Are you using DHCP Relay or DHCP server on XG? Is any VLAN or Bridge involved. 

    __________________________________________________________________________________________________________________

  • DHCP Settings for reds1, device

    RED Config

    After i Reboot the RED60 (off/on) all is fine for a few minutes or 2-3 hours.

    No VLAN, no Bridge.
    Firewall Rules are not touched, these are the RED Setup recommendations.

    And all worked fine with 17.5.14-1 before the upgrade.

    I have this case open 03440168 as critical, but it seems that the supporter is not working on this case?

    In what log files can i view and where would i find some more error for RED60...

  • Hi,

    found the red.log

    i see this information

    Sat Dec 12 18:44:37 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    Sat Dec 12 18:44:37 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    Sat Dec 12 18:44:37 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    Sat Dec 12 18:44:38 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    Sat Dec 12 18:44:38 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    Sat Dec 12 18:44:38 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    Sat Dec 12 18:44:38 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    Sat Dec 12 18:44:40 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed
    Sat Dec 12 18:44:40 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    Sat Dec 12 18:44:41 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
    Sat Dec 12 18:45:07 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL wants a read first
    Sat Dec 12 18:45:07 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '185.153.199.94': SSL wants a read first
    Reading REDv2 key from STDIN:
    Sat Dec 12 18:47:27 2020 REDD INFO: Red devices: Connected: 1 Disconnected 0 Enabled: 1 Disabled: 0
    Sat Dec 12 18:49:21 2020 REDD INFO: server: (Re-)loading device configurations
    Sat Dec 12 18:49:41 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from 'public RED60 ip': SSL accept attempt failed because of handshake problems
    Sat Dec 12 18:49:42 2020 REDD INFO: server: New connection from 217.239.136.66 with ID R600019JQ44MRB5 (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1

  • Do you use the Beta Firmware on XG for RED? Looks like this RED cannot establish the SSL Channel anymore for some reason. A RED Firmware upgrade to Unified Firmware could be a better approach. 

    Also try to delete and recreate this red. 

    __________________________________________________________________________________________________________________

  • Hi,

    what do you mean Beta? RED60 has 3.0.002

    I had the RED60 withouth Unified fw and it fails,
    so i switched to Unified Firmware. Makes no difference.

    I though XG 18.0.3 MR3 has Unified in a stable realese. GUI says so, the green popup message said Beta..

    I did some more test.

    If i reboot the RED60 all is fine for a while.

    But the tunnel does not fail at all, the tunnel is solid (i think, i can ping the RED60 IP).

    On the HO i can ssh to the XG and can do some testes.

    I can ping the IP of the RED60, this is fine (192.168.10.254)
    I can see the routing table, it shows

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    ...
    192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 reds1

    I have no static route configured for the BO, documentation for RED60 doesn´t say so.

    But i can`t ping any clients behind the RED60.

    IPS is disabled.

    Any idea?

  • Hi,

    i tried to call Sophos Support internationl.

    (It`s a very bad support, no one answering the phone, maybe after 40 minutes you get the wrong support departemend).

    But after 40 min i got  an engineer, he asked some details and just before the call was interrupted, he said something like...

    Yes, this is a known bug with the firmware. We need to downgrade to the last release.

    The RED 60 firmware 3.0.002 was from July 10 2020, so it could be only the XG 18.0.3 Release.

    So i am back at XG 17.5.14 MR14-1, lets see if this wild guess will help.

  • So,

    faster than i thought, it fails again.

    So the RED 60 firmware 3.0.002 must be the bad boy.
    I am not shure when the upgrade was done. 

    I wish that someone from sophos support would take over the case.

  • have you already only resaved the RED config and the VLANs on the RED?

    This bug is hitting us from time to time. Then resaving the config sometimes helps.

    Last week we had massive DHCP failures that had been resolved by deleting and re-adding a radom DHCP server object. So maybe your reds1 DHCP server. Also some kind of bug.

    good luck with the support. It's catastrophic at the moment, and Sophos knows it.

  • Thanks,

    i deleted the RED60 from my XG 17.5.14 MR-14, bricked the Device (no WAN connection).
    Next i added the RED60 to my XG and did a USB Deployment, this was OK.

    But i think Sophos f*cked up their RED Devices.

    I get this in the red.log

    Done
    Sun Dec 13 19:41:21 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '94.31.97.198': SSL accept attempt failed because of handshake problems
    Sun Dec 13 19:42:23 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from '94.31.97.198': SSL accept attempt failed because of handshake problems
    Sun Dec 13 19:42:24 2020 REDD INFO: server: New connection from 94.31.97.198 with ID R600019JQ412345 (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1

    I am going to setup a pfsense Box or OpenWrt Box these days and keep the RED60 offline.

    Maybe their support will be available to fix this thing...

  • Hi,

    i had a remote session yesterday. It looks like the ARP Cache is failing for DHCP.
    Sophos verfied this problem yesterday for about 2 1/2h without any success

Reply Children
No Data