Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 23 replies
  • Answers 2 answers
  • Subscribers 42 subscribers
  • Views 17961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot register with Sophos Central

Carlo

Hi,

after I changed port type from dhcp (using firewall behind ips router) to pppoe (using fw to establish connection). I cannot register with Sophos Central using email and OTP or enable Red service.  Internet works but quite slow (will open another thread for this)

I have Sophos account, and that firewall was allready added and deleted from portal because after pppoe and public ip change it cannot communicate with Sophos Central

Please help.

Carlo



This thread was automatically locked due to age.
  • +1

    Hello ,

    Thank you for reaching out to the community, you can follow the following steps via CLI Menu > Press 5 for the device management > Press 3 for advance shell: 

    >  To find out the status: central-register --status  
    >  To de-register: central-register --unregister

    And then try to re-register the appliance with the Sophos Central with the following KBA - https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/SophosCentral/HowToArticles/CentralRegisterOTP/index.html

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Thanks, output from console and screenshot. The problem is still there.

    XGS2100_RL01_SFOS 19.0.0 GA-Build317# central-register --status
This SFOS instance is currently not registered with Sophos Central
XGS2100_RL01_SFOS 19.0.0 GA-Build317# central-register --unregister
Use of uninitialized value in concatenation (.) or string at /usr/bin/central-register line 279.
Use of uninitialized value in concatenation (.) or string at /usr/bin/central-register line 279.
Use of uninitialized value in concatenation (.) or string at /usr/bin/central-register line 280.
{"cloud_company_name":"","cloud_token":"","result":"SUCCESS","cloud_hb_availability":0}
XGS2100_RL01_SFOS 19.0.0 GA-Build317#

    When using OTP

  • 0 in reply to Carlo

    Hi Carlo 

    I am able register Sophos firewall with the OTP option with the link shared by Vivek Jagad

    Please give full access to the internet for your System  by creating a firewall rule for your PC or laptop and keep the rule on TOP and check by different browsers by clearing the cache and history 

    Thanks and Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    I was also able to register. I have two, both connected . Now it's only one. After resetting configuration on fw1 i can't connect to Sophos Central. Also after setting to factory port2 doest not get hdcp adress so I can't use wizzard to register during initial setup. 

  • 0 in reply to Vivek Jagad

    Thank you. This has to do something with my bad PPPoE connection. After I changed back to copper vdsl 40/10 everything is fine. My speed on PPPoE is not bad, but something is not wright with connection. Please check my thread about that

    https://community.sophos.com/sophos-xg-firewall/f/discussions/135562/pppoe-connection-on-xgs-2100-sfos-19-0-0-ga-build31---slow-page-loading/501169#501169

  • 0 in reply to Vivek Jagad 
    Actually when you deregister from admin GUI and delete fw from Sophos Central is not possible so add again. Just tested again.
  • 0 in reply to Vivek Jagad 

    XGS2100_RL01_SFOS 19.0.0 GA-Build317# central-register --register -u username -p password
Use of uninitialized value in concatenation (.) or string at /lib32/perl/site_perl/5.20.1/SFOS/Common/Central/API.pm line 82.
{"message":"The operation timed out, please try again later.","error":"ETIMEOUT"}
{"error":"EAGAIN","message":"Temporary error while accessing Sophos Central or Sophos Central indentity could not be verified."}
XGS2100_RL01_SFOS 19.0.0 GA-Build317#

    Logs

    LWP::Protocol::https::Socket: Bad hostname 'utm.cloud.sophos.com' at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.

2022-07-23 15:55:26Z INFO API.pm[3334]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error
2022-07-23 15:55:26Z INFO central-register[3334]:180 main::_register - Connecting to Sophos Central HUB [https://utm.cloud.sophos.com/api/utm] failed for the 2 time. Retry in a second.
2022-07-23 15:55:37Z ERROR Tools.pm[3334]:97 SFOS::Common::Central::Tools::report_status - ETIMEOUT: The operation timed out, please try again later.
2022-07-23 15:55:37Z DEBUG API.pm[3334]:113 SFOS::Common::Central::API::send_request - HTTP code: [500]
2022-07-23 15:55:37Z WARN API.pm[3334]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to utm.cloud.sophos.com:443 (Bad hostname)
Content-Type: text/plain
Client-Date: Sat, 23 Jul 2022 15:55:37 GMT
Client-Warning: Internal response

Can't connect to utm.cloud.sophos.com:443 (Bad hostname)

LWP::Protocol::https::Socket: Bad hostname 'utm.cloud.sophos.com' at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.

2022-07-23 15:55:37Z INFO API.pm[3334]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error
2022-07-23 15:55:37Z INFO central-register[3334]:185 main::_register - Connecting to Sophos Central HUB [https://utm.cloud.sophos.com/api/utm] failed 3 times. Exiting
2022-07-23 15:55:37Z ERROR Tools.pm[3334]:97 SFOS::Common::Central::Tools::report_status - EAGAIN: Temporary error while accessing Sophos Central or Sophos Central indentity could not be verified.

  • 0 in reply to Carlo

    Hi Carlo

    Please check SSL/TLS Inspection logs under logs viewer and share the status : 

    Thanks 

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Carlo

    Hi Carlo

    Can you share the current status of SSL/TLS Inspection rule configured on firewall ?

    Please go to PROTECT -->Rules and Policies --->SSL/TLS Inspection rules

    Please disable the SSL/TLS  Inspection rule and check whether Sophos Central registration is working or not and turn it ON back : 

     

    Thanks 

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML