Dears
I facing problem to manage my firewall from Sophos central as error below
The firewall is not responding to the login request as fast as expected. Please wait a while and try again, or check that the firewall is not experiencing any internet connectivity issues.
Note : Wan Link is up & internet is good
service -S | grep ssod is Running
centralmanagement.log /bin/sh: centralmanagement.log: not found
did you type the complete command I shared or just "centralmanagement.log ?" Ahmed Fahmy1
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
2022-08-10 13:32:08Z INFO central-connect[1914]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1/firewalls/Firewallserial/sshTunnel Timezone: Africa/Cairo 2022-08-10 13:32:09Z INFO central-connect[1914]:271 main:: - got response of poll for SSO. Status: requested backupExpected: 2022-08-10 13:32:40Z INFO central-connect[2202]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1/firewalls/Firewallserial/sshTunnel Timezone: Africa/Cairo 2022-08-10 13:32:41Z INFO central-connect[2202]:271 main:: - got response of poll for SSO. Status: requested backupExpected: 2022-08-10 13:33:12Z INFO central-connect[2396]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1/firewalls/Firewallserial/sshTunnel Timezone: Africa/Cairo 2022-08-10 13:33:13Z INFO central-connect[2396]:271 main:: - got response of poll for SSO. Status: requested backupExpected: 2022-08-10 13:33:44Z INFO central-connect[3009]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1/firewalls/Firewallserial/sshTunnel Timezone: Africa/Cairo 2022-08-10 13:33:44Z INFO central-connect[3009]:271 main:: - got response of poll for SSO. Status: requested backupExpected: 2022-08-10 13:34:15Z INFO central-connect[3337]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1/firewalls/Firewallserial/sshTunnel Timezone: Africa/Cairo 2022-08-10 13:34:16Z INFO central-connect[3337]:271 main:: - got response of poll for SSO. Status: requested backupExpected: 2022-08-10 13:34:46Z INFO central-connect[3660]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1/firewalls/Firewallserial/sshTunnel Timezone: Africa/Cairo 2022-08-10 13:34:47Z INFO central-connect[3660]:271 main:: - got response of poll for SSO. Status: requested backupExpected:
Hey Ahmed Fahmy1,You can check the status of the central here: https://centralstatus.sophos.com/Plus, you can also perform a nslookup & telnet on the XG #nsloookup utm-cloudstation-us-east-2.prod.hydra.sophos.com#telnet utm-cloudstation-us-east-2.prod.hydra.sophos.comAnd are you seeing any errors popping up from the central while accessing ?
All systems normal
all our Firewall on different locations are reporting this issue today but it happened over the last days also.
What's going on at Sophos Central Central Europe Region?
I'm sure these are false positives in term of Internet connectivity of the firewall. There must be something in Central.
We've also had this issue with only the Aux nodes, now Aux and Pri nodes reported the issue
Thu 13.10.2022 08:09 CEST
Thu 13.10.2022 09:13-09:36 CEST multiple times
502 and 504 Response Codes from Central...
2022-10-13 07:16:58Z INFO central-connect[30861]:232 main:: - Poll for SSO Sessions failed. 2022-10-13 07:16:58Z ERROR Tools.pm[30861]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 2022-10-13 07:17:30Z INFO central-connect[374]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/xxxxx/sshTunnel Timezone: Europe/Berlin 2022-10-13 07:17:30Z WARN API.pm[374]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 502 Bad Gateway Connection: close Date: Thu, 13 Oct 2022 07:17:30 GMT Server: awselb/2.0 Content-Length: 122 Content-Type: text/html Client-Date: Thu, 13 Oct 2022 07:17:30 GMT Client-Peer: 18.156.141.44:443 Client-Response-Num: 1 -- Title: 502 Bad Gateway <html> <head><title>502 Bad Gateway</title></head> <body> <center><h1>502 Bad Gateway</h1></center> </body> </html>
2022-10-13 07:15:27Z INFO central-connect[30220]:232 main:: - Poll for SSO Sessions failed. 2022-10-13 07:15:27Z ERROR Tools.pm[30220]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 2022-10-13 07:15:57Z INFO central-connect[30861]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/xxxxx/sshTunnel Timezone: Europe/Berlin 2022-10-13 07:16:58Z WARN API.pm[30861]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 504 Gateway Time-out Connection: close Date: Thu, 13 Oct 2022 07:16:58 GMT Server: awselb/2.0 Content-Length: 132 Content-Type: text/html Client-Date: Thu, 13 Oct 2022 07:16:58 GMT Client-Peer: 3.64.249.208:443 Client-Response-Num: 1 -- Title: 504 Gateway Time-out <html> <head><title>504 Gateway Time-out</title></head> <body> <center><h1>504 Gateway Time-out</h1></center> </body> </html>
Hey LHerzog,Can you check the following from the Sophos appliance shell access ? nslookup utm-cloudstation-eu-central-1.prod.hydra.sophos.comDomain Name Server# 127.0.0.1Domain Name # utm-cloudstation-eu-central-1.prod.hydra.sophos.comResolved Address 1# utm-spinnaker-1431807683.eu-central-1.elb.amazonaws.com.Resolved Address 1# 18.156.141.44Resolved Address 2# 3.121.70.112Resolved Address 3# 3.64.249.208Total query time # 34.29 msec
telnet utm-cloudstation-eu-central-1.prod.hydra.sophos.com 443Trying 18.156.141.44...Connected to utm-cloudstation-eu-central-1.prod.hydra.sophos.com.Escape character is '^]'.^]quit
telnet> Connection closed.See if you are getting this results, or not ?
as the issue is not present currently, these commands are successful
XGS136_XN01_SFOS 19.0.1 MR-1-Build365# nslookup utm-cloudstation-eu-central-1.prod.hydra.sophos.comDomain Name Server# 127.0.0.1Domain Name # utm-cloudstation-eu-central-1.prod.hydra.sophos.comResolved Address 1# utm-spinnaker-1431807683.eu-central-1.elb.amazonaws.com.Resolved Address 1# 3.64.249.208Resolved Address 2# 18.156.141.44Resolved Address 3# 3.121.70.112Total query time # 0.12 msecXGS136_XN01_SFOS 19.0.1 MR-1-Build365# telnet utm-cloudstation-eu-central-1.prod.hydra.sophos.com 443Trying 3.64.249.208...Connected to utm-cloudstation-eu-central-1.prod.hydra.sophos.com.Escape character is '^]'.^]HTTP/1.1 400 Bad RequestServer: awselb/2.0Date: Thu, 13 Oct 2022 09:20:41 GMTContent-Type: text/htmlContent-Length: 122Connection: close<html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center></body></html>Connection closed by foreign host.XGS136_XN01_SFOS 19.0.1 MR-1-Build365#
Hmm, then request you to perform this again along with the the tcpdump on the host utm-cloudstation-eu-central-1.prod.hydra.sophos.com and share the results.
happened again between 2:08 and 2:12 PM CEST.
Runing tcpdump only makes sense when the issue is present. That cannot be automated.
nohup tcpdump -C 50 -W 20 -w filename.pcap -i Port2 port 443 -s0 &writes 20 single 50MB big dumpfiles with specified filename / nohup starts the dump in background.killall tcpdump to stop the packet capture.You can tweak according to your requirement !
Vivek Jagad - do you want dump and logs?