This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Connection Lost in Sophos Central

Dears

I facing problem to manage my firewall from Sophos central as error below

The firewall is not responding to the login request as fast as expected. Please wait a while and try again, or check that the firewall is not experiencing any internet connectivity issues.

Note : Wan Link is up & internet is good 



This thread was automatically locked due to age.
Parents
  • service -S | grep ssod  is Running 

    centralmanagement.log                       
    /bin/sh: centralmanagement.log: not found 
  • did you type the complete command I shared or just "centralmanagement.log ?"

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 2022-08-10 13:32:08Z INFO central-connect[1914]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:32:09Z INFO central-connect[1914]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
    2022-08-10 13:32:40Z INFO central-connect[2202]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:32:41Z INFO central-connect[2202]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
    2022-08-10 13:33:12Z INFO central-connect[2396]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:33:13Z INFO central-connect[2396]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
    2022-08-10 13:33:44Z INFO central-connect[3009]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:33:44Z INFO central-connect[3009]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
    2022-08-10 13:34:15Z INFO central-connect[3337]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:34:16Z INFO central-connect[3337]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
    2022-08-10 13:34:46Z INFO central-connect[3660]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:34:47Z INFO central-connect[3660]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
                                                                
Reply
  • 2022-08-10 13:32:08Z INFO central-connect[1914]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:32:09Z INFO central-connect[1914]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
    2022-08-10 13:32:40Z INFO central-connect[2202]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:32:41Z INFO central-connect[2202]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
    2022-08-10 13:33:12Z INFO central-connect[2396]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:33:13Z INFO central-connect[2396]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
    2022-08-10 13:33:44Z INFO central-connect[3009]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:33:44Z INFO central-connect[3009]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
    2022-08-10 13:34:15Z INFO central-connect[3337]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:34:16Z INFO central-connect[3337]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
    2022-08-10 13:34:46Z INFO central-connect[3660]:221 main:: - Polling for SSO to 
    PIC-URI [https://utm-cloudstation-us-east-2.prod.hydra.sophos.com]/sophos/api/v1
    /firewalls/Firewallserial/sshTunnel  Timezone: Africa/Cairo                    
    2022-08-10 13:34:47Z INFO central-connect[3660]:271 main:: -  got response of po
    ll for SSO. Status: requested backupExpected:                                   
                                                                
Children
  • Hey ,

    You can check the status of the central here: https://centralstatus.sophos.com/

    Plus, you can also perform a nslookup & telnet on the XG 

    #nsloookup utm-cloudstation-us-east-2.prod.hydra.sophos.com
    #telnet utm-cloudstation-us-east-2.prod.hydra.sophos.com

    And are you seeing any errors popping up from the central while accessing ? 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • all our Firewall on different locations are reporting this issue today but it happened over the last days also.

    What's going on at Sophos Central Central Europe Region?

    I'm sure these are false positives in term of Internet connectivity of the firewall. There must be something in Central.

    We've also had this issue with only the Aux nodes, now Aux and Pri nodes reported the issue

    Thu 13.10.2022 08:09 CEST

    Thu 13.10.2022 09:13-09:36 CEST multiple times

  • 502 and 504 Response Codes from Central...

    2022-10-13 07:16:58Z INFO central-connect[30861]:232 main:: -  Poll for SSO Sessions failed.
    2022-10-13 07:16:58Z ERROR Tools.pm[30861]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied
    2022-10-13 07:17:30Z INFO central-connect[374]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/xxxxx/sshTunnel  Timezone: Europe/Berlin
    2022-10-13 07:17:30Z WARN API.pm[374]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 502 Bad Gateway
    Connection: close
    Date: Thu, 13 Oct 2022 07:17:30 GMT
    Server: awselb/2.0
    Content-Length: 122
    Content-Type: text/html
    Client-Date: Thu, 13 Oct 2022 07:17:30 GMT
    Client-Peer: 18.156.141.44:443
    Client-Response-Num: 1
    --
    Title: 502 Bad Gateway
    
    <html>
    <head><title>502 Bad Gateway</title></head>
    <body>
    <center><h1>502 Bad Gateway</h1></center>
    </body>
    </html>
    2022-10-13 07:15:27Z INFO central-connect[30220]:232 main:: -  Poll for SSO Sessions failed.
    2022-10-13 07:15:27Z ERROR Tools.pm[30220]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied
    2022-10-13 07:15:57Z INFO central-connect[30861]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/xxxxx/sshTunnel  Timezone: Europe/Berlin
    2022-10-13 07:16:58Z WARN API.pm[30861]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 504 Gateway Time-out
    Connection: close
    Date: Thu, 13 Oct 2022 07:16:58 GMT
    Server: awselb/2.0
    Content-Length: 132
    Content-Type: text/html
    Client-Date: Thu, 13 Oct 2022 07:16:58 GMT
    Client-Peer: 3.64.249.208:443
    Client-Response-Num: 1
    --
    Title: 504 Gateway Time-out
    
    <html>
    <head><title>504 Gateway Time-out</title></head>
    <body>
    <center><h1>504 Gateway Time-out</h1></center>
    </body>
    </html>
    

  • Hey ,

    Can you check the following from the Sophos appliance shell access ?
    nslookup utm-cloudstation-eu-central-1.prod.hydra.sophos.com
    Domain Name Server# 127.0.0.1
    Domain Name # utm-cloudstation-eu-central-1.prod.hydra.sophos.com
    Resolved Address 1# utm-spinnaker-1431807683.eu-central-1.elb.amazonaws.com.
    Resolved Address 1# 18.156.141.44
    Resolved Address 2# 3.121.70.112
    Resolved Address 3# 3.64.249.208
    Total query time # 34.29 msec

    telnet utm-cloudstation-eu-central-1.prod.hydra.sophos.com 443
    Trying 18.156.141.44...
    Connected to utm-cloudstation-eu-central-1.prod.hydra.sophos.com.
    Escape character is '^]'.
    ^]quit

    telnet> Connection closed.

    See if you are getting this results, or not ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • as the issue is not present currently, these commands are successful


    XGS136_XN01_SFOS 19.0.1 MR-1-Build365#  nslookup utm-cloudstation-eu-central-1.prod.hydra.sophos.com
    Domain Name Server#  127.0.0.1
    Domain Name       #  utm-cloudstation-eu-central-1.prod.hydra.sophos.com
    Resolved Address 1#  utm-spinnaker-1431807683.eu-central-1.elb.amazonaws.com.
    Resolved Address 1#  3.64.249.208
    Resolved Address 2#  18.156.141.44
    Resolved Address 3#  3.121.70.112
    Total query time  #  0.12 msec

    XGS136_XN01_SFOS 19.0.1 MR-1-Build365# telnet utm-cloudstation-eu-central-1.prod.hydra.sophos.com 443
    Trying 3.64.249.208...
    Connected to utm-cloudstation-eu-central-1.prod.hydra.sophos.com.
    Escape character is '^]'.
    ^]
    HTTP/1.1 400 Bad Request
    Server: awselb/2.0
    Date: Thu, 13 Oct 2022 09:20:41 GMT
    Content-Type: text/html
    Content-Length: 122
    Connection: close

    <html>
    <head><title>400 Bad Request</title></head>
    <body>
    <center><h1>400 Bad Request</h1></center>
    </body>
    </html>
    Connection closed by foreign host.
    XGS136_XN01_SFOS 19.0.1 MR-1-Build365#

  • Hmm, then request you to perform this again along with the the tcpdump on the host utm-cloudstation-eu-central-1.prod.hydra.sophos.com and share the results. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • happened again between 2:08 and 2:12 PM CEST.

    Runing tcpdump only makes sense when the issue is present. That cannot be automated.

  • Hey 
    tcpdump with ring buffer

    nohup tcpdump -C 50 -W 20 -w filename.pcap -i Port2 port 443 -s0 &

    writes 20 single 50MB big dumpfiles with specified filename / nohup starts the dump in background.
    killall tcpdump to stop the packet capture.

    You can tweak according to your requirement !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.