Firewall Connection Lost in Sophos Central

Hello Community,

The issue is marked as Fix as of 8:00am PT, 5:00pm CEST.

Regards,

Currently - All systems normal - Advisory KBA

Engineering team is actively investigating. If anyone has experienced the issue from 10:45-12:00 UTC today related to the  Firewall not communicating to Central please post a reply to this thread or send me a DM. 

Thank you kindly.

Hi Karlos, our customers did today:

Let me know if you need support access ids - I'll update our case as well.

Ale1007 if you're in CEST, it does not apply to 10:45-12:00 UTC

whops, my bad

Karlos This should be in specific time-range (Log in CEST):

Multiple 502 Bad Gateway and 504 Gateway TIme-Out Messages in /log/centralmanagement.log around this time.
Does this help?

2022-10-24 09:24:48Z INFO central-connect[9413]:232 main:: -  Poll for SSO Sessions failed.
2022-10-24 09:24:48Z ERROR Tools.pm[9413]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied
2022-10-24 09:25:22Z INFO central-connect[9644]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C01001XXXXXXX/sshTunnel  Timezone: Europe/Berlin
2022-10-24 09:26:26Z WARN API.pm[9644]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 504 Gateway Time-out
Connection: close
Date: Mon, 24 Oct 2022 09:26:26 GMT
Server: awselb/2.0
Content-Length: 132
Content-Type: text/html
Client-Date: Mon, 24 Oct 2022 09:26:26 GMT
Client-Peer: 3.124.132.150:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
Client-SSL-Cert-Subject: /CN=utm-cloudstation-eu-central-1.prod.hydra.sophos.com
Client-SSL-Cipher: ECDHE-RSA-AES128-SHA256
Client-SSL-Socket-Class: IO::Socket::SSL
Title: 504 Gateway Time-out

<html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
</body>
</html>

2022-10-24 09:26:26Z INFO central-connect[9644]:232 main:: -  Poll for SSO Sessions failed.
2022-10-24 09:26:26Z ERROR Tools.pm[9644]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied
2022-10-24 09:27:00Z INFO central-connect[10188]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C01001XXXXXXX/sshTunnel  Timezone: Europe/Berlin
2022-10-24 09:27:01Z WARN API.pm[10188]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 502 Bad Gateway
Connection: close
Date: Mon, 24 Oct 2022 09:27:01 GMT
Server: awselb/2.0
Content-Length: 122
Content-Type: text/html
Client-Date: Mon, 24 Oct 2022 09:27:01 GMT
Client-Peer: 3.124.132.150:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
Client-SSL-Cert-Subject: /CN=utm-cloudstation-eu-central-1.prod.hydra.sophos.com
Client-SSL-Cipher: ECDHE-RSA-AES128-SHA256
Client-SSL-Socket-Class: IO::Socket::SSL
Title: 502 Bad Gateway

<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
</body>
</html>

2022-10-24 09:27:01Z INFO central-connect[10188]:232 main:: -  Poll for SSO Sessions failed.
2022-10-24 09:27:01Z ERROR Tools.pm[10188]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied
2022-10-24 09:27:36Z INFO central-connect[10422]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C01001XXXXXXX/sshTunnel  Timezone: Europe/Berlin

It's only test-lab, but if it helps getting this fixed, Access ID: c5d276b0-16f0-3120-9be8-b18e5708b7c8@eu2.apu.sophos.com

Thank you soph-f, much appreciated! Will forward this to Engineering.

Hi,
same issue again for about 30 minutes!

BR Gerd

Hi,

same here!

The issue is currently ongoing. We appreciate your patience as our team actively works to get this resolved. 

KBA for more details: https://support.sophos.com/support/s/article/KB-000044605?language=en_US

Best,

still ongoing. anyway all is nice and green here.

normal operation.

CEST

still ongoing. anyway all is nice and green here.

normal operation.

CEST

Yes, the same here!
Again a large amount of error messages..........................

This is starting to get annoying....
The problem exists now for more than 14 days.....

Thank you for bringing this up. We are working to get this updated.

Hi Gerd Rehders1,  LHerzog, malo, Ale1007 & anyone else still experiencing the issue. Could you confirm if you are in the EU-Central-1 region? Thanks.

yes, we're in EU Central 1

yes

Yes !

Frankfurt

Hi LHerzog,

Speaking with our team, as these are false alerts it would not be included in the Central Status page.

Instead, please follow the advisory KBA for status updates or our @SophosSupport Twitter page. I will also keep this thread updated as we progress this issue. Apologies again for the inconvenience.

Hi Gerd Rehders1, Ale1007, LHerzog, malo

I just wanted to get an update for Engineering to see if anyone is still seeing the issue or if it has resolved?

Thanks for your help.

Hi Karlos,

Sorry for the late reply.
It seems to work, currently no false messages.

Let's knock on wood... ;-)

BR Gerd

Hi Karlos, it looks like that the issue has been fixed. No one of our customers are having an alarm related to this.