Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 83 replies
  • Answers 8 answers
  • Subscribers 52 subscribers
  • Views 17655 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Connection Lost in Sophos Central

Ahmed Fahmy1

Dears

I facing problem to manage my firewall from Sophos central as error below

The firewall is not responding to the login request as fast as expected. Please wait a while and try again, or check that the firewall is not experiencing any internet connectivity issues.

Note : Wan Link is up & internet is good 



This thread was automatically locked due to age.
  • 0 in reply to LHerzog

    Hmm, then request you to perform this again along with the the tcpdump on the host utm-cloudstation-eu-central-1.prod.hydra.sophos.com and share the results. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    happened again between 2:08 and 2:12 PM CEST.

    Runing tcpdump only makes sense when the issue is present. That cannot be automated.

  • 0 in reply to LHerzog

    Hey 
    tcpdump with ring buffer

    nohup tcpdump -C 50 -W 20 -w filename.pcap -i Port2 port 443 -s0 &

    writes 20 single 50MB big dumpfiles with specified filename / nohup starts the dump in background.
    killall tcpdump to stop the packet capture.

    You can tweak according to your requirement !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0

    In general, i can confirm a interrupt in the systems today and yesterday within the Frankfurt datacenter. 

    There are teams right now, looking into this. The systems should be able to recover by themself after a short time, but the alerts remains. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thank you for confirming some issues at Datacenter site. This situation is not a big deal but those mails always cause some unease and questions.

  • 0

    Hi guys, this issue is still happening. Is there any update?

  • 0 in reply to Ale1007

    same here, same time. utm-cloudstation-eu-central-1.prod.hydra.sophos.com

    Sophos Central at normal operation? Scheduled maintenance on 15th but nothing else?

  • 0 in reply to LHerzog

    Getting a bunch of disconnect mail again.

    So I have a tcp dump of that "normal" operation. Who want's to check it?

    XG430_WP02_SFOS 18.5.4 MR-4-Build418# tail -f /log/centralmanagement.log
<html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
</body>
</html>

2022-10-17 09:12:36Z INFO central-connect[24614]:232 main:: -  Poll for SSO Sess                                                                                                                                                             ions failed.
2022-10-17 09:12:36Z ERROR Tools.pm[24614]:97 SFOS::Common::Central::Tools::repo                                                                                                                                                             rt_status - EPOLLSSOFAIL: no sophisticated error message supplied
2022-10-17 09:13:07Z INFO central-connect[26731]:221 main:: - Polling for SSO to                                                                                                                                                              PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/ap                                                                                                                                                             i/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
2022-10-17 09:13:58Z INFO central-connect[26731]:271 main:: -  got response of poll for SSO. Status: disconnected backupExpected:
2022-10-17 09:14:29Z INFO central-connect[31807]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
2022-10-17 09:14:29Z WARN API.pm[31807]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 502 Bad Gateway
Connection: close
Date: Mon, 17 Oct 2022 09:14:29 GMT
Server: awselb/2.0
Content-Length: 122
Content-Type: text/html
Client-Date: Mon, 17 Oct 2022 09:14:29 GMT
Client-Peer: 18.193.156.207:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
Client-SSL-Cert-Subject: /CN=utm-cloudstation-eu-central-1.prod.hydra.sophos.com
Client-SSL-Cipher: ECDHE-RSA-AES128-SHA256
Client-SSL-Socket-Class: IO::Socket::SSL
Title: 502 Bad Gateway

<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
</body>
</html>

2022-10-17 09:14:29Z INFO central-connect[31807]:232 main:: -  Poll for SSO Sessions failed.
2022-10-17 09:14:29Z ERROR Tools.pm[31807]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied
2022-10-17 09:15:00Z INFO central-connect[875]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
2022-10-17 09:15:10Z WARN API.pm[875]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 504 Gateway Time-out
Connection: close
Date: Mon, 17 Oct 2022 09:15:10 GMT
Server: awselb/2.0
Content-Length: 132
Content-Type: text/html
Client-Date: Mon, 17 Oct 2022 09:15:10 GMT
Client-Peer: 18.197.79.233:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
Client-SSL-Cert-Subject: /CN=utm-cloudstation-eu-central-1.prod.hydra.sophos.com
Client-SSL-Cipher: ECDHE-RSA-AES128-SHA256
Client-SSL-Socket-Class: IO::Socket::SSL
Title: 504 Gateway Time-out

<html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
</body>
</html>

2022-10-17 09:15:10Z INFO central-connect[875]:232 main:: -  Poll for SSO Sessions failed.
2022-10-17 09:15:10Z ERROR Tools.pm[875]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied
2022-10-17 09:15:41Z INFO central-connect[3006]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
2022-10-17 09:15:48Z INFO central-connect[3006]:271 main:: -  got response of poll for SSO. Status: disconnected backupExpected:
2022-10-17 09:16:19Z INFO central-connect[5109]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
2022-10-17 09:16:22Z INFO central-connect[5109]:271 main:: -  got response of poll for SSO. Status: disconnected backupExpected:
2022-10-17 09:16:53Z INFO central-connect[6876]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
2022-10-17 09:16:53Z INFO central-connect[6876]:271 main:: -  got response of poll for SSO. Status: disconnected backupExpected:

  • 0 in reply to LHerzog

    I have raised a ticket with support, since the issues are persistent and Status Page is not reporting any down services.

  • 0 in reply to Ale1007

    are you in central europe region or other? can you share your case#?

Unfiltered HTML