Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Connection Lost in Sophos Central

Dears

I facing problem to manage my firewall from Sophos central as error below

The firewall is not responding to the login request as fast as expected. Please wait a while and try again, or check that the firewall is not experiencing any internet connectivity issues.

Note : Wan Link is up & internet is good 



This thread was automatically locked due to age.
  • Hmm, then request you to perform this again along with the the tcpdump on the host utm-cloudstation-eu-central-1.prod.hydra.sophos.com and share the results. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • happened again between 2:08 and 2:12 PM CEST.

    Runing tcpdump only makes sense when the issue is present. That cannot be automated.

  • Hey 
    tcpdump with ring buffer

    nohup tcpdump -C 50 -W 20 -w filename.pcap -i Port2 port 443 -s0 &

    writes 20 single 50MB big dumpfiles with specified filename / nohup starts the dump in background.
    killall tcpdump to stop the packet capture.

    You can tweak according to your requirement !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • In general, i can confirm a interrupt in the systems today and yesterday within the Frankfurt datacenter. 

    There are teams right now, looking into this. The systems should be able to recover by themself after a short time, but the alerts remains. 

    __________________________________________________________________________________________________________________

  • Thank you for confirming some issues at Datacenter site. This situation is not a big deal but those mails always cause some unease and questions.

  • Hi guys, this issue is still happening. Is there any update?

  • same here, same time. utm-cloudstation-eu-central-1.prod.hydra.sophos.com

    Sophos Central at normal operation? Scheduled maintenance on 15th but nothing else?

  • Getting a bunch of disconnect mail again.

    So I have a tcp dump of that "normal" operation. Who want's to check it?

    XG430_WP02_SFOS 18.5.4 MR-4-Build418# tail -f /log/centralmanagement.log
    <html>
    <head><title>504 Gateway Time-out</title></head>
    <body>
    <center><h1>504 Gateway Time-out</h1></center>
    </body>
    </html>
    
    2022-10-17 09:12:36Z INFO central-connect[24614]:232 main:: -  Poll for SSO Sess                                                                                                                                                             ions failed.
    2022-10-17 09:12:36Z ERROR Tools.pm[24614]:97 SFOS::Common::Central::Tools::repo                                                                                                                                                             rt_status - EPOLLSSOFAIL: no sophisticated error message supplied
    2022-10-17 09:13:07Z INFO central-connect[26731]:221 main:: - Polling for SSO to                                                                                                                                                              PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/ap                                                                                                                                                             i/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
    2022-10-17 09:13:58Z INFO central-connect[26731]:271 main:: -  got response of poll for SSO. Status: disconnected backupExpected:
    2022-10-17 09:14:29Z INFO central-connect[31807]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
    2022-10-17 09:14:29Z WARN API.pm[31807]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 502 Bad Gateway
    Connection: close
    Date: Mon, 17 Oct 2022 09:14:29 GMT
    Server: awselb/2.0
    Content-Length: 122
    Content-Type: text/html
    Client-Date: Mon, 17 Oct 2022 09:14:29 GMT
    Client-Peer: 18.193.156.207:443
    Client-Response-Num: 1
    Client-SSL-Cert-Issuer: /C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
    Client-SSL-Cert-Subject: /CN=utm-cloudstation-eu-central-1.prod.hydra.sophos.com
    Client-SSL-Cipher: ECDHE-RSA-AES128-SHA256
    Client-SSL-Socket-Class: IO::Socket::SSL
    Title: 502 Bad Gateway
    
    <html>
    <head><title>502 Bad Gateway</title></head>
    <body>
    <center><h1>502 Bad Gateway</h1></center>
    </body>
    </html>
    
    2022-10-17 09:14:29Z INFO central-connect[31807]:232 main:: -  Poll for SSO Sessions failed.
    2022-10-17 09:14:29Z ERROR Tools.pm[31807]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied
    2022-10-17 09:15:00Z INFO central-connect[875]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
    2022-10-17 09:15:10Z WARN API.pm[875]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 504 Gateway Time-out
    Connection: close
    Date: Mon, 17 Oct 2022 09:15:10 GMT
    Server: awselb/2.0
    Content-Length: 132
    Content-Type: text/html
    Client-Date: Mon, 17 Oct 2022 09:15:10 GMT
    Client-Peer: 18.197.79.233:443
    Client-Response-Num: 1
    Client-SSL-Cert-Issuer: /C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
    Client-SSL-Cert-Subject: /CN=utm-cloudstation-eu-central-1.prod.hydra.sophos.com
    Client-SSL-Cipher: ECDHE-RSA-AES128-SHA256
    Client-SSL-Socket-Class: IO::Socket::SSL
    Title: 504 Gateway Time-out
    
    <html>
    <head><title>504 Gateway Time-out</title></head>
    <body>
    <center><h1>504 Gateway Time-out</h1></center>
    </body>
    </html>
    
    2022-10-17 09:15:10Z INFO central-connect[875]:232 main:: -  Poll for SSO Sessions failed.
    2022-10-17 09:15:10Z ERROR Tools.pm[875]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied
    2022-10-17 09:15:41Z INFO central-connect[3006]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
    2022-10-17 09:15:48Z INFO central-connect[3006]:271 main:: -  got response of poll for SSO. Status: disconnected backupExpected:
    2022-10-17 09:16:19Z INFO central-connect[5109]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
    2022-10-17 09:16:22Z INFO central-connect[5109]:271 main:: -  got response of poll for SSO. Status: disconnected backupExpected:
    2022-10-17 09:16:53Z INFO central-connect[6876]:221 main:: - Polling for SSO to PIC-URI [https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com]/sophos/api/v1/firewalls/C420xxxxx0F/sshTunnel  Timezone: Europe/Berlin
    2022-10-17 09:16:53Z INFO central-connect[6876]:271 main:: -  got response of poll for SSO. Status: disconnected backupExpected:
    

  • I have raised a ticket with support, since the issues are persistent and Status Page is not reporting any down services.

  • are you in central europe region or other? can you share your case#?