Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 41 subscribers
  • Views 1524 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default SSL/TLS inspection rule missing

kerobra

Hi there,

I recently configured a new XGS3100 active/passive cluster with SFOS 19.5. Everything seemed to be fine, but as I wanted to configure the SSL/TLS inspection (I normally do this as one of the final steps) I realized, that there is missing something.

Here is how it looks:

and here how it SHOULD look:

Both firewalls are on 19.5 and I did not see this on any other 19.5 firewall before.
Any ideas what could be the issue here?

Regards,

Kevin



This thread was automatically locked due to age.
  • 0

    Hi Kevin,

    Thank you for reaching out to Sophos Community.

    Kindly share the Case ID.

    If there’s no case ID,  we strongly advise you to kindly create one.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • +1

    To add an answer to this one.

    Support checked the firewall and couldn't find an entry for the rule in the database. Reimage and backup-restore was suggested.

    Since I was working from home I decided to go factory-defaults first. The rule was present after finishing the first-time setup.
    I then imported the previously taken backup which ended in the same result as before the factory-reset, the default ssl/tls rule was missing again.

    I then did the factory-reset one more time and imported a full configuration export file I took before the whole troubleshooting.
    This way the default rule was present at the end and this is completely fine for me.

    I could repeat the process with the same results on the second appliance (same results after backup-restore as after config-import).

    So I cannot say why or how it happened, but it seems to be fixed now.

    Regards,

    Kevin

    Regards,

    Kevin

    Sophos CE/CA (XG, UTM, Central Endpoint)
    Gold Partner

Unfiltered HTML