This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED 60 traffic not passing

I have a customer who has deployed RED60 in their branches. Though all RED60 worked fine, 2 units showcased a strange behavior. When connected, the LED status shows that the RED is online and connected to the Firewall. The RED is active on the Firewall too. If we do a packet capture we can see the ARP packets from the RED device. However, the branch traffic doesn't pass through.

All RED have identical rules and policies and configuration, so any configuration related issue can be ruled out on the Sophos deployment part.

Any ideas as to what could have gone wrong with these 2 units?

Here I have started a ping -t for the RED units IP Address and the pcap in that case: (IP 192.168.2.200 is my laptops IP address)

RED configuration:

This thread was automatically locked due to age.

Top Replies

Mayuresh Bhagwat over 1 year ago in reply to Mayuresh Bhagwat +1 verified

Just now figured out the issue. There are 2 RED devices configured with the same IP Subnet (192.168.2.0/24) and that doesn't seem to be supported with RED. As soon as I changed the IP to 10.10.10.10/24…

Parents

0 Mayuresh Bhagwat over 1 year ago

For additional information, here are the logs from red.log:

Sat Mar 4 12:39:15 2023Z REDD INFO server: New connection from xxx.xxx.xxx.xxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1
Sat Mar 4 12:39:16 2023Z REDD INFO Disabling debug
Sat Mar 4 12:39:16 2023Z REDD INFO connected OK, pushing config
Sat Mar 4 12:39:16 2023Z REDD INFO command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
Sat Mar 4 12:39:16 2023Z REDD INFO Initializing connection running protocol version 0
Sat Mar 4 12:39:16 2023Z REDD INFO Sending json message {"data":{},"type":"WELCOME"}
Sat Mar 4 12:39:17 2023Z REDD INFO command '{"data":{"poe_port1_status":{"current":0,"FETok":true,"detectionOn":false,"pdstate":0,"port":1,"pdclass":-3,"classificationOn":false,"classFail":false,"TPPL":0,"good":false,"type":"port","priority_str":"high","PMoff":false,"MSCCcap":false,"priority":0,"mode":0,"pdstate_str":"unknown","volt":0,"PPL":0,"pdclass_power_limit":0,"FEToverTemp":false,"isAT":false,"power":false,"watt":0,"mode_str":"shutdown"},"poe_port2_status":{"current":0,"FETok":true,"detectionOn":false,"pdstate":0,"priority_str":"low","pdclass":-3,"classificationOn":false,"classFail":false,"TPPL":0,"good":false,"type":"port","port":2,"PMoff":false,"MSCCcap":false,"watt":0,"power":false,"PPL":0,"FEToverTemp":false,"isAT":false,"pdclass_power_limit":0,"volt":0,"pdstate_str":"unknown","mode":0,"priority":2,"mode_str":"shutdown"},"poe_chip_status":{"type":"chip","id":46,"totalPower":0,"totalPowerReg":0,"temperature":57.48,"volt":53.22687,"totalPowerCalc":0,"maxTotalPower":34,"firmware":12}},"type":"STATUS"}'
Sat Mar 4 12:39:18 2023Z REDD INFO command '{"data":{},"type":"CONFIG_REQ"}'
Sat Mar 4 12:39:18 2023Z REDD INFO Sending json message {"data":{"bridge_proto":"none","prev_unlock_code":"[removed]","manual_address":"","lanport_mode":"switch","route_mode":"default","fullbr_domains":"","hostname_balancing":"failover","lan2_mode":"unused","mac":"00:1f:f9:00:98:a2","username":"","fullbr_dns":"","bridge_address":"0.0.0.0","mobile_network":"gsm","lan3_vids":"","asg_cert":"[removed]","htp_server":"xxx.xxx.xxx.xxx","tunnel_compression_algorithm":"lzo","activate_modem":0,"unlock_code":"[removed]","mac_filter_list":"","uplink2_mode":"dhcp","split_networks":"1.2.3.4","debug_level":0,"lan3_mode":"unused","lan1_mode":"unused","deployment_mode":"online","responsivity":"low","lan2_vids":"","apn":"","asg_ca":"[removed]","uplink_balancing":"failover","version_ng_red60":"1-1225-48bdbfdac-b1551d2","lan4_vids":"","password":"","uplink_mode":"dhcp","manual_defgw":"","branchname":"Chinchwad","bridge_netmask":24,"type":"red60","red_id":"R600027R674HBFB","lan4_mode":"unused","manual_netmask":"","hub2_hostname":"xxx.xxx.xxx.xxx","manual_dns":"","tunnel_id":8,"hub_hostname":"xxx.xxx.xxx.xxx","asg_key":"[removed]","mac_filter_type":"none","tunnel_compression":0,"manual2_netmask":"","manual2_defgw":"","poe_port1":0,"pin":"","manual2_address":"","dial_string":"*99#","poe_port2":0,"manual2_dns":"","version_red60":"1-1225-48bdbfdac-b1551d2","htp_port":"4444","lan1_vids":"","redinterface":"reds8"},"type":"CONFIG_REP"}
Sat Mar 4 12:39:21 2023Z REDD INFO command '{"data":{"key1":"dJDVNIrwbeauDoqmCjawwKLn+DA+blpe0YuOb\/gcw0w=","key0":"XyMZc8v8IyTkmrasWGcYiMFYfd0F6psMN3gMFlbZPmY=","key_active":0},"type":"SET_KEY_REQ"}'
Sat Mar 4 12:39:21 2023Z REDD INFO Sending json message {"type":"SET_KEY_REP","data":{}}
Sat Mar 4 12:39:22 2023Z REDD INFO R600027R674HBFB/Chinchwad is now re-connected after 75000 ms
Sat Mar 4 12:39:23 2023Z REDD INFO command '{"data":{"switch_port_status_v2":{"lan3":"Down","lan1":"Down","lan4":"Down","lan2":"10Mb\/s"},"wan1_ip":"192.168.0.2","uplink":"WAN1","uplink_state":"0"},"type":"STATUS"}'
Sat Mar 4 12:39:23 2023Z REDD INFO PORTSTATE LAN1: Down, LAN2: 10Mb/s, LAN3: Down, LAN4: Down

I couldn't find anything special in these logs, but just in case I am missing anything.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Mayuresh Bhagwat over 1 year ago

For additional information, here are the logs from red.log:

Sat Mar 4 12:39:15 2023Z REDD INFO server: New connection from xxx.xxx.xxx.xxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1
Sat Mar 4 12:39:16 2023Z REDD INFO Disabling debug
Sat Mar 4 12:39:16 2023Z REDD INFO connected OK, pushing config
Sat Mar 4 12:39:16 2023Z REDD INFO command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
Sat Mar 4 12:39:16 2023Z REDD INFO Initializing connection running protocol version 0
Sat Mar 4 12:39:16 2023Z REDD INFO Sending json message {"data":{},"type":"WELCOME"}
Sat Mar 4 12:39:17 2023Z REDD INFO command '{"data":{"poe_port1_status":{"current":0,"FETok":true,"detectionOn":false,"pdstate":0,"port":1,"pdclass":-3,"classificationOn":false,"classFail":false,"TPPL":0,"good":false,"type":"port","priority_str":"high","PMoff":false,"MSCCcap":false,"priority":0,"mode":0,"pdstate_str":"unknown","volt":0,"PPL":0,"pdclass_power_limit":0,"FEToverTemp":false,"isAT":false,"power":false,"watt":0,"mode_str":"shutdown"},"poe_port2_status":{"current":0,"FETok":true,"detectionOn":false,"pdstate":0,"priority_str":"low","pdclass":-3,"classificationOn":false,"classFail":false,"TPPL":0,"good":false,"type":"port","port":2,"PMoff":false,"MSCCcap":false,"watt":0,"power":false,"PPL":0,"FEToverTemp":false,"isAT":false,"pdclass_power_limit":0,"volt":0,"pdstate_str":"unknown","mode":0,"priority":2,"mode_str":"shutdown"},"poe_chip_status":{"type":"chip","id":46,"totalPower":0,"totalPowerReg":0,"temperature":57.48,"volt":53.22687,"totalPowerCalc":0,"maxTotalPower":34,"firmware":12}},"type":"STATUS"}'
Sat Mar 4 12:39:18 2023Z REDD INFO command '{"data":{},"type":"CONFIG_REQ"}'
Sat Mar 4 12:39:18 2023Z REDD INFO Sending json message {"data":{"bridge_proto":"none","prev_unlock_code":"[removed]","manual_address":"","lanport_mode":"switch","route_mode":"default","fullbr_domains":"","hostname_balancing":"failover","lan2_mode":"unused","mac":"00:1f:f9:00:98:a2","username":"","fullbr_dns":"","bridge_address":"0.0.0.0","mobile_network":"gsm","lan3_vids":"","asg_cert":"[removed]","htp_server":"xxx.xxx.xxx.xxx","tunnel_compression_algorithm":"lzo","activate_modem":0,"unlock_code":"[removed]","mac_filter_list":"","uplink2_mode":"dhcp","split_networks":"1.2.3.4","debug_level":0,"lan3_mode":"unused","lan1_mode":"unused","deployment_mode":"online","responsivity":"low","lan2_vids":"","apn":"","asg_ca":"[removed]","uplink_balancing":"failover","version_ng_red60":"1-1225-48bdbfdac-b1551d2","lan4_vids":"","password":"","uplink_mode":"dhcp","manual_defgw":"","branchname":"Chinchwad","bridge_netmask":24,"type":"red60","red_id":"R600027R674HBFB","lan4_mode":"unused","manual_netmask":"","hub2_hostname":"xxx.xxx.xxx.xxx","manual_dns":"","tunnel_id":8,"hub_hostname":"xxx.xxx.xxx.xxx","asg_key":"[removed]","mac_filter_type":"none","tunnel_compression":0,"manual2_netmask":"","manual2_defgw":"","poe_port1":0,"pin":"","manual2_address":"","dial_string":"*99#","poe_port2":0,"manual2_dns":"","version_red60":"1-1225-48bdbfdac-b1551d2","htp_port":"4444","lan1_vids":"","redinterface":"reds8"},"type":"CONFIG_REP"}
Sat Mar 4 12:39:21 2023Z REDD INFO command '{"data":{"key1":"dJDVNIrwbeauDoqmCjawwKLn+DA+blpe0YuOb\/gcw0w=","key0":"XyMZc8v8IyTkmrasWGcYiMFYfd0F6psMN3gMFlbZPmY=","key_active":0},"type":"SET_KEY_REQ"}'
Sat Mar 4 12:39:21 2023Z REDD INFO Sending json message {"type":"SET_KEY_REP","data":{}}
Sat Mar 4 12:39:22 2023Z REDD INFO R600027R674HBFB/Chinchwad is now re-connected after 75000 ms
Sat Mar 4 12:39:23 2023Z REDD INFO command '{"data":{"switch_port_status_v2":{"lan3":"Down","lan1":"Down","lan4":"Down","lan2":"10Mb\/s"},"wan1_ip":"192.168.0.2","uplink":"WAN1","uplink_state":"0"},"type":"STATUS"}'
Sat Mar 4 12:39:23 2023Z REDD INFO PORTSTATE LAN1: Down, LAN2: 10Mb/s, LAN3: Down, LAN4: Down

I couldn't find anything special in these logs, but just in case I am missing anything.
Cancel
Vote Up 0 Vote Down

Cancel

Children

+1 Mayuresh Bhagwat over 1 year ago in reply to Mayuresh Bhagwat

Just now figured out the issue. There are 2 RED devices configured with the same IP Subnet (192.168.2.0/24) and that doesn't seem to be supported with RED. As soon as I changed the IP to 10.10.10.10/24 everything seemed to work fine. So a big lesson learnt.
Cancel
Vote Up +1 Vote Down

Cancel