This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Facing issue while configuring LACP in Sophos firewall. & how to export firewall full configuration using cli.

HI team,

while we configuring Port 8 and port 1 as aggergated interface for Lan zone in sophos firewall, the traffic dosent flow through it to the Core switch, how to check weather the LACP properly configured on firewall end and how to check the logs in cli..

How can we export the sophos firewall configuration through cli.

This thread was automatically locked due to age.

Parents

0 Vivek Jagad over 1 year ago

Hello Harith K ,

Thank you for reaching out to the community, On the CLI, select option 5. Device Management, then option 3. Advanced Shell.

you can execute the following command:

# show network lag-interface <lag interface name> runconfig

To take a Sophos firewall configuration through cli, use the following command:

# /bin/opcode system_backup -s nosync

And the back up can be found under the following directory:

# var/conf/backupdata/

You can use either FTP CLI Command or vis WINSCP Software
FTP CLI COMMAND:
curl --insecure --ftp-ssl ftp://ftp.sophos.com:990 -u <username>:<password> -T '<directory>'
curl --insecure --ftp-ssl ftp://ftp-insecure.sophos.com -u <username>:<password> -T '<directory>'
WINSCP:
https://support.sophos.com/support/s/article/KB-000042152?language=en_US
FTP client:
https://support.sophos.com/support/s/article/KB-000034094?language=en_US

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Harith K over 1 year ago in reply to Vivek Jagad

Hi Vivek,

Thanks for writing the comments,

The given command is useful, but it shows only the current configuration right, we need to check the aggregated interface status after the configuration

Kindly share the commands for those.
Cancel
Vote Up 0 Vote Down

Cancel
0 TiagoMarques over 1 year ago in reply to Harith K

Change LAG0 with your LAG name:

cat /proc/net/bonding/LAG0

Search for things like:
- "Partner Mac Address" = 00:00:00:00:00:00 (no LACPDU communication)
- "Number of ports" < "Total Ports" (some port down, wrong port connected, etc)

Example output with MAC addresses redacted:

Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

LAG Mode: lacp(dynamic)
Total Ports: 2
Link Status: up
Monitoring Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
MAC Address: 00:e0:20:15:0e:3e
Load Balance Policy: layer2
LACP rate: slow
Min links: 0
Active Aggregator Info:
System priority: 65535
System MAC address: XX:XX:XX:XX:XX:XX
Aggregator ID: 2
Number of ports: 1
Actor Key: 15
Partner Key: 10
Partner Mac Address: XX:XX:XX:XX:XX:XX

Member Interface: Port9
Link Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: XX:XX:XX:XX:XX:XX
Aggregator ID: 1
Actor Churn State: churned
Partner Churn State: churned
Actor Churned Count: 1
Partner Churned Count: 1
details actor lacp pdu:
system priority: 65535
system mac address: XX:XX:XX:XX:XX:XX
port key: 0
port priority: 255
port number: 1
port state: 69
details partner lacp pdu:
system priority: 65535
system mac address: 00:00:00:00:00:00
oper key: 1
port priority: 255
port number: 1
port state: 1

Member Interface: Port10
Link Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: XX:XX:XX:XX:XX:XX
Aggregator ID: 2
Actor Churn State: none
Partner Churn State: none
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: XX:XX:XX:XX:XX:XX
port key: 15
port priority: 255
port number: 2
port state: 61
details partner lacp pdu:
system priority: 32768
system mac address: XX:XX:XX:XX:XX:XX
oper key: 10
port priority: 32768
port number: 55
port state: 61
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 TiagoMarques over 1 year ago in reply to Harith K

Change LAG0 with your LAG name:

cat /proc/net/bonding/LAG0

Search for things like:
- "Partner Mac Address" = 00:00:00:00:00:00 (no LACPDU communication)
- "Number of ports" < "Total Ports" (some port down, wrong port connected, etc)

Example output with MAC addresses redacted:

Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

LAG Mode: lacp(dynamic)
Total Ports: 2
Link Status: up
Monitoring Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
MAC Address: 00:e0:20:15:0e:3e
Load Balance Policy: layer2
LACP rate: slow
Min links: 0
Active Aggregator Info:
System priority: 65535
System MAC address: XX:XX:XX:XX:XX:XX
Aggregator ID: 2
Number of ports: 1
Actor Key: 15
Partner Key: 10
Partner Mac Address: XX:XX:XX:XX:XX:XX

Member Interface: Port9
Link Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: XX:XX:XX:XX:XX:XX
Aggregator ID: 1
Actor Churn State: churned
Partner Churn State: churned
Actor Churned Count: 1
Partner Churned Count: 1
details actor lacp pdu:
system priority: 65535
system mac address: XX:XX:XX:XX:XX:XX
port key: 0
port priority: 255
port number: 1
port state: 69
details partner lacp pdu:
system priority: 65535
system mac address: 00:00:00:00:00:00
oper key: 1
port priority: 255
port number: 1
port state: 1

Member Interface: Port10
Link Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: XX:XX:XX:XX:XX:XX
Aggregator ID: 2
Actor Churn State: none
Partner Churn State: none
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: XX:XX:XX:XX:XX:XX
port key: 15
port priority: 255
port number: 2
port state: 61
details partner lacp pdu:
system priority: 32768
system mac address: XX:XX:XX:XX:XX:XX
oper key: 10
port priority: 32768
port number: 55
port state: 61
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data