Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connect RED20 to XG125 doesn't work - boot loop

Sebastian Engler

Dear Members,

I've been working for days now to get a RED20 up and running with our XG125 with no success. It's exactly the same beavior that is described in discussion  https://community.sophos.com/community-chat/f/discussions/126096/sd-red-20-an-xg106-anbinden .

It's one of our Spare-RED20 that is brand new but hold on stock for about 1 year. Setup was done like explained in Sophos documentation papers.

Setup Remote Site: FritzBox 7590 - Exposed host for RED20 -> RED20 connected to LAN 1

- IP-address allocated by DHCP -> RED20 visible in/for the FritzBox with a valid IP within the DHCP-Range

- Port-Check (Laptop connected to the same port on FritzBox, LAN1): powershell -> tnc red.astaro.com -port 3400 -> OK,  tnc red.astaro.com -port 3410 -> OK

Setup XG125-Site:

- OS-Release: 19.5

- RED activated and initial connect to provision server fulfilled

- Network -> RED-Setup done, external IP of the XG125 registered/used (connectivity is given and reachable 24/7/365)

- Uplink Settings DHCP, RED mode standard, ip 192.168.60.1/24, DHCP Range:  192.168.60.10 - .20

Behavior/Sequence RED20:


1. Power on, WAN static green

2. System blinking

3. System static green, Router blinking

4. System staticred, Router, Internet, Tunnel static green

5. System static green, Router blinking

6. System red, Router, Internet, Tunnel static green

7. WAN off, System static red, Router, Internet, Tunnel static green

8. all off/device restart

9. -> loop sequence beginning at 2.

Now the question is - is there something wrong in our setup or is there something important missing in Sophos documentation papers/setup guides? Or is the device defective?

Thanks in advance for your answers!

CHeers,

Sebastian



This thread was automatically locked due to age.
  • +1

    Hello  ,

    Thank you for reaching out to the community, can you please share the following logs: syslog.log and red.log during the time of the issue. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • +1

    Hi,

    you could connect to the serial port and enter failsafe mode during boot.
    From here, mount_root and check the device config under /mnt/…

    Just cat the device.config and check if the unlock code, the firewall IP and some Settings are Fine.
    If this is the case, the Red connects to the XG and the provisioning service.

    Or you could try to setup the Red with an ofeline File via USB…

    if the firmware might be to old, you ‚might update‘ from USB within the failsafe.
    But this is a different storyWink

    Set the Red-20 to debugging mode and log at a local USB Stick (8GB and Fat32).
    I don’t have shell cmd‘s at hand, but Sophos might help here.

    • 0 in reply to JuergenB

      Hi Jürgen,

      it seems to be an SSL-Handshake issue. Even the "offline config" by using the USB-Stick didn't work. Viewing the red.log (live) the some behavior occurs like shown in the picture of my last reply.

      Could you please explain how to update the RED-firmware in failsafe mode with a USB stick? And - where do I get the frimware from?

      • +1 in reply to Sebastian Engler

        Hi,
        the firmware can be found in you xgs firewall /content/redfw
        extract the content and extract from the tar red20-v1-1225-48bdbfdac-b1551d2.tar.gz all files to your USB Stick (2GB, FAT32).

        Now you need to connect to the console, start the SD-RED 20 and wait for the first linux messages.
        At the bootmenu, hit (f) for the failsafe mode mount root partition, change some shell script, load firmware and flash.

        insert usb stick

        modify the line starting with CURRENT_PARTITION...
        and change to CURRENT_PARTITION=image1
        exit vi and save flashImage.sh

        (I am not shure, if there is some way to tell flashImage.sh what image you like to flash, to lazy)

        This should write a new image1

        If needed change flashImage.sh CURRENT_PARTITION=image2 and flash image

        I some cases you need to check and change the uBoot environment from the failsafe mode.

        insert ...

        and make use of

        Change bootdelay, because if set to -2 you will never get back into any shell, if the image1 or image2 is corrupted.

        But ..

        I take no responsibility for a bricked device {yes, there is a way to recover a SD-RED 20 with two bricked images (1 and2)}.

    • 0

      Hey Folks,

      just to mention - after 5 or six boot loops while doing USB-Stick-setup magic has happened -> now it works.

      Don’t ask me why, there was just the stick, the RED and some reboot actions. 
      Now it works! Thanks for your posts that helped me investigating the issues further. And now I know how to handle things about that in the feature, including firmware update uusing an USB stick.