Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 43 subscribers
  • Views 13264 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos FW Unable to download ssl vpn configuration after v20 update

Firat K

Hello, i have 2 xgs 116 fw. After updating v. 20 i can't donwload vpn configurations from vpn portal. Error "Failed to download the file. If the problem persists, check with IT."

Under Pattern updates page there is no version shows at SSLVPN Clients and no files under Content\sslvpn.

I tried to upload pattern update manually, it tried update / download files then failed.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Firat K

    Hi Firat, 

    Pattern download for sslvpn had failed; same is seen with other patterns as well. This need to be fixed first.

    On your SFOS, Network->DNS-> DNS host entry - check the ip address of u2d servers configured here (ex: u2d.sophos.com) and see if you are able to ping these ip addresses from the SFOS's CLI. Or check nslookup of the u2d hosts configured.

  • 0 in reply to Sreenivasulu Naidu

    Thank you for your reply, there is no dns host entry. should i write them? (i tried to ping u2d.sophos.com with no reply)

  • 0 in reply to Firat K

    Pls do below on your SFOS

    nslookup xg-up2date-patterns.sophosupd.com    

    // use below command to manually download sslvpn_1.02_1.0.009.tar.gz.sig and look at the details printed on the console

    curl xg-up2date-patterns.sophosupd.com/sslvpn_1.02_1.0.009.tar.gz.sig -O -v

    // if the download is successful, check md5 of the downloaded file and it should match with the below md5

    md5sum sslvpn_1.02_1.0.009.tar.gz.sig

    44cb69ce7284316227eecad1babf3db8  sslvpn_1.02_1.0.009.tar.gz.sig

    If there are issues with the download, check if dns service is running on SFOS

    service -S | egrep 'bind|dnsd'

    dnsd                 RUNNING

    Or you can DM me, we can take a look at your SFOS over Zoom/Teams call.

  • +1 in reply to Sreenivasulu Naidu

    Hi  

    Please share the whole file uma.log if possible.

    Also provide hostname of device.

    Please accept  friend request so i can DM you as well.

    From the screen shot, i can see that following logs, which looks like it is successful.

    "2023-12-25-13:32:17Z uma[28993]:    info Control tunnel established (pid:11589)"

    Can we have a Zoom/Teams call?

    Please suggest suitable time.

  • 0 in reply to Kaushal Kansara

    Hi  ,

    Thanks for sharing system ID of device.

    As mentioned in DM, i have analysed eu2.apu.sophos.com server logs and was looking for system id shared.

    Although , i could not found any request coming from current device.

    Which means, device might not be able to reach to eu2.apu.sophos.com due to local restriction.

    Can we have a Zoom/Teams call?

  • +1 in reply to Kaushal Kansara

    It seem to be a country specific packets being blocked that causes SFOS unable to reach up2date servers; if up2date servers are not reachable, the pattern updates fail for sslvpn templates and config generation fails. Same behaviour is seen with APU access where the packets are not reaching the server. This is not anything related to v20.

Unfiltered HTML