Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Missing Firewalls on Central + Stopped Services

Hi!

tonight the HA-Cluster disconnected from Central (not together: the AUX 1h later) and on the Firewall the following services are shown as "stopped":
- fwcm-updaterd
- fwcm-heartbeatd
- fwcm-eventd
- fwcm-api-execut

By the way, only one of the two FWs of the cluster is shown on Central.
Putting the cluster in a new group on Central does not help.
Disabling Central-Management from the FW does not work.

XGS2300 (SFOS 20.0.0 GA-Build222)

I honestly don't know what to do. Any ideas?
Thanks in advance.



This thread was automatically locked due to age.
  • i checked the services over CLI and they are not always "stopped". Sometimes they are show as running, 2 seconds later as "stopped".

    by the way, the same happens with the service "ssod" too.

  • same issue with my virtual firewalls. can't connect to Sophos central.

  • Hi   

    Thanks for reaching out and regret to hear the experience. 

    I may recommend you to open a support case to have this further investigated. Once you do kindly share with us the generated caseID.

    Many thanks for your time and patience and thank you for choosing Sophos.

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • __________________________________________________________________________________________________________________

  • I contacted the Support and this procedure fixed the issue:

    1. Remove the firewalls from Central
    2. De-register the central account from the Firewall
    3. open putty 
    4. select option 5 ( device management ) and then 3  (Advanced shell )
    5. Run the below commands one by one to restart the service.

    service fwcm-updaterd:restart -ds sync     
    service fwcm-heartbeatd:restart -ds sync  
    service fwcm-eventd:restart -ds sync
     

    6. Re-register your firewall cluster with Sophos Central.

    Regards

  • HI,

    Did Sophos Support indicate why this happened? 

    We are experiencing the same issue with one of our firewalls at a remote location about 2 hours away.

    Last Monday at around 8:19am, it just suddenly stopped talking to Sophos Central for no reason almost 2 weeks after updating it to FIOS 20.0.

    Support at first suggested removing the firewall from Sophos Central and re-registering it, but I insisted I wanted to know the cause of the issue before I attempt something like that.

    Support has been examining the logs from the firewall and are supposed to contact me by end of day today.

    Really don't want to have to remove it from Central and all of those other steps and I am concerned that this might happen with our other firewalls now that we have updated them to FIOS 20.0

    This is the second firewall we have had service related issues with since updating them to FIOS 20.0. 

  • Unfortunately, I was not told why this happened.
    However, the problem does not solve itself and you have to perform the above procedure to solve the issue.
    I can tell you, however, that the deregistration process does not cause any problems and is done in a couple of minutes.

    P.S. If support tells you why the problem happened, post it here Slight smile

  • It seems I will not know the cause of the issue.

    The response I got from Sophos pretty much said that they didn't download the firewall logs in time to view the logs from the day the issue happened. The logs they downloaded did not contain the logs for the day the issue occurred any longer.

    They looked at the Sophos Central logs as well and saw:

    2024-03-18 11:44:03Z ERROR Tools.pm[29260]:97 SFOS::Common::Central::Tools::report_status - ETIMEOUT: The operation timed out, please try again later. 
    2024-03-18 20:21:25Z FATAL central-refresh[5920]:67 main:: - Seems that we got called by accident since we are not registered. Exiting.

    Looks like I am going to have to follow the steps to remove it from Central and re-add it.