Missing Firewalls on Central + Stopped Services

i checked the services over CLI and they are not always "stopped". Sometimes they are show as running, 2 seconds later as "stopped".

by the way, the same happens with the service "ssod" too.

same issue with my virtual firewalls. can't connect to Sophos central.

Hi Nanoman Manawapriya Thenuwara 

Thanks for reaching out and regret to hear the experience. 

I may recommend you to open a support case to have this further investigated. Once you do kindly share with us the generated caseID.

Many thanks for your time and patience and thank you for choosing Sophos.

Regards,

After starting, check the Log Files: 

https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/LogFileDetails/index.html

Interesting: hbtrust.log

I contacted the Support and this procedure fixed the issue:

1. Remove the firewalls from Central
2. De-register the central account from the Firewall
3. open putty 
4. select option 5 ( device management ) and then 3  (Advanced shell )
5. Run the below commands one by one to restart the service.

service fwcm-updaterd:restart -ds sync     
service fwcm-heartbeatd:restart -ds sync  
service fwcm-eventd:restart -ds sync  

6. Re-register your firewall cluster with Sophos Central.

Regards

HI,

Did Sophos Support indicate why this happened? 

We are experiencing the same issue with one of our firewalls at a remote location about 2 hours away.

Last Monday at around 8:19am, it just suddenly stopped talking to Sophos Central for no reason almost 2 weeks after updating it to FIOS 20.0.

Support at first suggested removing the firewall from Sophos Central and re-registering it, but I insisted I wanted to know the cause of the issue before I attempt something like that.

Support has been examining the logs from the firewall and are supposed to contact me by end of day today.

Really don't want to have to remove it from Central and all of those other steps and I am concerned that this might happen with our other firewalls now that we have updated them to FIOS 20.0

This is the second firewall we have had service related issues with since updating them to FIOS 20.0. 

Unfortunately, I was not told why this happened.
However, the problem does not solve itself and you have to perform the above procedure to solve the issue.
I can tell you, however, that the deregistration process does not cause any problems and is done in a couple of minutes.

P.S. If support tells you why the problem happened, post it here

It seems I will not know the cause of the issue.

The response I got from Sophos pretty much said that they didn't download the firewall logs in time to view the logs from the day the issue happened. The logs they downloaded did not contain the logs for the day the issue occurred any longer.

They looked at the Sophos Central logs as well and saw:

2024-03-18 11:44:03Z ERROR Tools.pm[29260]:97 SFOS::Common::Central::Tools::report_status - ETIMEOUT: The operation timed out, please try again later. 
2024-03-18 20:21:25Z FATAL central-refresh[5920]:67 main:: - Seems that we got called by accident since we are not registered. Exiting.

Looks like I am going to have to follow the steps to remove it from Central and re-add it.