Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 6665 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Synchronized Security information missing in Sophos Central.

Randy Cleveland

We have several Sophos Firewalls, and most of them are showing correct Synchronized Security information in Sophos Central.

For Example:

Two of these firewalls above aren't showing any data about Applications or endpoints.

I've checked the firewalls, and they are set up the same.

What would possible reasons be for this?

It's not affecting the firewall performance or anything, it's just something I've noticed for a while and could not find a reason for it.



This thread was automatically locked due to age.
Parents
  • 0

    Hi  Thank you for reaching out to the Sophos community team. For the affected firewalls for which the (Syn Sec ) status icon is not showing on Sophos Central from those firewalls can you please validate the below details:

    1)#cat /log/garner.log | grep -i "Response code: '403'"

    To confirm whether any 403 error response is there or not.

    2) #csc custom status

    The above command is to see if any process or operation showing under a continuous busy state or not.

    Please share both the above details from affected firewalls to confirm more and to provide you with further information on this.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Reply
  • 0

    Hi  Thank you for reaching out to the Sophos community team. For the affected firewalls for which the (Syn Sec ) status icon is not showing on Sophos Central from those firewalls can you please validate the below details:

    1)#cat /log/garner.log | grep -i "Response code: '403'"

    To confirm whether any 403 error response is there or not.

    2) #csc custom status

    The above command is to see if any process or operation showing under a continuous busy state or not.

    Please share both the above details from affected firewalls to confirm more and to provide you with further information on this.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Children
  • 0 in reply to Vishal_R

    There are 403 errors on one where it's enabled, and Busy state of the csc command didn't return anything busy.

  • 0 in reply to Vishal_R

    I have one that is returning the following when using the csc command along with the 403 errors:

    Busy service:
     garner

    Service Queue of garner:
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:reconfig                   6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:sync_geoip_cache           6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:sync_gr_cache              6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:reconfig                   6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml                    6
     garner:get_xml ...
    XGS107_SN01_SFOS 20.0.0 GA-Build222#

  • +1 in reply to Randy Cleveland

    Hi  For this particular firewall based on this output, Looks like garner service is stuck because of that it is unable to perform the re-config operation,  it may result in an issue communicating with the central, which is why the 403 error is appearing. Please log a support case to review it further and to recover the garner service which should fix the "Firewall Synchronized Security information icon missing" in Sophos Central for this firewall once the garner service works fine. Once the Support case is open please share the case ID here or via DM, so I can add an internal note over it for quicker progress on log collection details. 

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Vishal_R

    Thanks.  I'll have to do a support case next week. 

  • 0 in reply to Vishal_R

    Hi,

    Just an update in case anyone else is having this issue...

    After Standard Support was able to get the firewalls communicating again, a few days later, 3 of them stopped again.

    I opened another support case, and after a couple of weeks of trouble shooting, the ticket was escalated the engineers.

    Come to find out, it's a know issue with 20.0 and will be fixed in 20.0.2 MR2.

Unfiltered HTML