Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 19 replies
  • Answers 5 answers
  • Subscribers 40 subscribers
  • Views 45060 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall not being discovered in Central Firewall Manager

John Davis

I have a XG105 firewall that does not appear in Sophos Central Firewall Manager and the Discover at top of page does not show the firewall.

I have the settings configured on the xg firewall / Administration-Central Management as instructed by Sophos documentation.

I have shared the firewall My Account-Network Protection-View Devices and also accepted the Management of firewall

I also have the latest firmware: SFOS 16.05.6

I have changed the xg device settings from Central will push to Firewall will fetch but that does not work either.

Does anyone have a suggestion?Thanks



This thread was automatically locked due to age.
  • 0

    I'm having the same problem. I get my device to appear though but when I fill in the info they want, it says it cannot connect to the device....I'm brand new to this company and my first impression is about as good as me slamming my head thru a brick wall and dying. Spoke to 5 people who can't even show me how to get my MSP licensing going on 1 device. Well one of those five told me to fill out some xls file to request my license and email it in and wait 24 hours....wow.

  • 0

    Hi John,

    Please email me your XG105 serial number and your partner account username, so i will check the issue and get back to you.

    Also provide XG device Central Management page screenshot.

    Ravi

     

  • 0 in reply to Greg Rogers

    Hi Greg,

    Please provide error screenshot. I will guide you further.

    Ravi

  • 0 in reply to RaviPatel

    Hi John,

    Thank you for providing the requested detail. I have checked the issue and found issue as bug.

    Reference id: NCCC-5325

    To resolve the issue. Please perform below steps:

    1. Login to SCFM using partner email id.

    2. Go to System Management > Account Settings > Synchronize and click on Synchronize button to sync the partner data

    3. After account synchronization is complete, please check your devices will display in Device Discovery tab of SCFM or not?

    Ravi

  • 0 in reply to RaviPatel

    I can now see devices and they now appear in Central Firewall Manager but I can not get them to Synchronize

    Under Status they are not connected and show as Incompatable

    Advise as to the next step to correct

    Thanks

  • +1 in reply to John Davis

    Hi John,

    Have you allowed HTTPS access  for WAN in all 3 devices on Device Access page? If not then please allow it and check the status of the issue.

    I have checked and found CFM is not able to connect to all 3 appliances on 4444 port. It is getting connection time out error.

    If you do not wish to open HTTPS access for WAN in XG then you can create local acl rule on Device access page for CFM using below configuration.

    Steps to create local ACL rule for CFM:
    ·         Go to System > Administration > Device Access in XG.
    ·         Enter CFM Domain Rule Name.
    ·         Select IPv4 as IP Family, WAN as Source Zone.
    ·         Add the Network/Host created for the IP address “us-e1.cfm.sophos.com” i.e. 52.0.39.131
    ·         Select HTTPS as Services and Accept as Action.
    Click Save.

     

    Ravi

  • +1 in reply to RaviPatel

    Ravi

    HTTPS access for WAN is allowed on all three devices on Device Access page.

    I will add the rule and test the access.

    Thanks

  • 0 in reply to John Davis

    Hi John,

    I have checked the issue and found all 3 devices are showing sync in CFM. Please check the status of the issue.

    Ravi

  • 0 in reply to RaviPatel

    Ravi

    All 3 devices are showing sync in CFM

    Thanks for your help on this issue.

    I consider this issue as closed.

    On another matter:

    I have another XG105 firewall that is showing as disconnected.

    The logs accessed from the gui show that nothing has been sent to CFM

    It is getting updates for antivirus according to the logs

    I do not have console access to this device as it is at a remote location.

    Thanks

  • 0 in reply to John Davis

    Hi John,

    Thank you for update.

    CFM/SFM show device as disconnected when there is connectivity issue between XG and CFM. When XG device failed to send heatbeat packets to CFM/SFM then SFM/CFM declare device as disconnected.

    Please check XG device is sending Heart Beat packets to CFM or not in /log/garner.log from advance shell.

    Ravi

Unfiltered HTML