Firewall not being discovered in Central Firewall Manager

Question

I have a XG105 firewall that does not appear in Sophos Central Firewall Manager and the Discover at top of page does not show the firewall. 
 I have the settings configured on the xg firewall / Administration-Central Management as instructed by Sophos documentation. 
 I have shared the firewall My Account-Network Protection-View Devices and also accepted the Management of firewall 
 I also have the latest firmware: SFOS 16.05.6 
 I have changed the xg device settings from Central will push to Firewall will fetch but that does not work either. 
 Does anyone have a suggestion?Thanks

RaviPatel · Accepted Answer

Hi John, 
 Have you allowed HTTPS access for WAN in all 3 devices on Device Access page? If not then please allow it and check the status of the issue. 
 I have checked and found CFM is not able to connect to all 3 appliances on 4444 port. It is getting connection time out error. 
 If you do not wish to open HTTPS access for WAN in XG then you can create local acl rule on Device access page for CFM using below configuration. 
 Steps to create local ACL rule for CFM: 
 &middot; Go to System > Administration > Device Access in XG. 
 &middot; Enter CFM Domain Rule Name . 
 &middot; Select IPv4 as IP Family , WAN as Source Zone . 
 &middot; Add the Network/Host created for the IP address &ldquo;us-e1.cfm.sophos.com&rdquo; i.e. 52.0.39.131 
 &middot; Select HTTPS as Services and Accept as Action . 
 Click Save.

Ravi

John Davis · Answer

Ravi 
 HTTPS access for WAN is allowed on all three devices on Device Access page. 
 I will add the rule and test the access. 
 Thanks

RaviPatel · Answer

Hi John, 
 Thank you for providing the requested detail. I have checked the issue and found issue as bug. 
 Reference id: NCCC-5325 
 To resolve the issue. Please perform below steps: 
 1. Login to SCFM using partner email id. 
 2. Go to System Management > Account Settings > Synchronize and click on Synchronize button to sync the partner data 
 
 3. After account synchronization is complete, please check your devices will display in Device Discovery tab of SCFM or not? 
 Ravi

RaviPatel · Answer

Hi John, 
 I have checked the issue and found all 3 devices are showing sync in CFM. Please check the status of the issue. 
 Ravi

RaviPatel · Answer

Hi John, 
 Thank you for update. 
 CFM/SFM show device as disconnected when there is connectivity issue between XG and CFM. When XG device failed to send heatbeat packets to CFM/SFM then SFM/CFM declare device as disconnected. 
 Please check XG device is sending Heart Beat packets to CFM or not in /log/garner.log from advance shell. 
 Ravi

RaviPatel · Answer

Hi John, 
 It seems like XG is not able to send heartbeat packets to CFM. 
 Please check in XG device that you are able to resolve CFM domain name us-e1.cfm.sophos.com ? 
 If you have configured secure syslog port to 6514 then please change to HTTPS and check heartbeat packets get send in GUI system logs of XG. 
 Ravi

Greg Rogers · Answer

It was because the rep I contacted at Sophos signed me up as a reseller instead of a MSP Flex partner. Once they fixed that mess, it started working fine.