Advisory: Sophos Endpoint - "Your connection isn't private" We're aware of a certificate issue and are actively working to resolve. Please see: KB-000045954 for the latest updates.

Top Replies

Parents
  • XGS87: When I view Firewall logs, all I see are a bunch of Device Access Denied but none of the usuals. Are most firewall rules not logging under some circumstances?

  • Hello  ! This is an extension of problems I've had in the past on an XGS87 that Sophos has taken probably three swings at solving and has never consistently solved.

    When I view logs on-device, all I see are denied entries, and not a lot of them. When I go to Sophos Central, it never returns any report, it just spins its wheel indefinitely. When I click on Feedback on the main on-device page, it gives me an error that I don't have connectivity. (Obviously I do, since I can post this.)

    The weird denied-only on-device log viewing is new in v20 EAP, but the other bugs have been around since v18 and I've opened up my device multiple times to support who always assure me, "We can't find anything, but engineering says this is a bug fixed in the next release." Which is not true.

    The common thread, in the past, has been that the XGS87 loses the gateway while attempting to transmit logs to Central and then never recovers.

  • Hi  Can you share the access to device running 20.0 EAP in PM to me - Dev team would like to take a look into details of the denied log entries. Currently ie since v18 firewall logging is explicitly configured NOT to send log component 1,2,66(Firewall rule, Invalid Traffic, Heartbeat respectively) deny logs to Central Reporting. we want to see if what you have is same. Secondly would like to check any logs around connectivity loss issue you see on this device. If needed we can schedule a joint debug session with engineering team -Shrikant 

  • OK, will PM you. And to be clear, I am seeing two problems, one that's been there since v18 and one that's new in v20 EAP:

    1. Since v18, I've had issues with logging to Sophos Central stopping. I can fix it -- once I notice that there is nothing in Sophos Central -- by stopping logging to SC and then reenabling it on my XGS87. This is what appears to be tied to an upload of logs trying to happen when the gateway is briefly down (doesn't happen often) causing the XGS87 not to log to SC either for many days or maybe never. This appears to be back.

    2. In v20 EAP1, I only see a small smattering of log entries when I View Logs (no filters) on-device (XGS87) and they're almost entirely Denied entries.

Reply
  • OK, will PM you. And to be clear, I am seeing two problems, one that's been there since v18 and one that's new in v20 EAP:

    1. Since v18, I've had issues with logging to Sophos Central stopping. I can fix it -- once I notice that there is nothing in Sophos Central -- by stopping logging to SC and then reenabling it on my XGS87. This is what appears to be tied to an upload of logs trying to happen when the gateway is briefly down (doesn't happen often) causing the XGS87 not to log to SC either for many days or maybe never. This appears to be back.

    2. In v20 EAP1, I only see a small smattering of log entries when I View Logs (no filters) on-device (XGS87) and they're almost entirely Denied entries.

Children
No Data