Thread Info
  • Replies 14 replies
  • Subscribers 5 subscribers
  • Views 22703 views
  • Users 0 members are here
Options
Suggested

Can't login via WebGui (connection timed out) (16.5.6 > 17.0 Beta 1)

DaveHamer

I have a CR50iNG that was previously running Cyberoam Firmware.

 

I updated to v16.5 MR6 a few weeks ago and migrated the config.

I've just installed HW-SFOS_17.0.0_Beta-1.SF210-32.gpg and now I can't access the WebGUI, nor ping the device.

 

I've connected a serial cable up, and can see that all interfaces currently have their correct IP configurations.

I've reset the admin password (it's still: admin)

I've attached a laptop to a LAN port, and can't see any information coming from their device. Using wireshark, the only information I can see is an ARP request goes out "who has 192.x.x.x" and I get the ARP back from the device saying the correct MAC address.

I've also got a port connected as a DMZ that allowed remote access previously and this also does nothing.

I ran the serial command:

system appliance_access enable -> https://community.sophos.com/kb/en-us/123542

This didn't affect any interfaces!

 

Some important notes:

The configuration loaded on this device is VERY complicated

The LAN port has 3 aliases, and around 10 VLANs associated

The DMZ port has no VLANs/aliases

The WAN port has about 120 aliases defined

The MAC address has been OVERRIDDEN on interfaces. This configuration is from a previously HA device.

The configuration, as mentioned, has come from CROS, to SFOS16.5 and now to SFOS17

 

Any hints? Or am I BETA testing a bit too much...

Parents

  • Hi DaveHamer,

    Thank you for the SFOS v17 Beta Feedback.

    Please share the output of the command

    • cat /etc/version
    • ifconfig
  • in reply to deeptibhavsar

    Hi, 

    Sure no problems -

     

    CR50iNG_AM03_SFOS 17.0.0 Beta-1# cat /etc/version
    CR50iNG_AM03_17.0.0.32

     


    CR50iNG_AM03_SFOS 17.0.0 Beta-1# ifconfig
    PortA Link encap:Ethernet HWaddr 0E:00:00:00:00:01
    inet addr:192.168.222.254 Bcast:192.168.222.255 Mask:255.255.255.0
    inet6 addr: fe80::c00:ff:fe00:1/64 Scope:Link
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:344 errors:0 dropped:0 overruns:0 frame:0
    TX packets:509 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:31016 (30.2 KiB) TX bytes:25454 (24.8 KiB)
    Memory:fea00000-fea1ffff

    PortA.30 Link encap:Ethernet HWaddr 0E:00:00:00:00:01
    inet addr:192.168.230.1 Bcast:192.168.230.255 Mask:255.255.255.0
    inet6 addr: fe80::c00:ff:fe00:1/64 Scope:Link
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:738 (738.0 B)

    PortA.31 Link encap:Ethernet HWaddr 0E:00:00:00:00:01
    inet addr:192.168.231.1 Bcast:192.168.231.255 Mask:255.255.255.0
    inet6 addr: fe80::c00:ff:fe00:1/64 Scope:Link
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:738 (738.0 B)

    PortA.32 Link encap:Ethernet HWaddr 0E:00:00:00:00:01
    inet addr:192.168.232.1 Bcast:192.168.232.255 Mask:255.255.255.0
    inet6 addr: fe80::c00:ff:fe00:1/64 Scope:Link
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:738 (738.0 B)

    PortA.33 Link encap:Ethernet HWaddr 0E:00:00:00:00:01
    inet addr:192.168.233.1 Bcast:192.168.233.255 Mask:255.255.255.0
    inet6 addr: fe80::c00:ff:fe00:1/64 Scope:Link
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:738 (738.0 B)

    PortA.34 Link encap:Ethernet HWaddr 0E:00:00:00:00:01
    inet addr:192.168.234.1 Bcast:192.168.234.255 Mask:255.255.255.0
    inet6 addr: fe80::c00:ff:fe00:1/64 Scope:Link
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:427 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:18378 (17.9 KiB)

    PortA.35 Link encap:Ethernet HWaddr 0E:00:00:00:00:01
    inet addr:192.168.235.1 Bcast:192.168.235.255 Mask:255.255.255.0
    inet6 addr: fe80::c00:ff:fe00:1/64 Scope:Link
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:738 (738.0 B)

    PortA.36 Link encap:Ethernet HWaddr 0E:00:00:00:00:01
    inet addr:192.168.236.1 Bcast:192.168.236.255 Mask:255.255.255.0
    inet6 addr: fe80::c00:ff:fe00:1/64 Scope:Link
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:738 (738.0 B)

    PortA.37 Link encap:Ethernet HWaddr 0E:00:00:00:00:01
    inet addr:192.168.237.1 Bcast:192.168.237.255 Mask:255.255.255.0
    inet6 addr: fe80::c00:ff:fe00:1/64 Scope:Link
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:738 (738.0 B)

    PortC Link encap:Ethernet HWaddr 0E:00:00:00:00:03
    inet addr:REMOVED Bcast:REMOVED Mask:255.255.255.224
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
    Memory:fe800000-fe81ffff

    PortE Link encap:Ethernet HWaddr 00:0D:48:45:4B:E5
    inet addr:10.10.3.51 Bcast:10.10.3.255 Mask:255.255.252.0
    inet6 addr: fe80::20d:48ff:fe45:4be5/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:26382 errors:0 dropped:8 overruns:0 frame:0
    TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:2256439 (2.1 MiB) TX bytes:1028 (1.0 KiB)
    Memory:fe600000-fe61ffff

    PortG Link encap:Ethernet HWaddr 00:0D:48:45:4B:E7
    inet addr:192.168.15.1 Bcast:192.168.15.255 Mask:255.255.255.0
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
    Memory:fe400000-fe41ffff

    PortH Link encap:Ethernet HWaddr 00:0D:48:45:4B:E8
    inet addr:172.16.1.1 Bcast:172.16.1.255 Mask:255.255.255.0
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
    Memory:fe300000-fe31ffff

    imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    UP RUNNING NOARP MTU:16000 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:11000
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

    ipsec0 Link encap:Ethernet HWaddr 8A:28:7C:48:95:16
    inet addr:169.254.234.5 Bcast:0.0.0.0 Mask:255.255.255.255
    inet6 addr: fe80::8828:7cff:fe48:9516/64 Scope:Link
    UP BROADCAST RUNNING NOARP MULTICAST MTU:16260 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:65536 Metric:1
    RX packets:192973 errors:0 dropped:0 overruns:0 frame:0
    TX packets:192973 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:51229051 (48.8 MiB) TX bytes:51229051 (48.8 MiB)

    tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:10.81.234.5 P-t-P:10.81.234.5 Mask:255.255.255.0
    inet6 addr: 2001:db8::1:0/64 Scope:Global
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:0 (0.0 B) TX bytes:152 (152.0 B)

  • in reply to DaveHamer

    And some more interesting info: 

    (We change the GUI to 4430. I also tried default Sophos 4444, and 8443 is what we change SSLVPN to)

    CR50iNG_AM03_SFOS 17.0.0 Beta-1# telnet localhost 4430
    Trying 127.0.0.1...
    telnet: connect to address 127.0.0.1: Connection refused
    CR50iNG_AM03_SFOS 17.0.0 Beta-1# telnet localhost 4444
    Trying 127.0.0.1...
    telnet: connect to address 127.0.0.1: Connection refused
    CR50iNG_AM03_SFOS 17.0.0 Beta-1# telnet localhost 8443
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    ^CConnection closed by foreign host.
    CR50iNG_AM03_SFOS 17.0.0 Beta-1# telnet 192.168.222.1 4430
    Trying 192.168.222.1...
    telnet: connect to address 192.168.222.1: Connection refused
    CR50iNG_AM03_SFOS 17.0.0 Beta-1# telnet 192.168.222.254 4430
    Trying 192.168.222.254...
    telnet: connect to address 192.168.222.254: Connection refused
    CR50iNG_AM03_SFOS 17.0.0 Beta-1#

  • in reply to DaveHamer

    Please share the command ouput

    service -S

  • in reply to deeptibhavsar

    I can also confirm that DHCP is working - it didn't upon first upgrade, but after a hard reboot, I can get a DHCP address in the correct range. However I still cannot access the Firewall GUI by HTTPS. I also can't ping, nor SSH.

     

    Output of service -S

    CR50iNG_AM03_SFOS 17.0.0 Beta-1# service -S
    lcdd UNTOUCHED
    postgres RUNNING
    sigdb RUNNING
    reportdb RUNNING
    crreport RUNNING
    awarrensmtp RUNNING
    awarrenmta RUNNING
    nasm RUNNING
    ntpclient RUNNING
    garner RUNNING
    skein RUNNING
    awarrenhttp RUNNING
    WINGc RUNNING
    nsxld RUNNING
    warren RUNNING
    ftpproxy RUNNING
    ctipd RUNNING
    antispam RUNNING
    ips RUNNING
    ripd RUNNING
    ospfd RUNNING
    bgpd RUNNING
    zebra RUNNING
    dgd RUNNING
    dhcpd RUNNING
    dhcpd6 UNREGISTERED
    strongswan RUNNING
    strongswan-ctl UNTOUCHED
    ddc RUNNING
    networkd RUNNING
    dyniface UNTOUCHED
    gateway RUNNING
    tomcat RUNNING
    apache RUNNING
    antivirus RUNNING
    sandbox_reportd RUNNING
    sandboxd RUNNING
    dnsd RUNNING
    sslvpn RUNNING
    clientless_acce RUNNING
    pptpd UNREGISTERED
    l2tpd UNREGISTERED
    mrouting UNREGISTERED
    pimd UNREGISTERED
    msync UNTOUCHED
    WAF UNREGISTERED
    red_client UNTOUCHED
    red UNREGISTERED
    supportaccess UNTOUCHED
    heartbeat UNREGISTERED
    enhancedappctrl UNREGISTERED
    hwmon UNREGISTERED
    access_server RUNNING
    bwm RUNNING
    fwm UNTOUCHED
    radvd UNREGISTERED
    fqdnd RUNNING
    fwlog RUNNING
    pktcapd RUNNING
    hostapd UNTOUCHED
    mdev UNREGISTERED
    awed UNREGISTERED
    hotspotd RUNNING
    policyroute RUNNING
    cfs RUNNING
    listener RUNNING
    timer RUNNING
    shm RUNNING
    dbh RUNNING

Reply
  • in reply to deeptibhavsar

    I can also confirm that DHCP is working - it didn't upon first upgrade, but after a hard reboot, I can get a DHCP address in the correct range. However I still cannot access the Firewall GUI by HTTPS. I also can't ping, nor SSH.

     

    Output of service -S

    CR50iNG_AM03_SFOS 17.0.0 Beta-1# service -S
    lcdd UNTOUCHED
    postgres RUNNING
    sigdb RUNNING
    reportdb RUNNING
    crreport RUNNING
    awarrensmtp RUNNING
    awarrenmta RUNNING
    nasm RUNNING
    ntpclient RUNNING
    garner RUNNING
    skein RUNNING
    awarrenhttp RUNNING
    WINGc RUNNING
    nsxld RUNNING
    warren RUNNING
    ftpproxy RUNNING
    ctipd RUNNING
    antispam RUNNING
    ips RUNNING
    ripd RUNNING
    ospfd RUNNING
    bgpd RUNNING
    zebra RUNNING
    dgd RUNNING
    dhcpd RUNNING
    dhcpd6 UNREGISTERED
    strongswan RUNNING
    strongswan-ctl UNTOUCHED
    ddc RUNNING
    networkd RUNNING
    dyniface UNTOUCHED
    gateway RUNNING
    tomcat RUNNING
    apache RUNNING
    antivirus RUNNING
    sandbox_reportd RUNNING
    sandboxd RUNNING
    dnsd RUNNING
    sslvpn RUNNING
    clientless_acce RUNNING
    pptpd UNREGISTERED
    l2tpd UNREGISTERED
    mrouting UNREGISTERED
    pimd UNREGISTERED
    msync UNTOUCHED
    WAF UNREGISTERED
    red_client UNTOUCHED
    red UNREGISTERED
    supportaccess UNTOUCHED
    heartbeat UNREGISTERED
    enhancedappctrl UNREGISTERED
    hwmon UNREGISTERED
    access_server RUNNING
    bwm RUNNING
    fwm UNTOUCHED
    radvd UNREGISTERED
    fqdnd RUNNING
    fwlog RUNNING
    pktcapd RUNNING
    hostapd UNTOUCHED
    mdev UNREGISTERED
    awed UNREGISTERED
    hotspotd RUNNING
    policyroute RUNNING
    cfs RUNNING
    listener RUNNING
    timer RUNNING
    shm RUNNING
    dbh RUNNING

Children
  • in reply to DaveHamer

    Additional note:

    When trying telnet externally:

    To Port E (DMZ): Connecting to 10.10.3.51 - Connect Failed - Timeout

    To Port A (LAN): Connecting to 192.168.222.1 (or .254) - Connect Failed - Timeout

    Rather than an instant refusal.

  • in reply to DaveHamer

    Hi,

    Please share the command output

    ethtool <port name>

    exa: ethtool  PortA1

    listif -s

  • in reply to deeptibhavsar

    Hi,

    CR50iNG_AM03_SFOS 17.0.0 Beta-1# ethtool PortA
    Settings for PortA:
    Supported ports: [ TP ]
    Supported link modes: 10baseT/Half 10baseT/Full
    100baseT/Half 100baseT/Full
    1000baseT/Full
    Supported pause frame use: Symmetric
    Supports auto-negotiation: Yes
    Advertised link modes: 10baseT/Half 10baseT/Full
    100baseT/Half 100baseT/Full
    1000baseT/Full
    Advertised pause frame use: Symmetric
    Advertised auto-negotiation: Yes
    Speed: 1000Mb/s
    Duplex: Full
    Port: Twisted Pair
    PHYAD: 1
    Transceiver: internal
    Auto-negotiation: on
    MDI-X: on (auto)
    Supports Wake-on: pumbg
    Wake-on: g
    Current message level: 0x00000007 (7)
    drv probe link
    Link detected: yes
    CR50iNG_AM03_SFOS 17.0.0 Beta-1# ethtool PortE
    Settings for PortE:
    Supported ports: [ TP ]
    Supported link modes: 10baseT/Half 10baseT/Full
    100baseT/Half 100baseT/Full
    1000baseT/Full
    Supported pause frame use: Symmetric
    Supports auto-negotiation: Yes
    Advertised link modes: 10baseT/Half 10baseT/Full
    100baseT/Half 100baseT/Full
    1000baseT/Full
    Advertised pause frame use: Symmetric
    Advertised auto-negotiation: Yes
    Speed: 1000Mb/s
    Duplex: Full
    Port: Twisted Pair
    PHYAD: 1
    Transceiver: internal
    Auto-negotiation: on
    MDI-X: on (auto)
    Supports Wake-on: pumbg
    Wake-on: g
    Current message level: 0x00000007 (7)
    drv probe link
    Link detected: yes
    CR50iNG_AM03_SFOS 17.0.0 Beta-1# listif -s
    PortA###Connected, 1000 Mbps - Full Duplex###0E:00:00:00:00:01###8431
    PortA.30###Connected, 1000 Mbps - Full Duplex###0E:00:00:00:00:01###8431
    PortA.31###Connected, 1000 Mbps - Full Duplex###0E:00:00:00:00:01###8431
    PortA.32###Connected, 1000 Mbps - Full Duplex###0E:00:00:00:00:01###8431
    PortA.33###Connected, 1000 Mbps - Full Duplex###0E:00:00:00:00:01###8431
    PortA.34###Connected, 1000 Mbps - Full Duplex###0E:00:00:00:00:01###8431
    PortA.35###Connected, 1000 Mbps - Full Duplex###0E:00:00:00:00:01###8431
    PortA.36###Connected, 1000 Mbps - Full Duplex###0E:00:00:00:00:01###8431
    PortA.37###Connected, 1000 Mbps - Full Duplex###0E:00:00:00:00:01###8431
    PortB###Disabled###00:0D:48:45:4B:E2###8431
    PortC###Unplugged###0E:00:00:00:00:03###8431
    PortD###Disabled###00:0D:48:45:4B:E4###8431
    PortE###Connected, 1000 Mbps - Full Duplex###00:0D:48:45:4B:E5###8431
    PortF###Disabled###00:0D:48:45:4B:E6###8431
    PortG###Unplugged###00:0D:48:45:4B:E7###8431
    PortH###Unplugged###00:0D:48:45:4B:E8###8431
    gretap0###Disabled###00:00:00:00:00:00###0

     

     

    - For reference, Port A connected directly to this laptop, Port E connected to a Layer 3 switch into our main network.

  • in reply to DaveHamer

    hi,

    does the LED of Ethernet port are blinking?

    Also arp -n output

  • in reply to deeptibhavsar

    I can confirm blinking, although as you can see by the packet count, not that much data has been transmitted.

    Output of arp:

    CR50iNG_AM03_SFOS 17.0.0 Beta-1# arp -a
    ? (31.210.128.65) at <incomplete> on PortC
    ? (192.168.222.124) at 00:e1:00:00:0a:a3 [ether] on PortA
    ? (192.168.234.2) at <incomplete> on PortA.34
    ? (192.168.222.8) at <incomplete> on PortA
    ? (192.168.222.180) at 00:e1:00:00:0a:a3 [ether] on PortA
    ? (192.168.222.47) at <incomplete> on PortA
    ? (192.168.234.8) at <incomplete> on PortA.34
    ? (10.10.0.124) at f8:32:e4:bb:53:cd [ether] on PortE
    ? (10.10.0.129) at 50:1a:c5:fa:18:73 [ether] on PortE

     

    10.10.0.124 - this is my work PC plugged into the Layer 3 switch

    192.168.222.124 - This is my laptop with a static IP

    192.168.222.180 - This is my laptop with a DHCP lease

     

    So clearly some communication is taking place

  • in reply to deeptibhavsar

    Good afternoon deeptibhavsar,

    Do you have any more requirements? Because I can't login to the appliance I cannot even begin testing :)

    I'm going to roll out the BETA as an upgrade to a VMW appliance, so maybe I can at least get some testing done.

    Kind Regards;

    Dave

  • in reply to DaveHamer

    Hi,

    Can you provide us appliance access via Team Viewer/Gotomeeting.

     

  • in reply to DaveHamer

    Hi DaveHamer,

           Thanks for the feedback and your extended support to look into the issue.

      We are tracking this issue through JIRA ID NC-22657.

Unfiltered HTML