RED 60 Cannot do SSL handshake on socket accept

Question

Hi. 
 
 This is the next device with this problem. When did you mean, you have time to fix this error? 
 Do you have a "working" workaround? 
 
 2021:07:15-12:25:03 utm01 red_server[4561]: SELF: (Re-)loading device configurations 
 2021:07:15-12:25:06 utm01 red_server[11148]: SELF: Cannot do SSL handshake on socket accept from '62.54.178.180': SSL connect accept failed because of handshake problems 
 2021:07:15-12:25:07 utm01 red_server[11199]: SELF: New connection from 62.54.178.180 with ID R6000169JH77D0B (cipher AES256-GCM-SHA384), rev1<30>Jul 15 12:25:08 red_server[11199]: R6000169JH77D0B: connected OK, pushing config 
 2021:07:15-12:25:09 utm01 red_server[11199]: R6000169JH77D0B: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}' 
 2021:07:15-12:25:09 utm01 red_server[11199]: R6000169JH77D0B: Initializing connection running protocol version 0 
 2021:07:15-12:25:09 utm01 red_server[11199]: R6000169JH77D0B: Sending json message {"data":{},"type":"WELCOME"} 
 2021:07:15-12:25:10 utm01 red_server[11199]: R6000169JH77D0B: command '{"data":{},"type":"CONFIG_REQ"}' 
 2021:07:15-12:25:10 utm01 red_server[11199]: R6000169JH77D0B: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"1.2.3.4","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":3,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"ffxcqsuu","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"ffxcqsuu","manual_netmask":24,"lan3_vids":"","mac_filter_type":"none","mac":"00:0a:4d:2b:dc:ff","dial_string":"*99#","manual2_address":"0.0.0.0","manual_dns":"0.0.0.0","poe_port1":0,"poe_port2":0,"lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","fullbr_domains":"","htp_server":"utm01.camping-spot.de","uplink_balancing":"failover","asg_key":"[removed]","version_red60":"1-1125-15fdee6b8-fda4803","type":"red60","deployment_mode":"online","uplink2_mode":"dhcp","manual2_dns":"0.0.0.0","lan2_mode":"unused","debug_level":0,"local_networks_tar...L1394 
 2021:07:15-12:25:14 utm01 red_server[11199]: R6000169JH77D0B: command '{"data":{"key1":"G5AK4hWausF6gf6uMsykPA7QfAcc69fXM4USAy5DNC4=","key0":"8hWwv7ifQnYIK0vdMh6HqyBXrcqB2dt9da3AFgwe1IE=","key_active":0},"type":"SET_KEY_REQ"}' 
 2021:07:15-12:25:14 utm01 red_server[11199]: R6000169JH77D0B: Sending json message {"data":{},"type":"SET_KEY_REP"} 
 2021:07:15-12:25:15 utm01 red_server[11199]: R6000169JH77D0B: command '{"data":{"seq":0},"type":"PING"}' 
 2021:07:15-12:25:15 utm01 red_server[11199]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="R6000169JH77D0B" forced="0" 
 2021:07:15-12:25:15 utm01 red_server[11199]: R6000169JH77D0B: Sending json message {"data":{"seq":0},"type":"PONG"} 
 2021:07:15-12:25:16 utm01 red_server[11199]: R6000169JH77D0B: command '{"data":{"wan1_ip":"192.168.1.74","uplink":"WAN1","uplink_state":"0"},"type":"STATUS"}' 
 2021:07:15-12:25:16 utm01 red2ctl[4572]: Overflow happened on reds3:0 
 2021:07:15-12:25:16 utm01 red2ctl[4572]: Missing keepalive from reds3:0, disabling peer 62.54.178.180 
 Regards 
 Dirk

Dirk Westphal · Answer

Hi Bob. 
 Vielen Dank :-) 
 After the Sophos employee from the support team added and deleted network interfaces and DHCP servers on my SG in a remote session, he came to the conclusion that the RED is probably defective. He did not know the workaround that was supposed to load the old firmware. Now the RED 60 is exchanged. I only got an RMA under protest. I've been in IT for 20 years, but the support from Sophos is arguably the worst I've ever seen! Either you don't understand people because you speak Indian more than English, or the phone line is so bad that you can't understand anything at all. And all after 4 hours in the queue. And what annoys me the most is that Sophos knowingly sell devices that are defective or have a problem!