Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 2284 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophot UTM 9.7 - moved the VM to another server, and now I cannot access the webadmin

exwhywhyzee

Hello All,

I was running Sophos UTM 9.7 on an Esxi 6.5 server that crashed.  I moved the VM to another Esxi 6.7 server and imported the VM.  I'm assuming the problem is with the NIC hardware that it cannot find the orignal NICs, and that sort of broke things.

The Esxi management console show the VM to have two addresses: the original one assigned to the internal interface and one assigned through DHCP.

I am trying to access the Sophos UTM VM webadmin, but I cannot access it through either address.  I do have access to the the console through the VMWare Remote Console.

I can ping it the DHCP assigned address from my workstation, but when I access it using a browser I get an "ERR_CONNECTION_REFUSED" error.  I cannot ping the statically assigned original address.  From the Sophos UTM VM, I am able to ping both the DHCP assigned address and the original statically assigned address, but I cannot ping anything else on the network.

Any and all help with be greatly appreciated.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Can you please check the packet flow on WebAdmin port in UTM console.

    ==> Run below command.

    utm:/root # tcpdump -nei any port <WebAdmin_Port>

    eg. utm:/root # tcpdump -nei any port 4444

    ==> Please check webadmin.log , httpd.log and confd-debug.log files while accessing Webadmin(https://<UTM_IP>:port).

    utm:/root # tail -f /var/log/webadmin.log httpd.log confd-debug.log

    ==> Confirm allowed networks for WebAdmin access.

    utm:/root # cc get webadmin allowed_networks

  • 0 in reply to FormerMember

    I had to specify the location for httpd.log and confid-dedug.log, but I managed to get more output:

Reply Children
  • FormerMember
    0 FormerMember in reply to exwhywhyzee

    I can see requests coming on port 4444 from 192.168.100.214 source IP, but there’s no response(SYN+ACK[S.]).

    Please ensure that you're accessing WebAdmin from the Internal network.

    If not, then follow the below steps to allow WebAdmin access for ANY network.

    ==> Login to Shell.

    1. Type: cc
    2. Type: webadmin
    3. Type: allowed_networks@
    4. Type: =['REF_NetworkAny']

    ==> Confirm WebAdmin port as well.

    1. Type: cc
    2. Type: webadmin
    3. Type: port$

    Check packetfilter.log events as well.

    utm:/root # tail -f /var/log/packetfilter.log | grep -i "Source_IP"

    eg: tail -f /var/log/packetfilter.log | grep -i "192.168.100.214"

  • 0 in reply to FormerMember

    Hello Yash,

    Thank you for your help.  Unfortunately, the steps you instructed me to do didn't allow me to access the webadmin portal.

Unfiltered HTML