This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

bad pattern updates......AGAIN????

Current pattern updates v208978. Blocking App Store courier.push.apple.com/

sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.50.20" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x8c7e3100" url="">courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="236" aptptime="127" cattime="30401" avscantime="0" fullreqtime="46490" device="0" auth="0" ua="" exceptions="av,sandbox,fileextension" category="105" reputation="trusted" categoryname="Business"

Can anyone confirm we have a bad pattern updates v206808? Can't connect to App Store blocking url https://courier.push.apple.com

action="block" method="CONNECT" srcip="192.168.50.20" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x9db16e00" url="https://courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="19295" aptptime="125" cattime="156" avscantime="0" fullreqtime="20543" device="0" auth="0" ua="" exceptions="av,sandbox,fileextension" category="105" reputation="trusted" categoryname="Business"
2022:02:26-18:52:38 httpproxy[14863]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked"

Thanks

This thread was automatically locked due to age.

Top Replies

RichBaldry over 2 years ago in reply to Amodin +3 verified

The problem with the pattern number incrementing has been identified and is being resolved. This issue is completely cosmetic and has not had any impact on the continued download and updating of the…

0 RDL over 2 years ago in reply to Amodin

https://community.sophos.com/utm-firewall/f/mail-protection-smtp-pop3-antispam-and-antivirus/48405/pattern-version-update-kills-smtp this talks about a pattern update that killed smtp years ago, so it is possible
Cancel
Vote Up 0 Vote Down

Cancel
0 Amodin over 2 years ago in reply to RDL

I tried this. Didn't work. Thing is, I am connecting, and the logs tell me I get an update. Other patterns appear to be updating, but the pattern version itself (206808) is not updating.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel
0 RDL over 2 years ago in reply to Amodin

It sounds and looks like there is no update to be downloaded and installed, It may be the situation talked about earlier that the updates on the weekends come from Ukraine Sophos brains and they're having issues right now. Let's hope for better outcomes Monday. THanks Amodin
Cancel
Vote Up 0 Vote Down

Cancel

0 Amodin over 2 years ago in reply to RDL

I tried a few minutes ago. I first changed patterns to manual, applied it, then told it to update - nothing. Leaving it at manual, I turned off IPS and portscan. Waited a few minutes. Turned portscan and IPS back on after changing pattern updates back to 15 min:

2022:02:27-21:03:42 amodin audld[1056]: no HA system or cluster node
2022:02:27-21:03:42 amodin audld[1056]: patch up2date possible
2022:02:27-21:03:42 amodin audld[1056]: Starting Secured Up2Date Package Downloader
2022:02:27-21:03:42 amodin audld[1056]: Secured Up2date Authentication
2022:02:27-21:03:42 amodin audld[1056]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2022:02:27-21:03:45 amodin audld[1056]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="ipsbundle2"
2022:02:27-21:03:45 amodin auisys[1156]: no HA system or cluster node
2022:02:27-21:03:45 amodin auisys[1156]: waiting for db_verify to return (30 seconds max)
2022:02:27-21:03:46 amodin auisys[1156]: not cleaning /var/up2date/sys-install in --nosys mode
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/appctrl43-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/aptp-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/aws-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/cadata-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/geoip-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/geoipxtipv6-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/ipsbundle2-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/man9-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/ohelp9-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/sasi-install'
2022:02:27-21:03:46 amodin auisys[1156]: removing '/var/up2date/savi-install'
2022:02:27-21:03:46 amodin auisys[1156]: Starting Up2Date Package Installer
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <man9> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <aws> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <appctrl43> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <ohelp9> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <geoipxtipv6> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <aptp> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <cadata> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <geoip> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <sasi> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: No suitable packages of type <savi> found, skipping
2022:02:27-21:03:46 amodin auisys[1156]: Install u2d packages <ipsbundle2>
2022:02:27-21:03:46 amodin auisys[1156]: Starting installing up2date packages for type 'ipsbundle2'
2022:02:27-21:03:46 amodin auisys[1156]: no u2d-ipsbundle2 RPM installed
2022:02:27-21:03:46 amodin auisys[1156]: Installing up2date package: /var/up2date/ipsbundle2/u2d-ipsbundle2-9.621.tgz.gpg
2022:02:27-21:03:46 amodin auisys[1156]: Verifying up2date package signature
2022:02:27-21:03:47 amodin auisys[1156]: Unpacking installation instructions
2022:02:27-21:03:47 amodin auisys[1156]: parsing installation instructions
2022:02:27-21:03:47 amodin auisys[1156]: Unpacking up2date package container
2022:02:27-21:03:47 amodin auisys[1156]: Running pre-installation checks
2022:02:27-21:03:47 amodin auisys[1156]: Starting up2date package installation
2022:02:27-21:04:03 amodin auisys[1156]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.621" package="ipsbundle2"
2022:02:27-21:04:03 amodin auisys[1156]: [INFO-306] New Pattern Up2Dates installed
2022:02:27-21:04:04 amodin auisys[1156]: Up2Date Package Installer finished, exiting
2022:02:27-21:04:04 amodin auisys[1156]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, exiting"
2022:02:27-21:11:01 amodin audld[2441]: no HA system or cluster node
2022:02:27-21:11:01 amodin audld[2441]: patch up2date possible
2022:02:27-21:11:01 amodin audld[2441]: Starting Secured Up2Date Package Downloader
2022:02:27-21:11:02 amodin audld[2441]: Secured Up2date Authentication
2022:02:27-21:11:02 amodin audld[2441]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"

So the IPS bundles are updating because the last version I saw was 9.50-something, and here it's 9.6. SAVI is also appearing to update its version.

I can also ping us1 and us2 Sophos up2d sites from the UTM and get the AWS responses from them, so they are responding to ICMP at least, lol.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)

0 RDL over 2 years ago in reply to Amodin

Thank you Amodin, that's good news, hopefully the day will be calmer in Europe and someone will address this. Hope you have a good day and week.
Cancel
Vote Up 0 Vote Down

Cancel
0 PatrickLee over 2 years ago in reply to RDL

2022:02:28-09:22:31 isecsolutions httpproxy[14863]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.50.31" dstip="209.197.3.8" user="" group="" ad_domain="" statuscode="504" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x95845100" url="ctldl.windowsupdate.com/.../pinrulesstl.cab" referer="" error="Connection to server timed out" authtime="0" dnstime="1133" aptptime="50922" cattime="566095" avscantime="0" fullreqtime="122250814" device="0" auth="0" ua="Microsoft-CryptoAPI/10.0" exceptions="av,sandbox,fileextension" category="175" reputation="trusted" categoryname="Software/Hardware" country="United States" country="United States" application="winupdat" app-id="596"
2022:02:28-09:22:55

now Windows Update being blocked as well.
Cancel
Vote Up 0 Vote Down

Cancel
0 RDL over 2 years ago

The following is from AN OLD POST SO IGNORE the errors.....

>>> Modules::Audld::LocalRestriction::_seek_own_country::130()
Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443 (timeout)).

>>> Modules::Audld::LocalRestriction::_seek_own_country::130()
Could not connect to Server us2.utmu2d.sophos.com (status=500 Can't connect to us2.utmu2d.sophos.com:443 (timeout)).

>>> Modules::Audld::LocalRestriction::_seek_own_country::130()
Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443 (timeout)).

>>> Modules::Audld::LocalRestriction::_seek_own_country::130()
Could not connect to Server eu1.utmu2d.sophos.com (status=500 Can't connect to eu1.utmu2d.sophos.com:443 (timeout)).

>>> Modules::Audld::LocalRestriction::_seek_own_country::130()
Could not connect to Server eu2.utmu2d.sophos.com (status=500 Can't connect to eu2.utmu2d.sophos.com:443 (timeout)).

but at least it gives what may still be the upmu2d nslookup names. appears they're all on amazon aws which is never ever good, single point of failure. I hope someone from sophos logs into here and reads this and looks into it, many of us don't have time to call sophos tech support and wait on hold for hours and still not get resolution. Is some employee from sophos reading this???
Cancel
Vote Up 0 Vote Down

Cancel
0 PatrickLee over 2 years ago in reply to RDL

I was wondering restoring to 9.708-6 would also restore previous pattern updates?
Cancel
Vote Up +1 Vote Down

Cancel
0 RDL over 2 years ago in reply to PatrickLee

That would be interesting,,,, let me see if i can do that, i have some virtual sophos UTMs... let me see if there is a restore point. please hold, i'll do it now
Cancel
Vote Up 0 Vote Down

Cancel
0 RDL over 2 years ago in reply to PatrickLee

powering back on a VM utm 9.708 that worked just fine.... will see if pattern update works.
Cancel
Vote Up 0 Vote Down

Cancel