Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
My HTTPS signing CA cert was due to expire in the next 30 days so I regenerated the cert: Web Protection / Filtering Options / HTTPS CAs / Regenerate
After doing this internal hosts were not able to retrieve the new cert from http://passthrough.fw-notify.net/cacert.pem, connections time out
I have done the following but nothing resolves the issue:
1) Uploaded the original cert to the UTM
2) Didn't find any clues in the logs
3) Regenerated another new cert
5) Waited overnight for some magic to happen... ;-}
At this point I'm stumped and am looking for help to resolve this.
Have restored the last backup prior to regenerating the CA cert and then rebooted. Tested retrieving the CA cert via URL above, both after the restore and the reboot. Connection to the UTM still times out.
The backup that was restored was made at the time of the update from 9.714 to 9.715 for what that's worth.
As mentioned in my reply to Bob Alfson, as a home user I do not have a support contract. That said, I would appreciate any assistance that Sophos support may offer.
What happens if you go back to 9.714?
Personally I never jump on updates as soon as they're released. Usually 3-6 months after if no issues.
I have not tried to roll back to 9.714, I've never had to roll back a UTM release (a testament to Sophos QA) so don't know the procedure. Unless I'm mistaken, the up2date packages are only designed to go forward.
Save the latest 9.714 config file to somewhere else and reinstall the iso.
If I were running this bare metal, I would make create a system backup image (acronis, clonezilla, etc..) before applying any updates.
Should be standard procedure to make backup of some sort before installing updates....
Thanks for the confirmation, that's what I expected the roll-back to require.