Hi all,
I recently got the responsibility to manage our internal UTM firewalls as the previous guy who managed it left. Devices was running 9.510 and hadn't been updated ever since I started there, which is about 2 years. After some bugs and other issues we experienced, I decided to update the firewalls. Funny enough, they had always stated on the dashboard that they were up-to-date (which wasn't true).
Got the firewalls updated to the latest 9.701-6 with little hazzle, now I am getting several Up2Date errors. I have attempted some debugging in the CLI, where I get the same errors (something about malformed xml files):
# audld.plx --dryrun --level d
>>> Modules::HaHandler::ha_state::231()
running on HA master system or cluster node
Starting Up2Date Package Downloader
>>> Modules::Audld::SystemAttributes::get::35()
Start fetching system attributes ...
>>> Modules::Audld::Cfg::U2d::_valid_u2d_types::134()
Selected update types: cadata sys man9 geoip aws clvbrowser ohelp9 savi
>>> Modules::Audld::Cfg::U2d::_u2d_patch_possible::198()
disabling patch up2dates (confd hint)
>>> Modules::Audld::Cfg::Proxy::_get_config::122()
>> proxy configuration: $VAR1 = {
'status' => 0
};
Using static update server list in HA mode
>>> Modules::Audld::LocalRestriction::_seek_own_country::131()
My official IP address: ip2 (DE)
>>> Modules::Audld::LocalRestriction::get_unrestricted::69()
using the following servers: $VAR1 = [
'us1.utmu2d.sophos.com',
'us2.utmu2d.sophos.com',
'sg1.utmu2d.sophos.com',
'eu1.utmu2d.sophos.com',
'eu2.utmu2d.sophos.com'
];
>>> Modules::Audld::Authentication::start::61()
>>>>>> START up2date authentication
>>> Modules::Audld::Authentication::_build_request_str::113()
Auth attribs:
{
'asg' => '310',
'build' => 'msi-9.407-4.1.iso',
'ccc' => '2805',
'feature_accd' => 0,
'feature_afc' => 0,
'feature_agent' => 0,
'feature_av' => 1,
'feature_encrypt' => 0,
'feature_epp' => 0,
'feature_ftp' => 0,
'feature_fw' => '1',
'feature_ha' => 'HA',
'feature_http' => 1,
'feature_im_p2p_iptv' => 0,
'feature_ips' => 0,
'feature_mobile_control' => 0,
'feature_pop3' => 0,
'feature_ra' => 1,
'feature_red' => 0,
'feature_s2s' => 1,
'feature_smtp' => 0,
'feature_spam' => 0,
'feature_spy' => 1,
'feature_u2dcache' => 0,
'feature_waf' => 0,
'feature_wireless' => 0,
'hid' => '95ca7563303799f0d4215f8e72c6ea4b',
'lid' => '1243938',
'luips' => '9999',
'oem' => '',
'pkg_aws' => '0',
'pkg_cadata' => '0',
'pkg_clvbrowser' => '0',
'pkg_geoip' => '0',
'pkg_man9' => '0',
'pkg_ohelp9' => '0',
'pkg_savi' => '0',
'pkg_sys' => '9-701006',
'product' => 'TM_GROMIT',
'uips' => 0,
'ver' => '9.701'
}
Authenticating ...
>>> Modules::Audld::Authentication::OutboundIface::_get_address::54()
using default gw to find outgoing interface for 'us1.utmu2d.sophos.com'
>>> Modules::Audld::Authentication::OutboundIface::_get_interface::102()
outbound interface for 'us1.utmu2d.sophos.com' (ip1) : eth1 (ip1)
>>> Modules::Audld::Authentication::_authenticate::158()
Authentication request: us1.utmu2d.sophos.com:443/u2dauth.pl
>>> Modules::Audld::Authentication::XML::check::45()
ILLEGAL XML doc received
>>> Modules::Audld::Authentication::XML::check::52()
Authentication Server us1.utmu2d.sophos.com: 'ERR_XX' 'Server sent a mis-formed XML document: <u2d>error</u2d>
'
>>> Modules::Audld::Authentication::OutboundIface::_get_address::54()
using default gw to find outgoing interface for 'us2.utmu2d.sophos.com'
>>> Modules::Audld::Authentication::OutboundIface::_get_interface::102()
outbound interface for 'us2.utmu2d.sophos.com' (ip1) : eth1 (ip1)
>>> Modules::Audld::Authentication::_authenticate::158()
Authentication request: us2.utmu2d.sophos.com:443/u2dauth.pl
>>> Modules::Audld::Authentication::XML::check::45()
ILLEGAL XML doc received
>>> Modules::Audld::Authentication::XML::check::52()
Authentication Server us2.utmu2d.sophos.com: 'ERR_XX' 'Server sent a mis-formed XML document: <u2d>error</u2d>
'
>>> Modules::Audld::Authentication::OutboundIface::_get_address::54()
using default gw to find outgoing interface for 'sg1.utmu2d.sophos.com'
>>> Modules::Audld::Authentication::OutboundIface::_get_interface::102()
outbound interface for 'sg1.utmu2d.sophos.com' (ip1) : eth1 (ip1)
>>> Modules::Audld::Authentication::_authenticate::158()
Authentication request: sg1.utmu2d.sophos.com:443/u2dauth.pl
>>> Modules::Audld::Authentication::XML::check::45()
ILLEGAL XML doc received
>>> Modules::Audld::Authentication::XML::check::52()
Authentication Server sg1.utmu2d.sophos.com: 'ERR_XX' 'Server sent a mis-formed XML document: <u2d>error</u2d>
'
>>> Modules::Audld::Authentication::OutboundIface::_get_address::54()
using default gw to find outgoing interface for 'eu1.utmu2d.sophos.com'
>>> Modules::Audld::Authentication::OutboundIface::_get_interface::102()
outbound interface for 'eu1.utmu2d.sophos.com' (ip1) : eth1 (ip1)
>>> Modules::Audld::Authentication::_authenticate::158()
Authentication request: eu1.utmu2d.sophos.com:443/u2dauth.pl
>>> Modules::Audld::Authentication::XML::check::45()
ILLEGAL XML doc received
>>> Modules::Audld::Authentication::XML::check::52()
Authentication Server eu1.utmu2d.sophos.com: 'ERR_XX' 'Server sent a mis-formed XML document: <u2d>error</u2d>
'
>>> Modules::Audld::Authentication::OutboundIface::_get_address::54()
using default gw to find outgoing interface for 'eu2.utmu2d.sophos.com'
>>> Modules::Audld::Authentication::OutboundIface::_get_interface::102()
outbound interface for 'eu2.utmu2d.sophos.com' (ip1) : eth1 (ip1)
>>> Modules::Audld::Authentication::_authenticate::158()
Authentication request: eu2.utmu2d.sophos.com:443/u2dauth.pl
>>> Modules::Audld::Authentication::XML::check::45()
ILLEGAL XML doc received
>>> Modules::Audld::Authentication::XML::check::52()
Authentication Server eu2.utmu2d.sophos.com: 'ERR_XX' 'Server sent a mis-formed XML document: <u2d>error</u2d>
'
>>> Modules::Audld::Authentication::_handle_failure::235()
All 5 Authentication Servers failed
Authentication failed, no valid answer from Authentication Servers
We have 2 different WAN links, both the same speed and metric but different IPv4 subnets, that's why official IP address is detected with one IP and the requests goes out with another. Could this be the issue? Not exactly sure it was setup this way, other than that they wanted to use all the bandwidth available.
Someone have a clue? google doesn't dig up much, other than that people opened a ticket at sophos.
Side question: Can I change the metrics in work hours without killing sessions already using the second line?
Thank you!
Chris
This thread was automatically locked due to age.