Thread Info
  • Locked Locked
  • Replies 5 replies
  • Subscribers 8 subscribers
  • Views 14943 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Proxy reloads config every 60 seconds after upgrade to 9.407-3?

AdamMickiewicz

Hello,

It looks that web proxy reloads its config every 60 second after upgrading UTM 9 to version 9.407-3. Is it a bug? Is there any workaround to disable this auto config reloads?

regards,

Adam

2016:10:06-08:58:34 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="587" message="reloading config"
2016:10:06-08:58:34 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="643" message="reloading config done, new version 81"
2016:10:06-08:59:34 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="587" message="reloading config"
2016:10:06-08:59:35 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="643" message="reloading config done, new version 84"
2016:10:06-08:59:35 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="587" message="reloading config"
2016:10:06-08:59:35 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="643" message="reloading config done, new version 84"
2016:10:06-08:59:35 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="587" message="reloading config"
2016:10:06-08:59:36 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="643" message="reloading config done, new version 84"
2016:10:06-09:00:22 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="early_scr_scanner.c" line="719" message="reloading list (1)"
2016:10:06-09:00:35 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="587" message="reloading config"
2016:10:06-09:00:35 gate01-mnet httpproxy[28218]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="643" message="reloading config done, new version 85"



This thread was automatically locked due to age.
Parents

  • Hi Adam,

    Welcome to Sophos Community.

    It doesn't happen on every 9.407-3 install. In fact, I still cannot reproduce the scenario after a fresh install of 9.407-3. I think something else is causing the mdw to restart. What do the kernel.log and confd.log reflect, any particulars?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • in reply to sachingurung

    Hi Sachin, 

    Thank you for your reply and pointing me into right direction in troubleshooting!

    I have found in the confd.log that the issue is caused by frequently changing IP address in one of the DNS group objects, which I used in my transparent proxy skip list. The IP changed every 60 seconds which caused the issue. In fact there are 2 IPs associated with one DNS name (my work network perimeter firewall load balancer). I think that previously these 2 IPs were correctly recognized and recorded in the DNS group, but now I see just one IP and changing every 60 sec. But it is possible that something changed in my work network as well, which caused this issue... 

    Anyway, I have deleted the DNS group object and created two static Host entries which I added to transparent proxy skiplist. Not a perfect solution as this requires manually updating them in case my work network changed load balancer IPs, but this does not happen so often.

    Once again thank you for your reply!

    regards,

    Adam

  • in reply to AdamMickiewicz

    Does the web proxy reloads cause any issues? Mine reloads regularly. I assume it is because entries in my skiplist have multiple IP addresses. If the dns-resolver is only recording the first entry and my upstream DNS is 'round robin'ing the IP addresses then the IP address will change on every query .

Reply
  • in reply to AdamMickiewicz

    Does the web proxy reloads cause any issues? Mine reloads regularly. I assume it is because entries in my skiplist have multiple IP addresses. If the dns-resolver is only recording the first entry and my upstream DNS is 'round robin'ing the IP addresses then the IP address will change on every query .

Children
No Data
Unfiltered HTML