Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 8321 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebUI not responding anymore on port 4443. How to regain access to HA pair?

JustinRadke

I was able to manage the firewall pair (HA pair of SG230's) last week with no problems. Today I cannot login to make needed changes. The webui on port 4443 times out in the browser. I was hoping I could SSH in and could restart a service but I can't SSH to it either. I can see the Userportal on 4444 but not the webmin interface. I would prefer to regain access to the system without failing over the FW's or rebooting them because that will cause disruptions to our business. 

Any suggestions on regaining access to the Web interface? 



This thread was automatically locked due to age.
  • 0

    Hi,

    Please refer https://community.sophos.com/kb/en-US/121961.

    Hope that helps.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    Did you change the default port configuration? Normally the webadmin is on 4444 and not 4443.

  • 0

    Hi, Justin, and welcome to the UTM Community!

    As Dlabun comments above, port 4444 is used for WebAdmin unless changed.  Port 4443 is reserved for use by a SUM for Remote Management.  If you changed the WebAdmin port to 4443 (I thought that wasn't possible), then you have, effectively, locked yourself out.

    Instead of logging in via SSH, you can connect a keyboard and monitor to the Master and login directly as root at the console.  You can check the port as root at the command line with cc get webadmin port and change it back to 4444 with cc set webadmin port 4444. Once you've made the changes on the Master, you must run ha_utils ssh to access the slave to make the identical changes.

    Another solution would require several minutes of downtime:

    1. Put a prior Configuration Backup in the root of a USB memory stick.
    2. Insert the USB key into the current Master.
    3. Shut down the Slave.
    4. Force a Reboot of the Master.
    5. A minute or so after the Master has started to boot, restart the Slave node.

    This will return WebAdmin Access to port 4444.  Was that your problem?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Thankfully we got it resolved but not without this embarrassment. It was discovered that two of the monitoring stations we use to manage the firewalls from had their IP's changed recently when they were upgraded. So the problem was the source IP having authorized access to the FW's.

    Thanks everyone for your suggestions and assistance.

Unfiltered HTML