Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 3472 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Interface network and broadcast definition not updating after subnet mask change

Andreas Gunleikskaas

Under Interfaces the subnet mask / CIDR of the LAN interface have been updated from /21 to /22 :

 

But under Network Definitions the network and broadcast have not been updated:

 

The UTM have been restarted after the change.
The UTM is part of HA.
The error is present on both devices.
From command line ifconfig show correct subnet mask.
Additional addresses on the LAN interface have also been updated with new CIDR.

Can probably be fixed with deleting and recreating the interface, but would really prefer not to do that.

I'm a bit familiar with CC on the command line if there can be a solution to force the change on the objects from there.

 

From CC point of view:

OBJS itfparams primary > REF_ItfParamsDefaultInternal
    shows the correct netmask

OBJS network interface_network > REF_DefaultInternalNetwork
OBJS network interface_broadcast > REF_DefaultInternalBroadcast
    shows wrong netmask and broadcast address

Can this be forcefully changed from CC or are they automatically configured?



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Andreas, an welcome to the UTM Community!

    Before doing surgery with cc, have you tried restoring a recent configuration backup and making your changes again?  You might need to go back to the one made just before the last time you applied Up2Dates.

    If that doesn't work, objects and settings are the permanent configuration databases - WebAdmin just manipulates them.  You really should have Sophos Support fix this with cc if they think it's possible.

    I would go with replacing the Interface.  As a Solution Partner, it's easier for me to get a demo license to do this in a virtual machine, make a new config backup and then restore the backup to the production device.  Of course, if you have a software license, or can temporarily disconnect the Slave in an HA environment, you don't need the demo license.

    Once you have the configuration where you can modify it without disrupting production, it's easy to connect to WebAdmin via the External interface.  Make an Interface "New Internal" on an unused NIC and get a screen capture of the places that "Internal" is used ("i" in blue dot).  Replace "Internal" with "New Internal" everywhere according to your screencap.  When complete, delete "Internal" and change the IP and NIC of "New Internal" to the ones that "Internal" had.  Optionally, delete the word "New" in the new interface.  Betyr det fungere?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi, Andreas, an welcome to the UTM Community!

    Before doing surgery with cc, have you tried restoring a recent configuration backup and making your changes again?  You might need to go back to the one made just before the last time you applied Up2Dates.

    If that doesn't work, objects and settings are the permanent configuration databases - WebAdmin just manipulates them.  You really should have Sophos Support fix this with cc if they think it's possible.

    I would go with replacing the Interface.  As a Solution Partner, it's easier for me to get a demo license to do this in a virtual machine, make a new config backup and then restore the backup to the production device.  Of course, if you have a software license, or can temporarily disconnect the Slave in an HA environment, you don't need the demo license.

    Once you have the configuration where you can modify it without disrupting production, it's easy to connect to WebAdmin via the External interface.  Make an Interface "New Internal" on an unused NIC and get a screen capture of the places that "Internal" is used ("i" in blue dot).  Replace "Internal" with "New Internal" everywhere according to your screencap.  When complete, delete "Internal" and change the IP and NIC of "New Internal" to the ones that "Internal" had.  Optionally, delete the word "New" in the new interface.  Betyr det fungere?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML