Thread Info
  • Locked Locked
  • Replies 16 replies
  • Subscribers 8 subscribers
  • Views 7699 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF issues after upgrading to 9.602-3

Henri04

Hi,

 

after upgrading from 9.601-5 to 9.602-3 we experienced issues ( intermittently lost packets and rejected connections) at some Apps (Kerio Connect), all HTTPS only.

Rollback to 9.601-5 fixed the problems. Found no useful messages in the WAF/FW logs. We have 13 Apps in the WAS config defined, maybe a number with a bad Karma.

 

Thanks

 

Henri 



This thread was automatically locked due to age.
Parents

  • Hallo Henri,

    Occasionally, the Up2Date process "breaks" something in the configuration.  Restoring the configuration backup made just before the last Up2Dates were applied gives the system another shot at upgrading the configuration databases. This is often all that's needed to fix a situation like yours.  If it doesn't, then I recommend rebooting several times before deciding to re-image from ISO.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    Hi Bob,

     

    thanks four your reply.

     

    I tried to restore config and upgrade again. Same issue. After tracing a bit, in case of such an error, the WAF does not receive a https packet, it's rejected in between.

    There is also no trace entry in the firewall log, a nmap receives a syn reject. A few seconds later on, the issue is gone, the connection works again fine, and so on ...

    Could you please give me a ping, when this issue is solved? Have here complex WAF exceptions, it took very long to create/test it, therefor a reinstall is no option.

    I will stay at this FW version.

     

    Thanks

     

    Henri

  • in reply to Henri04

    Hello,


    I think so that the problem is related to this one
    https://community.sophos.com/products/unified-threat-management/f/german-forum/112719/seit-update-auf-9-602-3-probleme-mit-webfilter-https

    Br McWolle

    Sophos Certified Engineer (SCE)
    Sophos Certified Architect (SCA)

Reply Children
No Data
Unfiltered HTML