Customers might be unable to connect with us via the Sophos Malaysia Support Hotline number. Our teams are actively working on a fix. In the interim, we request customers to use the backup hotline number - +65 3157 5922 (Singapore) or raise a support request at https://support.sophos.com/.

Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 162493 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Crashplan is blocked

uncleaelfrich
I am trying to use crashplan web restore, but astaro is blocking it. When I look at the firewall log, it says that packets are being dropped with the source ip my computer behind the router (192.168.2.107) and the destination ip port 4285 of the ip address for central.crashplan.com. The firewall log says that "fwrule = 60002." is blocking it.

I have tried to use firewall rules and DNAT rules for this port, but to no avail.

What should I do?

UncleAeflrich
Los Angeles, CA


This thread was automatically locked due to age.
  • 0
    Google on site:astaro.org netflix and then limit the search to the last month.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Google on site:astaro.org netflix and then limit the search to the last month.

    Cheers - Bob


    Hi Bob,
    Thanks for getting back to me. I am trying to find what you want me to look at but I cant. Could you please post the link you want me to look at?

    Thank you
  • 0
    Thanks for the post, I also recently started using Sophos and just got Crashplan working with the directions above.
  • 0 in reply to Recalluk
    1) In UTM add a DNS Group entry for central.crashplan.com (should return 11 ip).

    2) In CrashPlan open the Destinations section and the "cloud" tab, click crashplan central and look at the value in "Internet Address" .. note this down.

    3) In UTM Create a DNS Host with the name you noted in the step before. (You dont need the port part ":443"). - If the value was an IP Address create a host entry instead.

    4) IN the UTM now create a group Network Group and drop the previously created entries into it.

    5) In Web Filtering -> Filtering Options -> Misc Tab, drop the new group you created into the Skip transparent mode destination hosts/nets and save.

    Should now be working.

    One thing to note however, Crashplan assigns a unique GID to each machine and the location found in step 2 can be different for each machine. (Once assigned it doesnt change) so if you use multiple machines to your central cloud then you may well have different IP addresses. (Crashplan uses a distributed datacentre environment).

    If this is the case just add that extra address as another host in the group and it will maintain that way.

    Hope this helps


    Thank you VERY VERY VERY much! Been struggling for two weeks now trying to get Crashplan working - I think my issue was I kept using a DNS host instead of group (not knowing there were 11 IPs instead of a single-one.)
  • 0 in reply to Recalluk
    Thanks, worked for me!

    Just to make it a little more noob (like me) friendly, and save a few hours of banging your head against the keyboard:

    A.) if you can't see internet address in the cloud tab, turn off web filtering and try to reconnect crashplan. Should populate, at least mine did.

    B.) DNS Group, DNS Host and Network group are all in "Definitions & Users>>Network Definitions>>New Network definition>>Type (drop down)"

    C.)Scroll over the notes( I guess they are notes) area to get the ip's generated after creating the DNS groups. Either it will be there or there will be an orange drop down. These (ip's from BOTH DNS groups [this is what got me and prompted this reply])go in the Network group as Hosts.

    D.) If you turned off Web filtering turn it back on.

    F.) ENJOY

    Thanks again for the how to, I love when they work.
  • 0

    I've taken a slightly different and more broad approach because the previous solution doesn't last when Crashplan randomly changes the backup URL.

    I've got three servers on the Pro plan, and have gone through 5 URL changes since the UTM was deployed in November. On the most recently added server Crashplan has changed the destination URL twice in 3 days, so a new solution was in order.

    I noticed all of the previous URLs I had been assigned were in the 162.222.4x.0 range.

    I checked ARIN's network registration for Code42 and verified that they have been assigned the 162.222.40.0/21 block (162.222.40.0-162.222.47.255).

    Therefore, I've added that entire /21 network an exception.

    Since the central.crashplan.com and central.crashplanpro.com hostnames have both been used on my Pro plan in the past, I kept them both as separate DNS group entries.

    In summary, 

    Go to Web Protection > Filtering Options > Misc tab

    Add the following:

    Crashplan - Sophos - backup connection failure solution

Unfiltered HTML