This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.601 - RED issues!

Since upgrading all our customers to 9.601, a bigger part of them are complaining about RED's re/disconnection in a no-pattern way.

It started for all of them just the night we upgraded to 9.601, and they all are on different ISP's and located different places around the country.

Been with Sophos support for 2 hours today, and now they escalated it to higher grounds.

Will return with an update....

Suspicious entries in the log - but all connected REDs do this before connection:

2019:03:06-15:15:38 fw01-2 red_server[17509]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems

2019:03:06-15:15:46 fw01-2 red2ctl[12420]: Missing keepalive from reds3:0, disabling peer xxx.xxx.xxx.xxx

I know the last line is written before the tunnel disconnects, because there was no "PING/PONG" answer...

One customer has 2 x RD 50, one 1 100% stable and the other fluctuates in random intervals - we replaced this with a new RED 50, but the same thing occurs.



This thread was automatically locked due to age.
Parents
  • An L2 from Sophos just fixed this for us. We had to ssh in and revert the firmware of all the reds. we have been stable for 45 minutes. I will come back and update if it comes back. Funny thing is it only effected one Red 50 of my 7.

  • Devin Gray said:

    An L2 from Sophos just fixed this for us. We had to ssh in and revert the firmware of all the reds. we have been stable for 45 minutes. I will come back and update if it comes back. Funny thing is it only effected one Red 50 of my 7.

     

     

    Glad to hear Devin, been with Sophos Support 2 hours yesterday and 1,5 hour today with L2, the talked about the new "unified firmware" could cause the troubles, but as one RED 50 is online with no issues, and the other is not, they could not confirm it.

     

    They talked about other similar incidents as mine and took a lot of snaphots from the logs and iptables and would return later on.

     

    Also funny thing, we have more than 250 UTM's in our SUM, only 4 customers have issues, and out of thoose 4, which have several REDs connected, only ONE of their REDs at each location, have issues!!! :-O

     

    They told me a "workaround" to maybe make it more stable, was to run in standard/split mode, but I still see re/disconnects.

     

    Will keep you posted!

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Working from the information above regarding support rolling back RED firmware, we had no success and are needing to replace the devices having issues. The following sequence of events in continual loop. Very strange since we updated the UTM's to 9.601 weeks ago. Two of three on the same UTM are dead and the third one is just fine....for now.

    Starting RED, Network Setup

    1. Network Setup

    2. ID A34xxxxxxxxxxxx

    3. Try wan1

    4. Firmware update 1/6 downloading

    5. Try Prov. Server

    6. Try wan2

    7. Network Setup

    8. Try wan1

    9. Try wan2

    10. Shutting down…

  • Thats exactly the same issue I am having with my RED50.

    Tried chanching and deleting the configuration in the UTM. Doesent work.

Reply Children
No Data