This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.601 - RED issues!

Since upgrading all our customers to 9.601, a bigger part of them are complaining about RED's re/disconnection in a no-pattern way.

It started for all of them just the night we upgraded to 9.601, and they all are on different ISP's and located different places around the country.

Been with Sophos support for 2 hours today, and now they escalated it to higher grounds.

Will return with an update....

Suspicious entries in the log - but all connected REDs do this before connection:

2019:03:06-15:15:38 fw01-2 red_server[17509]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems

2019:03:06-15:15:46 fw01-2 red2ctl[12420]: Missing keepalive from reds3:0, disabling peer xxx.xxx.xxx.xxx

I know the last line is written before the tunnel disconnects, because there was no "PING/PONG" answer...

One customer has 2 x RD 50, one 1 100% stable and the other fluctuates in random intervals - we replaced this with a new RED 50, but the same thing occurs.



This thread was automatically locked due to age.
Parents
  • I've had similar problems with a Red 15 which wouldn't connect after an update on the UTM, this Red15 was configured in Split Mode and after the update it was unable to reconnect. Found that by changing the config to use the IP address of the UTM rather than an FQDN allowed it to reconnect (but only if i connected the Red15 to a network already connected to the internet and has a DHCP server).

    The UTM was then upgraded to 9.605 which caused the configs to be reloaded, which subsequently lost the connection again, but moving it to the other network gets it connected again and it loaded the latest firmware.

    Yesterday, i had a random disconnect looking in the server logs, the following occured:-

    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev1 fw version set to 14
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev2 local fw version set to 5214R2
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev2 fw version set to 2005R2
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED15(w) fw version set to 1-424-7131d4e52-e9f0c31
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED50 fw version set to 1-424-7131d4e52-0000000
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: IO::Socket::SSL Version: 1.953
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: Startup - waiting 15 seconds ...
    2019:09:03-09:46:32 sophos-2 red2ctl[4635]: Starting REDv2 control daemon
    2019:09:03-09:46:47 sophos-2 red_server[7747]: UPLOAD: Uploader process starting
    2019:09:03-09:46:47 sophos-2 red_server[4626]: SELF: (Re-)loading device configurations
    2019:09:03-09:46:48 sophos-2 red_server[4626]: A3502xxxxxxxxxx: New device
    2019:09:03-09:46:48 sophos-2 red_server[4626]: A3502xxxxxxxxxx: Staging config for upload
    2019:09:03-09:46:48 sophos-2 red_server[4626]: A350XXXXXXXXXXX: New device
    2019:09:03-09:46:48 sophos-2 red_server[4626]: A350XXXXXXXXXXX: Staging config for upload
    2019:09:03-09:46:48 sophos-2 red_server[7747]: [A3502xxxxxxxxxx] Config has not changed, no need to upload to registry service
    2019:09:03-09:46:48 sophos-2 red_server[7747]: [A350XXXXXXXXXXX] Config has not changed, no need to upload to registry service

     

    Not sure what triggered the server to do this, but it did disconnect my Red15, maybe the above is what maybe causing the random disconnects.

    With the Red15 being in Split mode, if the tunnel goes down we lose access to the internet, which probably means that the Red15 can't find the server also.

     

  • The last upgrade was too 9.605-1 not 9.601

  • Hi John and welcome to the UTM Community!

    Have you tried the corrective measures suggested above in the last page or two?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob, my Red 15 is working again (fingers crossed), after the problems caused by a update.

    My main reason for posting was to find out what the server was doing, when the following was included on the log:

    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev1 fw version set to 14
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev2 local fw version set to 5214R2
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev2 fw version set to 2005R2
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED15(w) fw version set to 1-424-7131d4e52-e9f0c31
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED50 fw version set to 1-424-7131d4e52-0000000

    And why the above caused the Red15 to drop the connection, it could be the cause of the intermittent drops others have had, and whether anything can be done to stop this occuring again.

  • Just had a disconnect again, something on the server is killing the clients as can be seen below:- 

     

    2019:09:05-10:24:04 sophos-2 red_server[8534]: A3502xxxxxxxxxx: command '{"data":{"seq":10915},"type":"PING"}'
    2019:09:05-10:24:04 sophos-2 red_server[8534]: A3502xxxxxxxxxx: Sending json message {"data":{"seq":10915},"type":"PONG"}
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: shutdown requested, killing clients
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: killing client A3502xxxxxxxxxx
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: killing client A350XXXXXXXXXXX
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: exiting
    2019:09:05-10:24:13 sophos-2 red_server[8534]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A3502xxxxxxxxxx" forced="0"
    2019:09:05-10:24:13 sophos-2 red_server[8534]: A3502xxxxxxxxxx is disconnected.
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED10rev1 fw version set to 14
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED10rev2 local fw version set to 5214R2
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED10rev2 fw version set to 2005R2
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED15(w) fw version set to 1-424-7131d4e52-e9f0c31
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED50 fw version set to 1-424-7131d4e52-0000000
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: IO::Socket::SSL Version: 1.953
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: Startup - waiting 15 seconds ...
    2019:09:05-10:24:15 sophos-1 red2ctl[26730]: Starting REDv2 control daemon
    2019:09:05-10:24:18 sophos-2 red2ctl[4635]: Stopping REDv2 control daemon
    2019:09:05-10:24:30 sophos-1 red_server[26721]: SELF: Overlay-fw has been updated ...
    2019:09:05-10:24:30 sophos-1 red_server[27555]: UPLOAD: Uploader process starting
    2019:09:05-10:24:30 sophos-1 red_server[26721]: SELF: (Re-)loading device configurations
    2019:09:05-10:24:30 sophos-1 red_server[26721]: A350XXXXXXXXXXX: New device
    2019:09:05-10:24:30 sophos-1 red_server[26721]: A350XXXXXXXXXXX: Staging config for upload
    2019:09:05-10:24:31 sophos-1 red_server[26721]: A3502xxxxxxxxxx: New device
    2019:09:05-10:24:31 sophos-1 red_server[26721]: A3502xxxxxxxxxx: Staging config for upload
    2019:09:05-10:24:31 sophos-1 red_server[27555]: [A350XXXXXXXXXXX] Config has not changed, no need to upload to registry service
    2019:09:05-10:24:31 sophos-1 red_server[27555]: [A3502xxxxxxxxxx] Config has not changed, no need to upload to registry service
    2019:09:05-10:27:34 sophos-1 red_server[27977]: SELF: Cannot do SSL handshake on socket accept from '83.xxx.xxx.xxx': SSL connect accept failed because of handshake problems
    2019:09:05-10:29:06 sophos-1 red_server[28072]: SELF: Cannot do SSL handshake on socket accept from '83.xxx.xxx.xxx': SSL connect accept failed because of handshake problems

     

    When the Red loses the connection it cannot reconnect unless i physical change the network its connected too.

Reply
  • Just had a disconnect again, something on the server is killing the clients as can be seen below:- 

     

    2019:09:05-10:24:04 sophos-2 red_server[8534]: A3502xxxxxxxxxx: command '{"data":{"seq":10915},"type":"PING"}'
    2019:09:05-10:24:04 sophos-2 red_server[8534]: A3502xxxxxxxxxx: Sending json message {"data":{"seq":10915},"type":"PONG"}
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: shutdown requested, killing clients
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: killing client A3502xxxxxxxxxx
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: killing client A350XXXXXXXXXXX
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: exiting
    2019:09:05-10:24:13 sophos-2 red_server[8534]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A3502xxxxxxxxxx" forced="0"
    2019:09:05-10:24:13 sophos-2 red_server[8534]: A3502xxxxxxxxxx is disconnected.
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED10rev1 fw version set to 14
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED10rev2 local fw version set to 5214R2
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED10rev2 fw version set to 2005R2
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED15(w) fw version set to 1-424-7131d4e52-e9f0c31
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED50 fw version set to 1-424-7131d4e52-0000000
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: IO::Socket::SSL Version: 1.953
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: Startup - waiting 15 seconds ...
    2019:09:05-10:24:15 sophos-1 red2ctl[26730]: Starting REDv2 control daemon
    2019:09:05-10:24:18 sophos-2 red2ctl[4635]: Stopping REDv2 control daemon
    2019:09:05-10:24:30 sophos-1 red_server[26721]: SELF: Overlay-fw has been updated ...
    2019:09:05-10:24:30 sophos-1 red_server[27555]: UPLOAD: Uploader process starting
    2019:09:05-10:24:30 sophos-1 red_server[26721]: SELF: (Re-)loading device configurations
    2019:09:05-10:24:30 sophos-1 red_server[26721]: A350XXXXXXXXXXX: New device
    2019:09:05-10:24:30 sophos-1 red_server[26721]: A350XXXXXXXXXXX: Staging config for upload
    2019:09:05-10:24:31 sophos-1 red_server[26721]: A3502xxxxxxxxxx: New device
    2019:09:05-10:24:31 sophos-1 red_server[26721]: A3502xxxxxxxxxx: Staging config for upload
    2019:09:05-10:24:31 sophos-1 red_server[27555]: [A350XXXXXXXXXXX] Config has not changed, no need to upload to registry service
    2019:09:05-10:24:31 sophos-1 red_server[27555]: [A3502xxxxxxxxxx] Config has not changed, no need to upload to registry service
    2019:09:05-10:27:34 sophos-1 red_server[27977]: SELF: Cannot do SSL handshake on socket accept from '83.xxx.xxx.xxx': SSL connect accept failed because of handshake problems
    2019:09:05-10:29:06 sophos-1 red_server[28072]: SELF: Cannot do SSL handshake on socket accept from '83.xxx.xxx.xxx': SSL connect accept failed because of handshake problems

     

    When the Red loses the connection it cannot reconnect unless i physical change the network its connected too.

Children
No Data