This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.601 - RED issues!

Since upgrading all our customers to 9.601, a bigger part of them are complaining about RED's re/disconnection in a no-pattern way.

It started for all of them just the night we upgraded to 9.601, and they all are on different ISP's and located different places around the country.

Been with Sophos support for 2 hours today, and now they escalated it to higher grounds.

Will return with an update....

Suspicious entries in the log - but all connected REDs do this before connection:

2019:03:06-15:15:38 fw01-2 red_server[17509]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems

2019:03:06-15:15:46 fw01-2 red2ctl[12420]: Missing keepalive from reds3:0, disabling peer xxx.xxx.xxx.xxx

I know the last line is written before the tunnel disconnects, because there was no "PING/PONG" answer...

One customer has 2 x RD 50, one 1 100% stable and the other fluctuates in random intervals - we replaced this with a new RED 50, but the same thing occurs.



This thread was automatically locked due to age.
  • Hi Alex,

    one of our customers had issues with his red15 after updating to 9.605 yesterday.

     

    we disabled unified firmware, then the red connected and did a firmware download, then the red came online, everything fine.

     

    seems sophos shipped a broken red firmware.

     

    regards Lukas

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

  • we are on 9.605 with the unified firmware  and have 2 red 50's online, this was upgraded on 21st august

    so its been working fine for over a week now

     

    as i have mentioned 1 red 50 bricked during the upgrade, and have an rma for that (they are saying they have no stock - so no ETA ) 

    i used a spare red 50 and that worked ok 

    to be honest it may have been that i didnt disable the network behind the red,  but as this device had upgraded successfully in the past to 601 then 603  i had thought it was "brick proof" :) 

    we bought 2 spares a long time ago for exactly this sort of eventuality .....

    our other site has suffered 2 or 3 bricks during the 9.6 era   , so we keep one in the cupboard there as a spare,  but this time that  upgraded with no issues

    go figure , its a lottery 

  • Thanks. I’ll do this too. After trying everything mentioned here including shipping an exchange RED to remote location, I am out of ideas for that problem.

    Sophos unfortunately don’t care for that effort on customer side.

    -

  • An XG 85/86 with the base license includes VPN capabilities.  With a 3-year enhanced support subscription, it's about US$30 more per year than a RED 15 with 24-month extended warranty.

    I prefer the SG 115 with Network Protection over a RED 50.  Less expensive than the RED with Warranty Extensions and much more flexible.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • not here in germany.

    the sg115 with a 3 year network protection is 150 € more expensive than the red50 with another 2 year warranty extension. And not all are in need of a red50, especially the red15 now makes 90mbit, hence there is not really a suitable replacement option if you dont want to pay more.

    Of course you can say the 150€ additional price is round about worth 2 hours of an it-technician e.g. investigating the current problems, but when Sophos would do a proper job, we needn't talk about this options!

    Cheers

    Peter

     

     

  • I've had similar problems with a Red 15 which wouldn't connect after an update on the UTM, this Red15 was configured in Split Mode and after the update it was unable to reconnect. Found that by changing the config to use the IP address of the UTM rather than an FQDN allowed it to reconnect (but only if i connected the Red15 to a network already connected to the internet and has a DHCP server).

    The UTM was then upgraded to 9.605 which caused the configs to be reloaded, which subsequently lost the connection again, but moving it to the other network gets it connected again and it loaded the latest firmware.

    Yesterday, i had a random disconnect looking in the server logs, the following occured:-

    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev1 fw version set to 14
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev2 local fw version set to 5214R2
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev2 fw version set to 2005R2
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED15(w) fw version set to 1-424-7131d4e52-e9f0c31
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED50 fw version set to 1-424-7131d4e52-0000000
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: IO::Socket::SSL Version: 1.953
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: Startup - waiting 15 seconds ...
    2019:09:03-09:46:32 sophos-2 red2ctl[4635]: Starting REDv2 control daemon
    2019:09:03-09:46:47 sophos-2 red_server[7747]: UPLOAD: Uploader process starting
    2019:09:03-09:46:47 sophos-2 red_server[4626]: SELF: (Re-)loading device configurations
    2019:09:03-09:46:48 sophos-2 red_server[4626]: A3502xxxxxxxxxx: New device
    2019:09:03-09:46:48 sophos-2 red_server[4626]: A3502xxxxxxxxxx: Staging config for upload
    2019:09:03-09:46:48 sophos-2 red_server[4626]: A350XXXXXXXXXXX: New device
    2019:09:03-09:46:48 sophos-2 red_server[4626]: A350XXXXXXXXXXX: Staging config for upload
    2019:09:03-09:46:48 sophos-2 red_server[7747]: [A3502xxxxxxxxxx] Config has not changed, no need to upload to registry service
    2019:09:03-09:46:48 sophos-2 red_server[7747]: [A350XXXXXXXXXXX] Config has not changed, no need to upload to registry service

     

    Not sure what triggered the server to do this, but it did disconnect my Red15, maybe the above is what maybe causing the random disconnects.

    With the Red15 being in Split mode, if the tunnel goes down we lose access to the internet, which probably means that the Red15 can't find the server also.

     

  • The last upgrade was too 9.605-1 not 9.601

  • Hi John and welcome to the UTM Community!

    Have you tried the corrective measures suggested above in the last page or two?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob, my Red 15 is working again (fingers crossed), after the problems caused by a update.

    My main reason for posting was to find out what the server was doing, when the following was included on the log:

    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev1 fw version set to 14
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev2 local fw version set to 5214R2
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED10rev2 fw version set to 2005R2
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED15(w) fw version set to 1-424-7131d4e52-e9f0c31
    2019:09:03-09:46:32 sophos-2 red_server[4626]: SELF: RED50 fw version set to 1-424-7131d4e52-0000000

    And why the above caused the Red15 to drop the connection, it could be the cause of the intermittent drops others have had, and whether anything can be done to stop this occuring again.

  • Just had a disconnect again, something on the server is killing the clients as can be seen below:- 

     

    2019:09:05-10:24:04 sophos-2 red_server[8534]: A3502xxxxxxxxxx: command '{"data":{"seq":10915},"type":"PING"}'
    2019:09:05-10:24:04 sophos-2 red_server[8534]: A3502xxxxxxxxxx: Sending json message {"data":{"seq":10915},"type":"PONG"}
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: shutdown requested, killing clients
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: killing client A3502xxxxxxxxxx
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: killing client A350XXXXXXXXXXX
    2019:09:05-10:24:13 sophos-2 red_server[4626]: SELF: exiting
    2019:09:05-10:24:13 sophos-2 red_server[8534]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="A3502xxxxxxxxxx" forced="0"
    2019:09:05-10:24:13 sophos-2 red_server[8534]: A3502xxxxxxxxxx is disconnected.
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED10rev1 fw version set to 14
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED10rev2 local fw version set to 5214R2
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED10rev2 fw version set to 2005R2
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED15(w) fw version set to 1-424-7131d4e52-e9f0c31
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: RED50 fw version set to 1-424-7131d4e52-0000000
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: IO::Socket::SSL Version: 1.953
    2019:09:05-10:24:15 sophos-1 red_server[26721]: SELF: Startup - waiting 15 seconds ...
    2019:09:05-10:24:15 sophos-1 red2ctl[26730]: Starting REDv2 control daemon
    2019:09:05-10:24:18 sophos-2 red2ctl[4635]: Stopping REDv2 control daemon
    2019:09:05-10:24:30 sophos-1 red_server[26721]: SELF: Overlay-fw has been updated ...
    2019:09:05-10:24:30 sophos-1 red_server[27555]: UPLOAD: Uploader process starting
    2019:09:05-10:24:30 sophos-1 red_server[26721]: SELF: (Re-)loading device configurations
    2019:09:05-10:24:30 sophos-1 red_server[26721]: A350XXXXXXXXXXX: New device
    2019:09:05-10:24:30 sophos-1 red_server[26721]: A350XXXXXXXXXXX: Staging config for upload
    2019:09:05-10:24:31 sophos-1 red_server[26721]: A3502xxxxxxxxxx: New device
    2019:09:05-10:24:31 sophos-1 red_server[26721]: A3502xxxxxxxxxx: Staging config for upload
    2019:09:05-10:24:31 sophos-1 red_server[27555]: [A350XXXXXXXXXXX] Config has not changed, no need to upload to registry service
    2019:09:05-10:24:31 sophos-1 red_server[27555]: [A3502xxxxxxxxxx] Config has not changed, no need to upload to registry service
    2019:09:05-10:27:34 sophos-1 red_server[27977]: SELF: Cannot do SSL handshake on socket accept from '83.xxx.xxx.xxx': SSL connect accept failed because of handshake problems
    2019:09:05-10:29:06 sophos-1 red_server[28072]: SELF: Cannot do SSL handshake on socket accept from '83.xxx.xxx.xxx': SSL connect accept failed because of handshake problems

     

    When the Red loses the connection it cannot reconnect unless i physical change the network its connected too.