Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 2924 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Some RED devices showing LED error indicating "The gateway is reachable, but the internet cannot be reached."

rccleveland

We just migrated from the UTM firewall to an XG firewall and re-programmed all of out RED devices that were on the UTM into the new XG firewall.

Many of the RED devices connected to the provisioning servers fine and downloaded their new connections and re-established the tunnel connection just fine.

Others are failing with the System light flashing RED and Internet Light flashing green, which indicates the Gateway is reachable, but the internet is not.

Nothing has changed with the internet setup where these RED devices once worked fine, but now will not.

We have brought some of them back to HQ to our test connection that is a Separate ISP, and the REDs come up fine and establish a tunnel with the XG.

When we send the Sophos RED back to the location they are from, the same issue comes back.

What is the difference between the OLD UTM and the NEW XG provisioning that would cause this?

Like I said.  Nothing has changed at the location where these RED devices are located, and once worked fine?



This thread was automatically locked due to age.
  • 0

    Hi,

    first ... which RED device type do you use?

    Possible you have fixed IP's (no DHCP) at some of your locations? 


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Mix of RED 15 and RED 15W devices.  All using DHCP uplink.  All worked before we moved from UTM to XG.

    We are seeing the following in the red.log for these devices:

    Wed Jan 5 12:30:29 2022 REDD ERROR: server: Can not do SSL handshake on Socket accept from xx.xx.xx.xx: SSL accept attempt failed because of handshake problems
    Wed Jan 5 12:30:36 2022 REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xx.xx.xx.xx': SSL accept attempt failed because of handshake problems error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate

  • 0 in reply to rccleveland

    Do you "harden" something within XG?

    I would try different settings within system-services/RED


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    The majority of our RED 15, 15W and RED 50 devices are working fine.

    We only have a few RED 15W RED 15 devices that are doing this.

  • 0

    Hi and welcome to the UTM Community!

    Since this is an issue with an XG and not a UTM, should I move this thread to the XG Community?

    Cheers -  Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML