This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

REDs connectivity issues to an SG450 HA Cluster

Hello Support Community,

on of our Customers has an SG450 HA Cluster running 9.711-5 with and eight REDs connected. Any RED device is connected with two ISP connections as failover. Two of these devices have the problem that they are loosing the connection to the Cluster which is always reachable.

After loosing the connection both devices are rebooting two times until they come online again. The downtime is about six minutes which is not acceptable for Audio and Video conversations. The problem occurs since a couple of weeks.

I opened a ticket @ Sophos Support but maybe someone had the same problem and a few hints what can be tested.

- Checked only one ISP Connection on both of the affected RED50
- Re-Configured both devices (Delete & New configuration)

Looking at the red log it looks like the handshake with both isp connections is failing,

2022:08:16-14:06:14 sophos-2 red_server[21884]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems
2022:08:16-14:06:14 sophos-2 red_server[21885]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems
2022:08:16-14:06:16 sophos-2 red_server[21899]: SELF: New connection from xxx.xxx.xxx.xxx with ID RED1 (cipher AES256-GCM-SHA384), rev1
2022:08:16-14:06:16 sophos-2 red_server[21899]: RED1: connected OK, pushing config
2022:08:16-14:06:17 sophos-2 red_server[10077]: SELF: (Re-)loading device configurations
2022:08:16-14:06:18 sophos-2 red_server[21899]: RED1: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2022:08:16-14:06:18 sophos-2 red_server[21899]: RED1: Initializing connection running protocol version 0
2022:08:16-14:06:18 sophos-2 red_server[21899]: RED1: Sending json message {"data":{},"type":"WELCOME"}
2022:08:16-14:06:18 sophos-2 red_server[2373]: xxx: command 'PING 50 uplink=WAN'
2022:08:16-14:06:18 sophos-2 red_server[2373]: xxx: PING remote_tx=50 local_rx=50 diff=0
2022:08:16-14:06:18 sophos-2 red_server[2373]: xxx: PONG local_tx=44
2022:08:16-14:06:19 sophos-2 red_server[21899]: RED1: command '{"data":{},"type":"CONFIG_REQ"}'
2022:08:16-14:06:19 sophos-2 red_server[21899]: RED1: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"1.2.3.4","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":3,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"1234","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"1234","manual_netmask":24,"lan3_vids":"","mac_filter_type":"none","mac":"xx:xx:xx:xx:xx:xx","dial_string":"*99#","manual2_address":"0.0.0.0","version_ng_red50":"xyz","manual_dns":"0.0.0.0","poe_port1":0,"poe_port2":0,"lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","version_red50":"xyz","fullbr_domains":"","htp_server":"xxx.xxx.xxx.xxx","uplink_balancing":"failover","asg_key":"[removed]","type":"red50","deployment_mode":"online","uplink2_mode":"dhcp","manual2_dns":"0.0.0.0","lan2_mode":"unused"...L1422
2022:08:16-14:06:23 sophos-2 red_server[21899]: RED1: command '{"data":{"key1":"1234","key0":"1234","key_active":0},"type":"SET_KEY_REQ"}'
2022:08:16-14:06:23 sophos-2 red_server[21899]: RED1: Sending json message {"data":{},"type":"SET_KEY_REP"}
2022:08:16-14:06:24 sophos-2 red2ctl[10085]: Overflow happened on reds3:0
2022:08:16-14:06:24 sophos-2 red2ctl[10085]: Missing keepalive from reds3:0, disabling peer xxx.xxx.xxx.xxx

- red2ctl Overflow happened on redsx:y
- Missing keepalive from this red isp port 1
- Missing keepalive from this red isp port 2
- Cannot do SSL handshake on socket accept from red isp port 1
- reconnect

If someone has an idea, please let me know. Thanks



This thread was automatically locked due to age.
Parents
  • Hallo Christian,

    Are there any other network devices between the RED and the cluster?  I've had two clients see VPN issues when a load balancer was involved.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Good morning Bob,

    I talked again to the customer, nothing has changed for a long time. Anything was running fine until  few weeks ago. Since then these two REDs have the same problem. Sometimes once a day, sometimes for more than 5-6 times. Both reds 50 are directly connected to the dopple isp. And the HA Cluster is directly connected to the isp as well.

  • Those RED 50s are end-of-life on 31 AUG 2023.  Have you tried to get Sophos Support to RMA one to see if that solves the problem?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, 

    Sophos is actually investigating the problem. Any logs were uploaded to the support, i'll write an update here when the problem is loacted and solved.

Reply Children
No Data