This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED port goes down

Hi all,

I have a RED that unexpectedly shuts down one of the ports.
The port was previously connected directly to a device, currently we put a switch between RED and the device.
But the problem persists. Can someone help?
Here are the messages ... what does the "command" mean?

2023:01:08-23:49:29 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"Down","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:49:29 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: Down, LAN4: 1Gb/s 
2023:01:08-23:49:45 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"1Gb\/s","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:49:45 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: 1Gb/s, LAN4: 1Gb/s 
2023:01:08-23:51:37 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"Down","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:51:37 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: Down, LAN4: 1Gb/s 
2023:01:08-23:51:53 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"1Gb\/s","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:51:53 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: 1Gb/s, LAN4: 1Gb/s 
2023:01:08-23:52:25 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"Down","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:52:25 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: Down, LAN4: 1Gb/s 
2023:01:08-23:52:41 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"1Gb\/s","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:52:41 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: 1Gb/s, LAN4: 1Gb/s

Thanks

Dirk



This thread was automatically locked due to age.
Parents Reply Children
  • Hi all,

      There are different switches behind every port ... and no loop. It runs for some days without problems ... then we have some minutes link up/link down  (like before without the switch)

    We have also replaced the RED already.

     

    The Kernel Log seems to be empty ... is this possible?

    System Log
    2023:01:08-23:43:01 FIREWALL-2 /usr/sbin/cron[22279]: (root) CMD (/sbin/audld.plx --trigger)
    2023:01:08-23:45:01 FIREWALL-2 /usr/sbin/cron[22683]: (root) CMD ( /usr/local/bin/rpmdb_backup )
    2023:01:08-23:45:01 FIREWALL-2 /usr/sbin/cron[22684]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:45:01 FIREWALL-1 /usr/sbin/cron[27141]: (root) CMD ( /usr/local/bin/rpmdb_backup )
    2023:01:08-23:45:01 FIREWALL-1 /usr/sbin/cron[27142]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:46:01 FIREWALL-1 /usr/sbin/cron[27295]: (root) CMD (/usr/local/bin/create_rrd_graphs.plx --acc)
    2023:01:08-23:47:01 FIREWALL-1 /usr/sbin/cron[28658]: (root) CMD (  nice -n19 /usr/local/bin/gen_inline_reporting_data.plx)
    2023:01:08-23:47:01 FIREWALL-2 /usr/sbin/cron[23068]: (root) CMD (  nice -n19 /usr/local/bin/gen_inline_reporting_data.plx)
    2023:01:08-23:50:01 FIREWALL-1 /usr/sbin/cron[28794]: (root) CMD (/var/mdw/scripts/pmx-blocklist-update)
    2023:01:08-23:50:01 FIREWALL-1 /usr/sbin/cron[28795]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:50:01 FIREWALL-2 /usr/sbin/cron[23546]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:50:01 FIREWALL-2 /usr/sbin/cron[23545]: (root) CMD (/var/mdw/scripts/pmx-blocklist-update)
    2023:01:08-23:50:59 FIREWALL-2 dns-resolver[10647]: Updating REF_NetDnsIPrep2t :: iprep2.t.ctmail.com
    2023:01:08-23:53:01 FIREWALL-2 /usr/sbin/cron[24098]: (root) CMD (/usr/local/bin/create_rrd_graphs.plx --acc)
    2023:01:08-23:55:01 FIREWALL-1 /usr/sbin/cron[29082]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:55:01 FIREWALL-2 /usr/sbin/cron[25370]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:58:01 FIREWALL-1 /usr/sbin/cron[29286]: (root) CMD (/var/aua/update_ad_bg_members.plx)
    2023:01:08-23:58:01 FIREWALL-2 /usr/sbin/cron[25886]: (root) CMD (/sbin/audld.plx --trigger)
    2023:01:08-23:58:01 FIREWALL-2 /usr/sbin/cron[25885]: (root) CMD (/var/aua/update_ad_bg_members.plx)
    2023:01:08-23:59:01 FIREWALL-2 dns-resolver[10647]: Updating REF_NetDnsIPrep2t :: iprep2.t.ctmail.com
    2023:01:09-00:00:01 FIREWALL -- MARK --
    2023:01:09-00:00:01 FIREWALL-2 /usr/sbin/cron[26399]: (root) CMD (/sbin/hwclock --systz --utc)
    2023:01:09-00:00:01 FIREWALL-2 /usr/sbin/cron[26404]: (root) CMD (/usr/local/bin/logcontrol.sh)
    2023:01:09-00:00:01 FIREWALL-2 /usr/sbin/cron[26408]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:09-00:00:01 FIREWALL-2 /usr/sbin/cron[26405]: (root) CMD (/var/chroot-smtp/cron/expiredletterscleanup.bin)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hey   could be possible, that is fine.
    > Check when the RED last disconnected or connected:
     #grep -i <RED-ID> /var/log/red.log | grep -i "connected“
    > RED-ID = Serial Number of RED
    > Check also archived logs for when a RED last disconnected or connected :
     #zgrep -i <RED-ID> /var/log/red/year/month/* | grep -i "connected"
    > Check blink code of the RED
    =============
    > telnet <hostname of the UTM> 3400
    > telnet red.astaro.com 3400
    Result: Connection timed out
    -> In this case it seems like there is a firewall/router in between which blocks the TCP connection on port 3400
    Result: Unknown host
    -> Check which DNS forwarder and UTM hostname is configured

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hi Vivek,

    there is only one "connected" message within the last 7 days (but for another RED - there are 5)

    I (and the customer) can't check the LED's, because after days without problem, we have only 5 minutes.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • There are different switches behind every port ... and no loop. It runs for some days without problems ... then we have some minutes link up/link down  (like before without the switch)

    The question may sound silly, but maybe faulty LAN cable? Or a grounding issue if both switches are in different parts of the building?

  • Can you PM me the support access id, let me check if I can find anything suspicious in the historical logs...
    Just let me know the date and time frame 2-3 instances that occurred ! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    thanks, but this is not so simple ... because we have an isolated environment.
    I have to request additional external access.
    You may remote my Notebook. Possible, I can create a VPN.

    BTW: it works for the last 5 years.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • did you notice such a log line under the historical logs  "Missing keepalive from reds1?" and I believe the telnet steps would be also useful to diagnose the situation !  

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • no such message the last 7 days ... until we change a cable today 11:51

    The second RED-LAN-Port stay active ... all the time. 

    Telnet red.astaro.com 3400 should not be possible from RED, because the RED has no internet connection. 
    The RED only reach the UTM-IP-Port (unfiltered).  Routing using this Port is not possible.

    There is a second RED within the same MAN, with the same restrictions, connected to the same UTM ... working without problems.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • did you tried deleting that RED's existing configuration and adding them again ? 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • We replaced the RED50 with SD-RED60 ... without success. (ok, it works most of the time .. but we see the same error)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.