This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED port goes down

Hi all,

I have a RED that unexpectedly shuts down one of the ports.
The port was previously connected directly to a device, currently we put a switch between RED and the device.
But the problem persists. Can someone help?
Here are the messages ... what does the "command" mean?

2023:01:08-23:49:29 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"Down","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:49:29 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: Down, LAN4: 1Gb/s 
2023:01:08-23:49:45 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"1Gb\/s","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:49:45 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: 1Gb/s, LAN4: 1Gb/s 
2023:01:08-23:51:37 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"Down","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:51:37 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: Down, LAN4: 1Gb/s 
2023:01:08-23:51:53 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"1Gb\/s","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:51:53 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: 1Gb/s, LAN4: 1Gb/s 
2023:01:08-23:52:25 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"Down","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:52:25 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: Down, LAN4: 1Gb/s 
2023:01:08-23:52:41 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: command '{"data":{"switch_port_status_v2":{"lan3":"1Gb\/s","lan1":"Down","lan4":"1Gb\/s","lan2":"Down"}},"type":"STATUS"}' 
2023:01:08-23:52:41 FIREWALL-2 red_server[13285]: R6000XXXXXXXX8: PORTSTATE LAN1: Down, LAN2: Down, LAN3: 1Gb/s, LAN4: 1Gb/s

Thanks

Dirk



This thread was automatically locked due to age.
Parents
  • Hey  ,

    Thank you for reaching out to community, can you also share the system.log , kernel.log during the time red goes down ? And also observe the LED status !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hi all,

      There are different switches behind every port ... and no loop. It runs for some days without problems ... then we have some minutes link up/link down  (like before without the switch)

    We have also replaced the RED already.

     

    The Kernel Log seems to be empty ... is this possible?

    System Log
    2023:01:08-23:43:01 FIREWALL-2 /usr/sbin/cron[22279]: (root) CMD (/sbin/audld.plx --trigger)
    2023:01:08-23:45:01 FIREWALL-2 /usr/sbin/cron[22683]: (root) CMD ( /usr/local/bin/rpmdb_backup )
    2023:01:08-23:45:01 FIREWALL-2 /usr/sbin/cron[22684]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:45:01 FIREWALL-1 /usr/sbin/cron[27141]: (root) CMD ( /usr/local/bin/rpmdb_backup )
    2023:01:08-23:45:01 FIREWALL-1 /usr/sbin/cron[27142]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:46:01 FIREWALL-1 /usr/sbin/cron[27295]: (root) CMD (/usr/local/bin/create_rrd_graphs.plx --acc)
    2023:01:08-23:47:01 FIREWALL-1 /usr/sbin/cron[28658]: (root) CMD (  nice -n19 /usr/local/bin/gen_inline_reporting_data.plx)
    2023:01:08-23:47:01 FIREWALL-2 /usr/sbin/cron[23068]: (root) CMD (  nice -n19 /usr/local/bin/gen_inline_reporting_data.plx)
    2023:01:08-23:50:01 FIREWALL-1 /usr/sbin/cron[28794]: (root) CMD (/var/mdw/scripts/pmx-blocklist-update)
    2023:01:08-23:50:01 FIREWALL-1 /usr/sbin/cron[28795]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:50:01 FIREWALL-2 /usr/sbin/cron[23546]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:50:01 FIREWALL-2 /usr/sbin/cron[23545]: (root) CMD (/var/mdw/scripts/pmx-blocklist-update)
    2023:01:08-23:50:59 FIREWALL-2 dns-resolver[10647]: Updating REF_NetDnsIPrep2t :: iprep2.t.ctmail.com
    2023:01:08-23:53:01 FIREWALL-2 /usr/sbin/cron[24098]: (root) CMD (/usr/local/bin/create_rrd_graphs.plx --acc)
    2023:01:08-23:55:01 FIREWALL-1 /usr/sbin/cron[29082]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:55:01 FIREWALL-2 /usr/sbin/cron[25370]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:08-23:58:01 FIREWALL-1 /usr/sbin/cron[29286]: (root) CMD (/var/aua/update_ad_bg_members.plx)
    2023:01:08-23:58:01 FIREWALL-2 /usr/sbin/cron[25886]: (root) CMD (/sbin/audld.plx --trigger)
    2023:01:08-23:58:01 FIREWALL-2 /usr/sbin/cron[25885]: (root) CMD (/var/aua/update_ad_bg_members.plx)
    2023:01:08-23:59:01 FIREWALL-2 dns-resolver[10647]: Updating REF_NetDnsIPrep2t :: iprep2.t.ctmail.com
    2023:01:09-00:00:01 FIREWALL -- MARK --
    2023:01:09-00:00:01 FIREWALL-2 /usr/sbin/cron[26399]: (root) CMD (/sbin/hwclock --systz --utc)
    2023:01:09-00:00:01 FIREWALL-2 /usr/sbin/cron[26404]: (root) CMD (/usr/local/bin/logcontrol.sh)
    2023:01:09-00:00:01 FIREWALL-2 /usr/sbin/cron[26408]: (root) CMD (   /usr/local/bin/reporter/system-reporter.pl)
    2023:01:09-00:00:01 FIREWALL-2 /usr/sbin/cron[26405]: (root) CMD (/var/chroot-smtp/cron/expiredletterscleanup.bin)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hey   could be possible, that is fine.
    > Check when the RED last disconnected or connected:
     #grep -i <RED-ID> /var/log/red.log | grep -i "connected“
    > RED-ID = Serial Number of RED
    > Check also archived logs for when a RED last disconnected or connected :
     #zgrep -i <RED-ID> /var/log/red/year/month/* | grep -i "connected"
    > Check blink code of the RED
    =============
    > telnet <hostname of the UTM> 3400
    > telnet red.astaro.com 3400
    Result: Connection timed out
    -> In this case it seems like there is a firewall/router in between which blocks the TCP connection on port 3400
    Result: Unknown host
    -> Check which DNS forwarder and UTM hostname is configured

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hi Vivek,

    there is only one "connected" message within the last 7 days (but for another RED - there are 5)

    I (and the customer) can't check the LED's, because after days without problem, we have only 5 minutes.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • Hi Vivek,

    there is only one "connected" message within the last 7 days (but for another RED - there are 5)

    I (and the customer) can't check the LED's, because after days without problem, we have only 5 minutes.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children