This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos RED unstable peers - runtime error occurred

Hello,

we have 24 RED devices and no device can establish a connection to the utm. The REDs connect to the utm and after few seconds the connection is disconnected again. In the logs I can find the following lines:

2023:12:13-09:27:16 gw01 red_server[26660]: SELF: New connection from [Public IP] with ID Sophos-ID (cipher AES256-GCM-SHA384), rev1<30>Dec 13 09:27:17 red_server[26660]: Sophos-ID: connected OK, pushing config
2023:12:13-09:27:18 gw01 red_server[26660]: Sophos-ID: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2023:12:13-09:27:18 gw01 red_server[26660]: Sophos-ID: Initializing connection running protocol version 0
2023:12:13-09:27:18 gw01 red_server[26660]: Sophos-ID: Sending json message {"data":{},"type":"WELCOME"}
2023:12:13-09:27:19 gw01 red_server[26660]: Sophos-ID: command '{"data":{},"type":"CONFIG_REQ"}'
2023:12:13-09:27:19 gw01 red_server[26660]: Sophos-ID: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"192.168.52.0/24 1.2.3.4 10.0.0.0/24","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":23,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"1ewlkox0","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"","manual_netmask":24,"lan3_vids":"","mac_filter_type":"none","mac":"00:f1:6b:3d:11:03","dial_string":"*99#","manual2_address":"0.0.0.0","manual_dns":"0.0.0.0","poe_port1":0,"poe_port2":0,"lan1_mode":"unused","username":"","activate_modem":"0","tunnel_compression_algorithm":"lzo","fullbr_domains":"","uplink_balancing":"failover","asg_key":"[removed]","type":"red20","deployment_mode":"online","uplink2_mode":"dhcp","manual2_dns":"0.0.0.0","lan2_mode":"unused","debug_level":0,"local_networks_target":"","failover_direct":0,"asg_ca":"[removed]","overlay...L1377
2023:12:13-09:27:23 gw01 red_server[26660]: Sophos-ID: command '{"data":{"key1":"CaceLTV\/xlTDOQMyDvfiCQK3Xg+YY0w3bVjZ02737RE=","key0":"LkGaO\/BI+9Ozh0iguxrtLVYDau6yAGNuZKqCJZ7b5oU=","key_active":0},"type":"SET_KEY_REQ"}'
2023:12:13-09:27:23 gw01 red_server[26660]: Sophos-ID: Sending json message {"data":{},"type":"SET_KEY_REP"}
2023:12:13-09:27:24 gw01 red_server[26660]: Sophos-ID: command '{"data":{"seq":0},"type":"PING"}'
2023:12:13-09:27:24 gw01 red_server[26660]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="Sophos-ID" forced="0"
2023:12:13-09:27:24 gw01 red_server[26660]: Sophos-ID: Sending json message {"data":{"seq":0},"type":"PONG"}
2023:12:13-09:27:25 gw01 red_server[26660]: Sophos-ID: command '{"data":{"uplink":"WAN1","wan1_ip":"192.168.179.2"},"type":"STATUS"}'
2023:12:13-09:27:39 gw01 red_server[26660]: Sophos-ID: command '{"data":{"seq":1},"type":"PING"}'
2023:12:13-09:27:39 gw01 red_server[26660]: Sophos-ID: Sending json message {"data":{"seq":1},"type":"PONG"}
2023:12:13-09:27:56 gw01 red_server[26660]: Sophos-ID: command '{"data":{"message":"Unstable peers","type":"RUNTIME_ERROR_OCCURRED"},"type":"DISCONNECT"}'
2023:12:13-09:27:56 gw01 red_server[26660]: Sophos-ID: Disconnecting: RUNTIME_ERROR_OCCURRED, Unstable peers
2023:12:13-09:27:56 gw01 red_server[26660]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="Sophos-ID" forced="1"
2023:12:13-09:27:56 gw01 red_server[26660]: Sophos-ID is disconnected.

The other REDs are having the same problem. But the connection to the internet is working fine.



This thread was automatically locked due to age.
  • It never worked?

    What has changed?

    Is there a firewall or router placed between Sophos-Firewall and Internet? Seems there is a private network connected to sophos-firewall.

    if so ... Which ports do you forward to firewall?  (3400+3410 TCP+UDP)

    Which RED type?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • We have two internet connections. one for all the vpn connection and the other one for the normal internet traffic. The internet connection for the vpn connections is canceled. We have changed the configuration for the reds to the public ip adress from the other internet connection. The is also no port forward because with the older internet connections all vpn connections are connected. The only thing that changed is the internet connection and the public ip adress for the REDs to reach.

    In sum we have 24 RED devices. RED 15, RED 15w and RED 20 and we dont get a real connection from all devices.