This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro Red 10 (rev 2) not working after UTM upgrade

We recently upgraded from an Astaro ASG 220 to a Sophos SG 230. An attached Astaro RED 10 (rev 2) had been working. The RED was deployed on the SG 230 in standard/unified mode using the old unlock code and was accepted by the UTM. I applied the correct firewall rule (no Masquarading rule needed). The blink codes on the RED indicate a normal boot state all the way to a solid Internet  light ("Internet reachable, establishing a tunnel") then just keeps rebooting. This is the live log:

2016:07:06-12:09:27 gblasg red_server[30437]: SELF: Overlay-fw has been updated ...
2016:07:06-12:09:27 gblasg red_server[30608]: UPLOAD: Uploader process starting
2016:07:06-12:09:27 gblasg red_server[30437]: SELF: (Re-)loading device configurations
2016:07:06-12:09:27 gblasg red_server[30437]: XXXXXXXXXXXXXXXX: New device
2016:07:06-12:09:27 gblasg red_server[30437]: XXXXXXXXXXXXXXXX: Staging config for upload
2016:07:06-12:09:27 gblasg red_server[30437]: SELF: (Re-)loading device configurations
2016:07:06-12:09:38 gblasg red_server[30608]: UPLOAD: [XXXXXXXXXXXXXXXX] Uploaded config to registry service
2016:07:06-12:45:11 gblasg red_server[30437]: SELF: (Re-)loading device configurations
2016:07:06-12:57:50 gblasg red_server[30437]: SELF: (Re-)loading device configurations
2016:07:06-14:09:27 gblasg red_server[30437]: SELF: (Re-)loading device configurations

I set the firewall rule to log traffic but do not see any, yet I can ping the RED IP address with no drops. The RED is located in FL and I had heard that there may be an issue with Comcast & REDs. I tried a power off/on to no avail. Anything?

Thanks... Tom



This thread was automatically locked due to age.
  • Hi Tom,

    Make sure UDP port 3400 is open, which is the communication port for RED 30. To verify, take SSH to UTM and type "tcpdump -nei any port 3400".

    Drop a mail to support team (support@sophos.com) to get the unlock code for RED. 

    Turn off RED globally on UTM and redeploy the server configuration.

    Hope that helps.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • • Port 3400 TCP/UDP was open

    • I had a valid unlock code

    • I Tried re-deploying the RED 10 and got the following live log (ID blocked):

    2016:07:07-16:16:03 gblasg redctl[27104]: 10.254.254.254
    2016:07:07-16:16:03 gblasg red_server[27128]: SELF: RED10rev1 version set to 14
    2016:07:07-16:16:03 gblasg red_server[27128]: SELF: RED10rev2 version set to 2005R2
    2016:07:07-16:16:03 gblasg red_server[27128]: SELF: RED10rev2 local version set to 5023aR2
    2016:07:07-16:16:03 gblasg red_server[27128]: SELF: RED15 fw version set to 5023a
    2016:07:07-16:16:03 gblasg red_server[27128]: SELF: RED15w fw version set to 5023a
    2016:07:07-16:16:03 gblasg red_server[27128]: SELF: RED50 fw version set to 2005
    2016:07:07-16:16:03 gblasg red_server[27128]: SELF: RED50 local fw version set to 5023a
    2016:07:07-16:16:03 gblasg red_server[27128]: SELF: IO::Socket::SSL Version: 1.953
    2016:07:07-16:16:03 gblasg red_server[27128]: SELF: Startup - waiting 15 seconds ...
    2016:07:07-16:16:18 gblasg red_server[27295]: UPLOAD: Uploader process starting
    2016:07:07-16:16:18 gblasg red_server[27128]: SELF: (Re-)loading device configurations
    2016:07:07-16:16:18 gblasg red_server[27128]: XXXXXXXXXXXXXXXX: New device
    2016:07:07-16:16:18 gblasg red_server[27128]: XXXXXXXXXXXXXXXX: Staging config for upload
    2016:07:07-16:16:18 gblasg red_server[27128]: SELF: (Re-)loading device configurations
    2016:07:07-16:16:24 gblasg red_server[27295]: UPLOAD: [XXXXXXXXXXXXXXXX] Uploaded config to registry service

    The UTM dashboard shows - State: up  Link: Down - and I can still ping the RED with no problem. Things are basically the same as my original post and the RED keeps rebooting just as it's about to establish a tunnel.

    Do you think that port 3400 may be blocked on the RED side? I don't see how it would be since it's a residence (home office) with no special firewall in place.

    Tom

  • I performed some tests on the remote end. Bypassing the RED, I can ping the provisioning server and the RedAlert utility is also able to connect on port 3400. But once we put the RED in the mix, there is no internet connection/no ping and RedAlert gives us this:

    Unable to locate RED provisioning server.

    Unable to resolve hostname.

    Socket Exception 10051: A socket operation was attempted to an unreachable network 184.72.39.13:3400

    Unable to Connect to RED service on host. (port 3400)

    There modem/router is an Arris TG162G supplied by Comcast. So now I'm wondering why will the modem/router allow connection to the provisioning server with the RED removed, then block it when the RED is attached? Do I need to forward 3400 TCP/UDP to the RED IP?  How else can I test this?

  • Solution: The Hostname of the UTM was apparently not being recognized somewhere across the internet... I changed it to the external IP address and the RED suddenly became very chatty. A tunnel was established within 5+ minutes. No port forwarding on remote end or other changes necessary.