This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint Protection Socket failed on UTM9

Dear all,

Since a few days ago I have a problem with activating the Endpoint Protection in the UTM9 web interface. The problems started with my protected machines being "not compliant". Because I believed that the system was wrong (or confused), I decided to disable the Endpoint Protection from the web interface. Upon trying to re-enable and activate the Endpoint Protection, it failed. See attached screenshots for the errors.

I have tried lots of things in the meanwhile, all of which I found here on the forum. 
- I have added rules in the Transparent proxy skip list (I've added Sophos LiveConnect to both src/dst).
- I have build additional regex strings to add in the exception list.
- I disabled web protection and advanced threat protection. Didn't help.
- Rebooted the firewall

I was unable to determine the root problem, there are no log entries which I can relate to the firewall. This I find very strange, it appears the firewall does not log the errors?

I also tried to take a tcpdump of the problem. I was able to isolate two IP addresses which I can relate to the activation process (54.251.33.46 and 54.72.45.94). I have added the logs of the tcpdump.

Does anyone have any suggestion what I can do?

Thanks for reading, any help is appreciated!
Grts!

Edit:
I'm on firmware release 9.310011


This thread was automatically locked due to age.
Parents
  • Doing this seems to have worked for me when I was having this issue:

    Management -> System settings -> Reset configuration or passwords -> Reset UTM ID now

    It will reset your Endpoint Protection but it probably wasn't working in the first place.

  • Same issue here.

    Did a disk swap after my original hardware died, put it into same model hardware, worked fine, had to tweak network interface names as it named the interfaces differently.

    Tried resetting the UTM ID as per JasonHerrlich's post without success.

    Any way to set the interface for the Endpoint Protection per the commandline tool?

Reply
  • Same issue here.

    Did a disk swap after my original hardware died, put it into same model hardware, worked fine, had to tweak network interface names as it named the interfaces differently.

    Tried resetting the UTM ID as per JasonHerrlich's post without success.

    Any way to set the interface for the Endpoint Protection per the commandline tool?

Children
  • Hi, Auke, and welcome to the UTM Community!

    I'm not sure what your question is, but I would approach this differently:

    1. Get a configuration backup from before you made the changes to interface assignments and put it into the root directory of a USB memory stick.
    2. At the console as root, edit /etc/udev/rules.d/70-persistent-net.rules to change the NIC order.  Save the file.
    3. Insert the USB stick into the UTM and reboot it.

    Any better luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, thanks for the welcome!

    That is indeed what I did to fix the NIC order!
    I might have responded to the wrong thread but I'm getting an error similar to OP:

    "Socket failed, unable to get ip for sss1-8a9a.broker.sophos.com. Error: ." after Activating Endpoint Protection.

     

    Disregard, appears to be an issue with my DNS setup.