This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint Protection Socket failed on UTM9

Dear all,

Since a few days ago I have a problem with activating the Endpoint Protection in the UTM9 web interface. The problems started with my protected machines being "not compliant". Because I believed that the system was wrong (or confused), I decided to disable the Endpoint Protection from the web interface. Upon trying to re-enable and activate the Endpoint Protection, it failed. See attached screenshots for the errors.

I have tried lots of things in the meanwhile, all of which I found here on the forum. 
- I have added rules in the Transparent proxy skip list (I've added Sophos LiveConnect to both src/dst).
- I have build additional regex strings to add in the exception list.
- I disabled web protection and advanced threat protection. Didn't help.
- Rebooted the firewall

I was unable to determine the root problem, there are no log entries which I can relate to the firewall. This I find very strange, it appears the firewall does not log the errors?

I also tried to take a tcpdump of the problem. I was able to isolate two IP addresses which I can relate to the activation process (54.251.33.46 and 54.72.45.94). I have added the logs of the tcpdump.

Does anyone have any suggestion what I can do?

Thanks for reading, any help is appreciated!
Grts!

Edit:
I'm on firmware release 9.310011


This thread was automatically locked due to age.
  • Hi Bob, thanks for the welcome!

    That is indeed what I did to fix the NIC order!
    I might have responded to the wrong thread but I'm getting an error similar to OP:

    "Socket failed, unable to get ip for sss1-8a9a.broker.sophos.com. Error: ." after Activating Endpoint Protection.

     

    Disregard, appears to be an issue with my DNS setup.