This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.213-4 - Sophos LiveConnect for EndPoint - no computers are showing online

I am using UTM 9.213-4 on an SG210 and have deployed the Sophos EndPoint Protection client on my devices - however, about 12 days ago, the clients stopped showing as "online" in the UTM WebAdmin control panel. If I open the live log, I can see that it appears that my UTM is failing to connect with Sophos:

2016:01:05-11:13:01 sophos epsecd[5965]: |=========================================================================
2016:01:05-11:13:01 sophos epsecd[5965]: W main::_log:432() => severity="warn" sys="System" sub="eplog" name="Listing [https://689932ef-025c-305a-b799-fda65d57d723-wdx-025c.broker.sophos.com//689932ef-025c-305a-b799-fda65d57d723/] failed with return code 35: SSL connect error Unknown SSL protocol error in connection to 689932ef-025c-305a-b799-fda65d57d723-wdx-025c.broker.sophos.com:443
2016:01:05-11:13:01 sophos epsecd[5965]: "
2016:01:05-11:14:11 sophos epsecd[5965]: |=========================================================================
2016:01:05-11:14:11 sophos epsecd[5965]: W main::_log:432() => severity="warn" sys="System" sub="eplog" name="Listing [https://689932ef-025c-305a-b799-fda65d57d723-wdx-025c.broker.sophos.com//689932ef-025c-305a-b799-fda65d57d723/] failed with return code 28: Timeout was reached SSL connection timeout
2016:01:05-11:14:11 sophos epsecd[5965]: "
 
Does anyone have any ideas how to remedy this? I know there are two further 9.2 updates to install (but live connect has been working well up until 12 days ago), and I have not tried a reboot yet.
thanks for any inspiration!
 


This thread was automatically locked due to age.
  • Hi,

    I'm having the same issue on a ASG220 with UTM 9.352-6. I've tried rebooting and updating to the latest firmware. Existing devices are not online while new devices are not being listed at all. Everything worked fine up until 14 days ago. Turning the Webfilter off didn't help also.

    Log:

    2016:01:07-09:33:26 astaro epsecd[10285]: "
    2016:01:07-09:34:26 astaro epsecd[10285]: |=========================================================================
    2016:01:07-09:34:26 astaro epsecd[10285]: W main::_log:435() => severity="warn" sys="System" sub="eplog" name="Listing [https://5eb28be4-09cd-33c5-8fcb-a8de95eb4ccb-wdx-09cd.broker.sophos.com//5eb28be4-09cd-33c5-8fcb-a8de95eb4ccb/] failed with return code 35: SSL connect error Unknown SSL protocol error in connection to 5eb28be4-09cd-33c5-8fcb-a8de95eb4ccb-wdx-09cd.broker.sophos.com:443
    2016:01:07-09:34:26 astaro epsecd[10285]: "
     
    Maybe someone has a clue as to how to resolve this. Thanks!
  • Hi,

    I am experiencing exactly the same issue on "UTM 9 Home" with UTM 9.352-6. It worked fine until last update. If I deactivate Webfilter Exception for SEP and toggle back to active it works for a very short period of time. Then again: "failed with return code 35: SSL connect error Unknown SSL protocol error in connection".

    Any ideas?

    BR,
    Markus
  • Hi both - you seem to be having the same issue as me. My EndPoints had been showing up as online (green) for many months until 15 days ago they all suddenly went grey in WebAdmin with the SSL errors listed in my original post. I had not made any changes to WebAdmin and had not updated the firmware recently. I rebooted my UTM as it had a long uptime but that does not seem to have had any effect - in fact, the errors are no longer appearing in the livelog, but the devices are still all grey.

    I know I am running an older firmware, and I was going to update to the most recent, but seeing your posts makes me think this is nothing to do with the version of firmware I am running.

    I have a support contract on this device (it is a live UTM at a client site) so i have involved Sophos support. So far, while being helpful, they have not managed to resolve the issue. Support have logged into the UTM and they then asked me the following questions. My responses are shown

    - Is standard HTTPS web browsing working >>> YES. I confirmed this from a machine on the network. HTTPS sites resolve and function fine.
    - Is there a proxy server between the clients and the internet >>> NO. Internet connection is a private fibre leased line which terminates on the provider's hardware. The SG210 then plugs directly into this hardware. There is no third party proxy in place as far as I know.
    - Does this proxy server scan HTTPS traffic >> > There is no proxy and the only HTTPS scanning that is done, is done by the SG210 itself. In WebAdmin, Under Web Protection > Web Filtering, the option "HTTPS (SSL) traffic: > URL filtering only" is enabled.
    - Can you bypass HTTPS scanning if their is a proxy to see if this resolves the issue >>> NO proxy is in place. I can try deactivating HTTPS URL filtering from WebAdmin if you think it is worth a try?
    - Is anything blocked on the firewall for these computers >>> NO.

    I have also posted the question to SpiceWorks as there are a number of knowledgable Sophos users there:

    community.spiceworks.com/.../1377493-utm-9-213-4-sophos-liveconnect-for-endpoint-no-computers-are-showing-online

    I will keep you updated.
  • Hi. According to my reseller-support (ALSO) this problem is already known. Bug ID 36232.
    -Alex
  • Hi Alexander, yes, support have just told me the same thing and same bug ID. Thanks!
  • Just to let you know, my endpoints are now showing as online. This happened sometime over the weekend.
  • Yes, I can confirm this.
    For me (Home Lic) it is also working again. Sophos seems to have done some "magic" after they got knowledge of this issue.

    Happy again...
    Markus
  • Good to know Markus! Thanks
  • I am on 9.355-1 and still having this issue.

    The error is there for hours and then suddenly the connection works . But little later the problem reappears.

    2016:03:09-00:35:39 fw epsecd[5018]: W main::_log:435() => severity="warn" sys="System" sub="eplog" name="Listing [https://c87e5467-f30d-3cb0-893d-25f6c86d208a-wdx-f30d.broker.sophos.com//c87e5467-f30d-3cb0-893d-25f6c86d208a/] failed with return code 28: Timeout was reached SSL connection timeout
    2016:03:09-00:35:39 fw epsecd[5018]: "
    2016:03:09-00:35:46 fw epsecd[5021]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
    2016:03:09-00:35:46 fw epsecd[5021]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
    2016:03:09-00:38:29 fw epsecd[5021]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
    2016:03:09-00:38:29 fw epsecd[5021]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
    2016:03:09-00:40:17 fw epsecd[5021]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
    2016:03:09-00:40:17 fw epsecd[5021]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"

    So no magic unfortunately yet for me...

    Martin

  • I have been experiencing the exact same thing on 9.355-1.  I've even reset my subscription and have started over and am still having the same issues with the endpoints.  I've also noticed none of the Web Protection logs are coming back.  All the logging is blank at this point at this release.  I'm surprised no one else is seeing this issue?!?

    Rick