This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgraded UTM hardware but RED endpoints not coming back up

I upgraded the UTM to a newer bit of hardware and restored the config just using a backup/restore (without License, passwords, certificates/keys, endpoints) 

when I switch over to the new device everything works fine apart from the RED10 endpoints don't come back up.

I have checked the config for the RED devices and it is identical to the previous firewall so I am guessing that I probably need to copy over a certificate somewhere?

looking at the live log for the RED devices I keep on seeing "Unable to fetch RED ca object"


any ideas?



This thread was automatically locked due to age.
Parents
  • Currently, your REDs "belong" to the old configuration. If you don't know the 'Unlock code' for each, you will need to fire up a full restore to get the information. Once you've entered the codes, they should be back online in 15 minutes or so.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Is there a way to copy across just the certificates?

    I don't know the original admin password and have changed quite a few settings on the new hardware so don't really want to start again with the config.

    Looking in the config of the new hardware the unlock codes have copied across, but the REDs never come back up.

    Alternatively if I know the unlock codes of the hardware can I just delete and recreate the endpoint in the new hardware (I also don't really want to do this as I have loads of endpoints).

    Many thanks,
    Ben
Reply
  • Is there a way to copy across just the certificates?

    I don't know the original admin password and have changed quite a few settings on the new hardware so don't really want to start again with the config.

    Looking in the config of the new hardware the unlock codes have copied across, but the REDs never come back up.

    Alternatively if I know the unlock codes of the hardware can I just delete and recreate the endpoint in the new hardware (I also don't really want to do this as I have loads of endpoints).

    Many thanks,
    Ben
Children
  • I tried plan B and deleted the RED interface from the new firewall and then attempted to re deploy,
    although this worked in the old firewall with no errors, with the new firewall I get:

    "The argument of the function ca_generate_host_key_cert must be a X509 certificate with private key object and not empty."

    and I am unable to complete adding the RED to the firewall.
  • This is one of those situations where you'd better get some new eyes on your issue - push Sophos Support to get you an answer quickly and then share with us what the problem and solution were.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • OK, well thanks for the advice anyway Bob,
    I called Sophos support and they were no help I was just told to contact the reseller I purchased the equipment from even though I pay for "Premium Support".
  • Send me a message with the name of the person that told you that.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    Greetings.

    The issue seems to be related with the CA as per the log lines posted earlier. Can you please DM me your ticket# I will investigate the case further and try to get you an update.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.