This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgraded UTM hardware but RED endpoints not coming back up

I upgraded the UTM to a newer bit of hardware and restored the config just using a backup/restore (without License, passwords, certificates/keys, endpoints) 

when I switch over to the new device everything works fine apart from the RED10 endpoints don't come back up.

I have checked the config for the RED devices and it is identical to the previous firewall so I am guessing that I probably need to copy over a certificate somewhere?

looking at the live log for the RED devices I keep on seeing "Unable to fetch RED ca object"


any ideas?



This thread was automatically locked due to age.
Parents
  • Currently, your REDs "belong" to the old configuration. If you don't know the 'Unlock code' for each, you will need to fire up a full restore to get the information. Once you've entered the codes, they should be back online in 15 minutes or so.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Is there a way to copy across just the certificates?

    I don't know the original admin password and have changed quite a few settings on the new hardware so don't really want to start again with the config.

    Looking in the config of the new hardware the unlock codes have copied across, but the REDs never come back up.

    Alternatively if I know the unlock codes of the hardware can I just delete and recreate the endpoint in the new hardware (I also don't really want to do this as I have loads of endpoints).

    Many thanks,
    Ben
  • I tried plan B and deleted the RED interface from the new firewall and then attempted to re deploy,
    although this worked in the old firewall with no errors, with the new firewall I get:

    "The argument of the function ca_generate_host_key_cert must be a X509 certificate with private key object and not empty."

    and I am unable to complete adding the RED to the firewall.
  • This is one of those situations where you'd better get some new eyes on your issue - push Sophos Support to get you an answer quickly and then share with us what the problem and solution were.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • This is one of those situations where you'd better get some new eyes on your issue - push Sophos Support to get you an answer quickly and then share with us what the problem and solution were.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children