This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgraded UTM hardware but RED endpoints not coming back up

I upgraded the UTM to a newer bit of hardware and restored the config just using a backup/restore (without License, passwords, certificates/keys, endpoints) 

when I switch over to the new device everything works fine apart from the RED10 endpoints don't come back up.

I have checked the config for the RED devices and it is identical to the previous firewall so I am guessing that I probably need to copy over a certificate somewhere?

looking at the live log for the RED devices I keep on seeing "Unable to fetch RED ca object"


any ideas?



This thread was automatically locked due to age.
  • Send me a message with the name of the person that told you that.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    Greetings.

    The issue seems to be related with the CA as per the log lines posted earlier. Can you please DM me your ticket# I will investigate the case further and try to get you an update.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • I had a similar issue and ended up with the 'ca_generate_host_key_cert' error (and found this page via a google search).  Here was my fix:

     

    Note all the RED details including unlock codes.

    Turn off the RED capability (RED management - Global Settings - RED status - off).

    Turn RED back on again & it will (tada) create a new certificate on the online service.

    Re-input the RED details.

     

    I think my issue was the RED certificate was generated with a different hostname on the unit (it had an update issue which meant it was rebuilt & restored several times).

    Hope this helps someone.