I am trying to connect several Sophos UTM to my SUM however it is impossible, the log that I have are the following:
For what is this?
This thread was automatically locked due to age.
I am trying to connect several Sophos UTM to my SUM however it is impossible, the log that I have are the following:
Hello!
Looks maybe like a known problem ;) What does the SUM Daemon Log on your SUM say? Can you paste it here? Next question, did you restore a configuration from one of your existing firewalls on this firewall, that doesn´t want to register? If yes, did you reset the system GUID? If you resetted it, and it still doesn´t work, 1.) stop central management, 2)delete the guid on CLI: "rm /etc/guid" and after that 3.) restart central management and see if the utm registers now.
After that, let us know.
1- What does the SUM Daemon Log on your SUM say? Can you paste it here?
How can I get these log? You indicate me?
2- did you restore a configuration from one of your existing firewalls on this firewall, that doesn´t want to register?
I did not do any restoration in the UTMs.
Hi,
to 1: Login into the SUM´s Webadmin Interface. https://ip-of-sum:4444, Then go to Logging&Reporting, select "view log files". There you can view the SUM core daemon Logs.
So this second machine, is a fresh install and it was never connected to the sum before, is that right? But with having the logs, maybe we can see, if the sum receives the connection tries from your new machine. Did you install the sum yourself? Maybe there is a connection restriction configured. For that take a look at Management-->Sophos UTM Manager-->Device Security. What is currently configured for Device access control "Allowed Networks"?
I think, at first it needs to be verified, if your new UTM gets a connection to the utm. If we cannot see anything in the logs, you should make a tcpdump on sum to see if something arrives.
Regards
This is the record that I get:
2018:01:16-11:54:56 utmcenter accd: 91192 [0xe04fab70] WARN server.device.DeviceSession null - DeviceSession::clear() IO error during recv [device;guid:006fcb09-7226-3c6c-9a23-e398c49a17c0;ip:34.193.xxx.xxx]
2018:01:16-11:54:56 utmcenter accd: 91192 [0xee70fb70] ERROR libs.io.Session null - send attempted after previous error [device;guid:006fcb09-7226-3c6c-9a23-e398c49a17c0;ip:34.193.xxx.xxx]
2018:01:16-11:54:56 utmcenter accd: 91192 [0xee70fb70] WARN server.device.DeviceSession null - DeviceSession::clear() IO error during sendDone [device;guid:006fcb09-7226-3c6c-9a23-e398c49a17c0;ip:34.193.xxx.xxx]
The ip publishes 34.193.xxx.xxx is from my UTM, however I have about 3 UTM Sophos which have problems to connect to the S U M. Why I only get my UTM records which is published by 34.193.xxx.xxx?
Did you install the sum yourself?
The S U M install it myself
What is currently configured for Device access control "Allowed Networks"?
In allowed networks, "Any" is configured.
I think, at first it needs to be verified, if your new UTM gets a connection to the utm. If we can not see anything in the logs, you should make a tcpdump on sum to see if something arrives.
If it is necessary to see it through tcpdump I will have to do it. You help me please?
Thank you very much !!
Hi,
do I understand it correct, that in the moment none of your UTMs are able to connect to the SUM? So did that already work before or did you never manage to get it working? So please list the exact UTM Software versions, that are active on your UTM Devices.
What for a device is in front of the sum? Is there a firewall configured with NAT/Port Forwarding or is the SUM (70.35.196.XXX) connected directly to the internet? Did you try to connect a device (just as a test) from the internal Interface (if you have)? Did you also try to allow the access to the sum Webadmin from internet for one specific public IP to test, if you can access the webadmin for example? I mean, could it be, that there is some sort of filtering devices between UTM and SUM? Could it be, that your provider is manipulating this communication?
Lets see, if we can get closer ;)