This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SUM Problem connect

I am trying to connect several Sophos UTM to my SUM however it is impossible, the log that I have are the following:

 

2018:01:13-09:27:07 utm device-agent[5361]: 1 is not connected. Trying to connect
2018:01:13-09:27:07 utm device-agent[5361]: Updating SUM IP address for path: acc/server1/server
2018:01:13-09:27:07 utm device-agent[5361]: [1] Connecting to SUM (ip=70.35.196.251, port=4433).
2018:01:13-09:27:07 utm device-agent[5361]: [1] Using SUM SSL connection.
2018:01:13-09:27:07 utm device-agent[5361]: [1] SUM connection failure, retrying (ip=70.35.196.XXX, port=4433). SSL-connect: 'IO::Socket::INET6 configuration failed'
2018:01:13-09:27:08 utm device-agent[5361]: [1] SUM connection failure, retrying (ip=70.35.196.XXX, port=4433). SSL-connect: 'IO::Socket::INET6 configuration failed'
2018:01:13-09:27:09 utm device-agent[5361]: [1] Connection failed (ip=70.35.196.251, port=4433).
2018:01:13-09:27:09 utm device-agent[5361]: Not reporting inotify: no role
2018:01:13-09:27:12 utm device-agent[5361]: timer2 -> module 1 not executing: denied by role
2018:01:13-09:27:12 utm device-agent[5361]: timer2 -> module 2 not executing: denied by role
2018:01:13-09:27:12 utm device-agent[5361]: timer2 -> module 3 not executing: denied by role
2018:01:13-09:27:12 utm device-agent[5361]: timer2 -> module 4 not executing: denied by role
2018:01:13-09:27:12 utm device-agent[5361]: timer2 -> module 5 not executing: denied by role
2018:01:13-09:27:12 utm device-agent[5361]: timer2 -> module 6 not executing: denied by role
2018:01:13-09:27:12 utm device-agent[5361]: timer2 -> module 7 not executing: denied by role
2018:01:13-09:27:17 utm device-agent[5361]: timer2 -> module 1 not executing: denied by role
2018:01:13-09:27:17 utm device-agent[5361]: timer2 -> module 2 not executing: denied by role
2018:01:13-09:27:17 utm device-agent[5361]: timer2 -> module 3 not executing: denied by role
2018:01:13-09:27:17 utm device-agent[5361]: timer2 -> module 4 not executing: denied by role
2018:01:13-09:27:17 utm device-agent[5361]: timer2 -> module 5 not executing: denied by role
2018:01:13-09:27:17 utm device-agent[5361]: timer2 -> module 6 not executing: denied by role
2018:01:13-09:27:17 utm device-agent[5361]: timer2 -> module 7 not executing: denied by role
2018:01:13-09:27:17 utm device-agent[5361]: 1 is not connected. Trying to connect
2018:01:13-09:27:17 utm device-agent[5361]: Updating SUM IP address for path: acc/server1/server
2018:01:13-09:27:17 utm device-agent[5361]: [1] Connecting to SUM (ip=70.35.196.XXX, port=4433).
2018:01:13-09:27:17 utm device-agent[5361]: [1] Using SUM SSL connection.
2018:01:13-09:27:17 utm device-agent[5361]: [1] SUM connection failure, retrying (ip=70.35.196.XXX, port=4433). SSL-connect: 'IO::Socket::INET6 configuration failed'
2018:01:13-09:27:18 utm device-agent[5361]: [1] SUM connection failure, retrying (ip=70.35.196.XXX, port=4433). SSL-connect: 'IO::Socket::INET6 configuration failed'
2018:01:13-09:27:19 utm device-agent[5361]: [1] Connection failed (ip=70.35.196.XXX, port=4433).
2018:01:13-09:27:19 utm device-agent[5361]: Creating 'daily' reporting data
2018:01:13-09:27:19 utm device-agent[5361]: reporting.change': daily
2018:01:13-09:27:19 utm device-agent[5361]: /var/log/reporting/meta/0//memswap_daily.ph does not exist. Continuing without it. (harmless)
2018:01:13-09:27:19 utm device-agent[5361]: /var/log/reporting/meta/0//disk_usage_daily.ph does not exist. Continuing without it. (harmless)
 
I have other UTM that are already connected without any problem, try adding one more and it was achieved without problems. The Firewall rule is fully open in both the SUM and Sophos UTM. The Sophos SUM version 4.306-3 and the final UTM are all the same


For what is this?


This thread was automatically locked due to age.
Parents
  • Hello!

     

    Looks maybe like a known problem ;) What does the SUM Daemon Log on your SUM say? Can you paste it here? Next question, did you restore a configuration from one of your existing firewalls on this firewall, that doesn´t want to register? If yes, did you reset the system GUID? If you resetted it, and it still doesn´t work, 1.) stop central management, 2)delete the guid on CLI: "rm /etc/guid" and after that 3.) restart central management and see if the utm registers now.

     

     

    After that, let us know.

  •  1- What does the SUM Daemon Log on your SUM say? Can you paste it here? 

    How can I get these log? You indicate me?

     

     

    2- did you restore a configuration from one of your existing firewalls on this firewall, that doesn´t want to register? 

    I did not do any restoration in the UTMs.

     

     

  • Hi,

     

    to 1: Login into the SUM´s Webadmin Interface. https://ip-of-sum:4444, Then go to Logging&Reporting, select "view log files". There you can view the SUM core daemon Logs.

     

    So this second machine, is a fresh install and it was never connected to the sum before, is that right? But with having the logs, maybe we can see, if the sum receives the connection tries from your new machine. Did you install the sum yourself? Maybe there is a connection restriction configured. For that take a look at Management-->Sophos UTM Manager-->Device Security. What is currently configured for Device access control "Allowed Networks"?

     

    I think, at first it needs to be verified, if your new UTM gets a connection to the utm. If we cannot see anything in the logs, you should make a tcpdump on sum to see if something arrives.

     

    Regards

     

     

Reply
  • Hi,

     

    to 1: Login into the SUM´s Webadmin Interface. https://ip-of-sum:4444, Then go to Logging&Reporting, select "view log files". There you can view the SUM core daemon Logs.

     

    So this second machine, is a fresh install and it was never connected to the sum before, is that right? But with having the logs, maybe we can see, if the sum receives the connection tries from your new machine. Did you install the sum yourself? Maybe there is a connection restriction configured. For that take a look at Management-->Sophos UTM Manager-->Device Security. What is currently configured for Device access control "Allowed Networks"?

     

    I think, at first it needs to be verified, if your new UTM gets a connection to the utm. If we cannot see anything in the logs, you should make a tcpdump on sum to see if something arrives.

     

    Regards

     

     

Children
  • This is the record that I get:

     

    2018:01:16-11:54:56 utmcenter accd: 91192 [0xe04fab70] WARN server.device.DeviceSession null - DeviceSession::clear() IO error during recv [device;guid:006fcb09-7226-3c6c-9a23-e398c49a17c0;ip:34.193.xxx.xxx]
    2018:01:16-11:54:56 utmcenter accd: 91192 [0xee70fb70] ERROR libs.io.Session null - send attempted after previous error [device;guid:006fcb09-7226-3c6c-9a23-e398c49a17c0;ip:34.193.xxx.xxx]
    2018:01:16-11:54:56 utmcenter accd: 91192 [0xee70fb70] WARN server.device.DeviceSession null - DeviceSession::clear() IO error during sendDone [device;guid:006fcb09-7226-3c6c-9a23-e398c49a17c0;ip:34.193.xxx.xxx]

    The ip publishes 34.193.xxx.xxx is from my UTM, however I have about 3 UTM Sophos which have problems to connect to the S U M. Why I only get my UTM records which is published by 34.193.xxx.xxx?


    Did you install the sum yourself?
    The S U M install it myself

    What is currently configured for Device access control "Allowed Networks"?
    In allowed networks, "Any" is configured.

    I think, at first it needs to be verified, if your new UTM gets a connection to the utm. If we can not see anything in the logs, you should make a tcpdump on sum to see if something arrives. 

    If it is necessary to see it through tcpdump I will have to do it. You help me please?

    Thank you very much !!

  • Hi,

     

    do I understand it correct, that in the moment none of your UTMs are able to connect to the SUM? So did that already work before or did you never manage to get it working? So please list the exact UTM Software versions, that are active on your UTM Devices.

     

    What for a device is in front of the sum? Is there a firewall configured with NAT/Port Forwarding or is the SUM (70.35.196.XXX) connected directly to the internet? Did you try to connect a device (just as a test) from the internal Interface (if you have)? Did you also try to allow the access to the sum Webadmin from internet for one specific public IP to test, if you can access the webadmin for example? I mean, could it be, that there is some sort of filtering devices between UTM and SUM? Could it be, that your provider is manipulating this communication?

     

    Lets see, if we can get closer ;)

     

  • Did you simply try a reboot on the SUM? Some it guys here in germany say "Reboot tut gut", that means something like "reboot does good".

  • finally I managed to connect all my sophos utm to S U M

    Thank you