Sophos XG Firewall - License activation unavailable (error XG-00151). See KB-000043485 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Timeout errors on external network users (WAF)

Since installing 9.707-5 we have had several external users who are getting proxy errors (502) and request timeouts when accessing our websites.  Doing the same thing locally does not incur the same errors and works fine.  This started right after installing the latest patch. 

Any ideas on how to troubleshoot?  Everything appears to be working just fine and configured correctly, but they continue to have these errors.  The back end servers are working just fine so we suspect a communication issue OR a firewall issue. 

Running UTM9 on a SG330 HA cluster. 

Thanks.  Jason



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember 3 months ago

    Hi ,

    Thank you for reaching out to the Community! 

    I'd suggest you check reverseproxy logs on your UTM. If possible, post them on here. 

    Thanks,

  • They did not like my response lol.  Here is a snip of the WAF log.  I assume this is the reverseproxy log?  

    2021:08:02-08:03:58 Claimsbridge-1 httpd: id="0299" srcip="98.103.164.98" localip="173.10.176.172" size="120" user="-" host="98.103.164.98" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="54027" url="/Empty.aspx" server="www.claimsbridge.net" port="443" query="" referer="-" cookie="ClaimsBridge2FA=Key=3z0LTyyAv1fy5aiTEiPelxs9B2vl4YSl" set-cookie="ASP.NET_SessionId=glaca0gyyos3fp5k0zer45mk; path=/; HttpOnly; SameSite=Lax" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YQffLvFgJDda3ZjUj9cwpwAAAJE"
    2021:08:02-08:23:46 Claimsbridge-1 httpd: id="0299" srcip="98.103.164.98" localip="173.10.176.172" size="1195" user="-" host="98.103.164.98" method="GET" statuscode="500" reason="-" extra="-" exceptions="-" time="129554248" url="/PPO/ManualPricing.aspx" server="www.claimsbridge.net" port="443" query="" referer="">www.claimsbridge.net/Empty.aspx" cookie="ClaimsBridge2FA=Key=3z0LTyyAv1fy5aiTEiPelxs9B2vl4YSl; ASP.NET_SessionId=qh1yaadkn151pgsjczzktxbe; .ClaimsBridge=B3782A32A80EB29395CCEB88C56D420809F3652FDF607C69E4270559517F76860E68D0D53FF1B372286CEEB6D8327F9A5DBE2A11356E0F54CDED1249F060CE4CD866B315EA55976D19FB7197AF4A8013F88CC8C9E0CF6C78CB7E01D4C39E343E70A54932066AD869DF155458F52FA8AE80B4D65A36679F5A6FE4AF4394A56AF6CC524AE800BBB75672C175F4084AE1F0" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YQfjUPFgJDda3ZjUj9cxKwAAAHA"

  • This is a head-scratcher, Jason.

    statuscode="500"

    500 (internal server error) is the code returned when there's no more specific message available.  The 502 error your customer is seeing indicates "bad gateway."  These are causing the timeouts.

    Since you're in North America, I would open a support case at support.sophos.com and ask your reseller to have the case escalated.

    In the meantime, you might check if the few customers having this problem are all using the same version of the same browser.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks!  I will do that

Reply Children
No Data