This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with AD synchronization after installing Sophos Web Appliance update v4.3.3

Hi,

I'm experiencing AD synchronization problems after installing Sophos Web Appliance update v.4.3.3. It seems to be a problem with SMBv2. LDAP settings test fails. Before installing this update, we never experienced such problems. Is there anybody that is experiencing similar problem? I would appreciate so much if somebody can share the solution to this problem.

 

Thank you.



This thread was automatically locked due to age.
Parents
  • We have the same issue here.

    Since the update we get each night the following message:

    "The appliance encountered a problem synchronizing with one or more Trusted Subdomains in the Active Directory."

    We have opened a case for it with Sophos support but it is probably a difficult problem to solve because I have not seen regular update from it. Very disappointing...

Reply
  • We have the same issue here.

    Since the update we get each night the following message:

    "The appliance encountered a problem synchronizing with one or more Trusted Subdomains in the Active Directory."

    We have opened a case for it with Sophos support but it is probably a difficult problem to solve because I have not seen regular update from it. Very disappointing...

Children
  • Hi Arjan,

     

    I have just received a response from Sophos stating that there is a bug NSWA-1390 and Sophos is working in order to fix this up but there is no ETA for the same. The only workaround is to set up a captive portal. However, in our case it doesn't seem to be a solution. We restored the last backup of the SWA (virtual machine) and installed update v4.3.2.2. Now we are taking care so that update v4.3.3 is not being installed by SWA

  • We have also received an answer on our issue.

    For us there is no relation to the bug you mentioned (at least this is what Sophos support is telling me)

     

    They have suggested to change the LDAP port from 3268 to 389.

    As I do not know the exact impact of this change I will need to do this in a maintenance window.

    Because the new version (v4.3.3.1) is being rolled out soon I first wait for that update to be installed and after that I will do this change if the sync problem still exist.

     

  • Hello

    3268/3269 to 389/636 ports have different purposes.   In a nutshell, the ports 389/636 can be used to target a domain specific information (the domain of the domain controller you target) and the ports 3268/3269 (global catalog) are used to target forest wide information (read only copy of the objects of every domain but not all attributes).

    389 means you are unencrypted.  3268 is unencrypted as well.  I've tried secured 636 instead of 389.  Still fails.  So LDAP on Sophos WEB appliances uses unsecured networking.  SMBv2 is still not functioning.

    What is frustrating, is Sophos already have a client that install on domain controllers.  "STAS".  They could leverage this on all Sophos appliances, no ?  It would avoid that orgy of set-ups: Registry + Firewall rules.

    Paul Jr Robitaille

  • Thanks for the information.

     

    I will discuss it with my colleagues what to do next.

  • For us it is solved now by allowing LDAP access to the domain controllers of the sub domains which were failing.

    Now we will see if the performance Will also improve because that was also quite bad during the time this warning was happening.

  • Hi Astrit,

     

    We have same issues, and always same problem with 4.3.4....

     

    Did you correct your problem please ?

  • Restarted the appliance today to check if anything improved.

    - Active directory still fails working on secured ports. Still have to use old unsecured ports like 3 decades ago.

    - MBv2 still implemented like SMBv1.

    - Besides, nothing except virus definitions, updated since months.

    - Still cannot connect it with XG in transparent mode.

    - Could not find dual engine scanning.  Are we still stuck with poorly rated Sophos AV engine and no way to run Avira AV engine ?

    Here: https://www.av-test.org/en/antivirus/business-windows-client/ we learn Sophos is rated 4.5/6 ... 75%

    Yes Sophos is rated worse than Microsoft.  That's seriously worrying.

    And the very serious https://www.av-comparatives.org/ have not given a single "award" to Sophos since mid 2016.  Yes, not even a mediocre "standard".

     

    Sophos WEB appliance looks like a dead product.

    PJR

  • Yeah I know. We also find it very strange Sophos can implement a secure LDAP communication poort.

     

    TCP 636 I have heard is also not secure, it is using SSLv2 by default which is also vulnerable.

    Only thing we can do is use tcp 389 and than specify secure communication with ldaps:// in front of the hostname.

    But that is not possible either...