I am new to the Sophos world and have a new SX135W that I am working to get setup. We migrated policies from and older SG230 and now seem to have broken the connection to Sophos Central. I added a rule to permit any traffic to Sophos LiveCentral and it is back to "Connected" but am still unable to select and modify the new firewall. I am not even sure that is the proper way to write the rule and wanted to see about what should be there to allow traffic between the SX and Sophos Central. Also are there any other basic policies I should make sure are added as part of the new config to make sure other services like this work properly?
Thanks in advance ....
Thank you for contacting the Sophos Community!
Have you followed this KB, which is basically what rfcat_vk is referring to.
Make sure you don't have a Firewall rule set to drop ANY to ANY, and also let us know if you are running v17 or v18
It was integrating fine with Sophos Central until we imported the config from the old unit. I will go through the policy config. It would not even show connected until I added the policy to allow traffic to Sophos Live Central. I will be going back through the rules this morning and see what I can find. This is a unit that I inherited so not sure what all the rules are at the moment.
It did upgrade to the latest firmware so is running V18
In looking at the rules on the firewall, I do have a drop all at the very bottom that is grayed out and so far unable to change or delete. Thoughts on how to remove this if that is the issue?
the bottom rule is a default drop all, you cannot delete it. The rule was displayed after e number of posts complained that the drop all default rule was not visible and causing people to create extra rules.
Thank you for the follow-up.
Please provide the output of the following 3 commands:
# central-register --status
# openssl s_client -connect utm.cloud.sophos.com:443
(For this one, just copy the lines until before --BEGIN CERTIFICATE--
# wget -O /dev/null utm.cloud.sophos.com
And if the XG is showing in Central, and if you are able to click to access to it, please run the following command in the XG while you are tying to access
# tcpdump -nei any host utm-cloudstation-us-east-2.prod.hydra.sophos.com
XG135w_XN02_SFOS 18.0.1 MR-1-Build396# central-register –status
This SFOS instance is currently registered with Sophos Central
access_token : ee0c658713627d65c0fd6e0253ef798283b8a0b7
device_uuid : c341194b-c0dc-4c87-ad7c-6c6747ba6b47
pic_uri : utm-cloudstation-us-east-2.prod.hydra.sophos.com
refresh_token : ALWad8ogMxKzKbTS5jViDNcQ2mqGR00vn4BmJpHn9_00bsBJeE3cqMrk7AO7mrpb16OsQ1dg5JcxWqvPnp4MXg9hoK9YBC8nucHpPgRSpRngIUREVey2DabLUiQOWVbRdV_O7nSXrkSpAvhU3bdM_CA
XG135w_XN02_SFOS 18.0.1 MR-1-Build396# openssl s_client -connect utm.cloud.sophos.com:443
depth=4 C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
depth=3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
depth=1 C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
depth=0 CN = central.sophos.com
i:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
1 s:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
i:/C=US/O=Amazon/CN=Amazon Root CA 1
2 s:/C=US/O=Amazon/CN=Amazon Root CA 1
i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
3 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
wget -O /dev/null utm.cloud.sophos.com
HTTP/1.1 400 Bad Request
Date: Tue, 20 Oct 2020 13:36:00 GMT
<head><title>400 Bad Request</title></head>
<center><h1>400 Bad Request</h1></center>
XG135w_XN02_SFOS 18.0.1 MR-1-Build396# wget -O /dev/null utm.cloud.sophos.com
--2020-10-20 09:36:47-- http://utm.cloud.sophos.com/
Resolving utm.cloud.sophos.com... 184.108.40.206, 220.127.116.11, 18.104.22.168
Connecting to utm.cloud.sophos.com|22.214.171.124|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: utm.cloud.sophos.com:443/ [following]
--2020-10-20 09:36:51-- https://utm.cloud.sophos.com/
Connecting to utm.cloud.sophos.com|126.96.36.199|:443... connected.
HTTP request sent, awaiting response... 302
Location: /login [following]
--2020-10-20 09:36:51-- utm.cloud.sophos.com/login
Reusing existing connection to utm.cloud.sophos.com:443.
Location: /manage/login [following]
--2020-10-20 09:36:52-- utm.cloud.sophos.com/.../login
HTTP request sent, awaiting response... 200
Length: unspecified [text/html]
Saving to: '/dev/null'
/dev/null [ <=> ] 14.29K --.-KB/s in 0.1s
2020-10-20 09:36:52 (110 KB/s) - '/dev/null' saved 
Thank you for the output of the commands. They seem correct.
Could you please Deregister Central Sync from the XG itself and then remove the XG from Sophos Central, and then re-register Sophos Central in the XG first and then in Sophos Central. Make sure you have access to the email used in the XG to register Sophos Central.
If after this the issue remains let me know.