Hello,
I just re-saved the config of one RED Device without change to be sure, the settings are applied correctly to the device.
In Log viewer I then surprisingly noticed that all other REDs immediately disconnected and reconnected during working hours.
It this expected?
Hello LHerzog,
Thank you for contacting the Sophos Community!
No, this shouldn't happen!
Please check the output of the /log/red.log /log/syslog.log
If you are able to reproduce after hours, you would need to open a ticket with Support to get this escalated to DEV.
Regards,
Hello LHerzog,
Thank you for contacting the Sophos Community!
No, this shouldn't happen!
Please check the output of the /log/red.log /log/syslog.log
If you are able to reproduce after hours, you would need to open a ticket with Support to get this escalated to DEV.
Regards,
Thank you emmosophos.
By the first red.log logline I think this is reproduceable. I will try later.
Wed Dec 2 10:05:44 2020 REDD INFO: server: (Re-)loading device configurations
this is the exact time of my change
Also besides the reported problem here, while reviewing the logs I find it strange that there are many bad SSL handshakes like this:
Can not do SSL handshake on Socket accept from 'RED-IP-ADDRESS': SSL accept attempt failed
RED.log: Wed Dec 2 10:05:44 2020 REDD INFO: server: (Re-)loading device configurations Wed Dec 2 10:06:02 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A36017C9xxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Wed Dec 2 10:06:07 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A36017C9xxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Wed Dec 2 10:06:13 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A3501DBxxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Wed Dec 2 10:06:13 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A340251xxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Wed Dec 2 10:06:16 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A360208xxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Wed Dec 2 10:06:16 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A350280xxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Wed Dec 2 10:06:17 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A360279xxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Wed Dec 2 10:06:17 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A360171xxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Wed Dec 2 10:06:18 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A3501D3xxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Wed Dec 2 10:06:18 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from 'RED-IP-ADDRESS': SSL accept attempt failed because of handshake problems Wed Dec 2 10:06:19 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A3601717Bxxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Wed Dec 2 10:06:20 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID R60001Kxxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Wed Dec 2 10:06:22 2020 REDD INFO: server: New connection from RED-IP-ADDRESS with ID A350266xxxxxxxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1 Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Reading REDv2 key from STDIN: Wed Dec 2 10:08:08 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from 'RED-IP-ADDRESS': SSL accept attempt failed error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol SYSLOG.log: Dec 2 10:05:41 (none) user.info kernel: [4852771.709389] USER ID copy: 0 Dec 2 10:05:53 (none) user.debug heartbeat: [SEND-TLV] No response from autherntication server expected. Dec 2 10:05:56 (none) user.info kernel: [4852771.709389] USER ID copy1: 76 Dec 2 10:05:56 (none) user.info kernel: [4852786.657512] Autoadd peer 0 Dec 2 10:05:56 (none) user.info kernel: [4852786.657514] reds13: Auto-adding peer 0 (from RED-IP-ADDRESS:44140 to XG-IP-ADDRESS:3410) Dec 2 10:05:57 (none) user.info kernel: [4852787.262510] USER ID copy: 0 Dec 2 10:05:57 (none) user.info kernel: [4852787.262511] USER ID copy1: 76 Dec 2 10:05:57 (none) user.info kernel: [4852787.344611] USER ID copy: 0 Dec 2 10:05:57 (none) user.info kernel: [4852787.344612] USER ID copy1: 76 Dec 2 10:05:57 (none) user.info kernel: [4852787.347909] USER ID copy: 0 Dec 2 10:05:57 (none) user.info kernel: [4852787.347910] USER ID copy1: 76 Dec 2 10:05:57 (none) user.info kernel: [4852787.504626] USER ID copy: 0 Dec 2 10:05:57 (none) user.info kernel: [4852787.504627] USER ID copy1: 76 Dec 2 10:05:57 (none) user.info kernel: [4852787.616483] USER ID copy: 0 Dec 2 10:05:57 (none) user.info kernel: [4852787.616484] USER ID copy1: 76 Dec 2 10:05:57 (none) user.info kernel: [4852787.800221] USER ID copy: 0 Dec 2 10:05:58 (none) user.info kernel: [4852787.800222] USER ID copy1: 76 Dec 2 10:05:58 (none) user.info kernel: [4852788.132163] USER ID copy: 0 Dec 2 10:05:58 (none) user.info kernel: [4852788.132164] USER ID copy1: 76 Dec 2 10:05:58 (none) user.info kernel: [4852788.748452] USER ID copy: 0 Dec 2 10:05:59 (none) user.info kernel: [4852788.748453] USER ID copy1: 76 Dec 2 10:05:59 (none) user.info kernel: [4852790.015114] USER ID copy: 0 Dec 2 10:06:00 (none) user.info kernel: [4852790.015115] USER ID copy1: 76 Dec 2 10:06:00 (none) user.info kernel: [4852790.216741] USER ID copy: 0 Dec 2 10:06:00 (none) user.info kernel: [4852790.216742] USER ID copy1: 70 Dec 2 10:06:00 (none) user.info kernel: [4852790.980471] Autoadd peer 0 Dec 2 10:06:00 (none) user.info kernel: [4852790.980474] reds12: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:01 (none) user.info kernel: [4852791.380670] USER ID copy: 0 Dec 2 10:06:01 (none) user.info kernel: [4852791.380671] USER ID copy1: 76 Dec 2 10:06:01 (none) user.info kernel: [4852791.395967] USER ID copy: 0 Dec 2 10:06:01 (none) user.info kernel: [4852791.395967] USER ID copy1: 76 Dec 2 10:06:01 (none) user.info kernel: [4852791.664253] USER ID copy: 0 Dec 2 10:06:01 (none) user.info kernel: [4852791.664254] USER ID copy1: 76 Dec 2 10:06:01 (none) user.err kernel: [4852791.927054] no peer (tx) Dec 2 10:06:01 (none) user.info kernel: [4852791.966138] USER ID copy: 0 Dec 2 10:06:02 (none) user.info kernel: [4852791.966140] USER ID copy1: 76 Dec 2 10:06:02 (none) user.info kernel: [4852792.608654] USER ID copy: 0 Dec 2 10:06:02 (none) user.info kernel: [4852792.608655] USER ID copy1: 76 Dec 2 10:06:02 (none) user.err kernel: [4852792.955469] no peer (tx) Dec 2 10:06:03 (none) user.err kernel: [4852793.152880] RX: decryption failed Dec 2 10:06:03 (none) user.err kernel: [4852793.152882] reds13: red_rx_done: Decryption failed Dec 2 10:06:03 (none) user.err kernel: [4852793.223516] RX: decryption failed Dec 2 10:06:03 (none) user.err kernel: [4852793.223518] reds13: red_rx_done: Decryption failed Dec 2 10:06:03 (none) user.err kernel: [4852793.223546] RX: decryption failed Dec 2 10:06:03 (none) user.err kernel: [4852793.223547] reds13: red_rx_done: Decryption failed Dec 2 10:06:03 (none) user.err kernel: [4852793.834411] RX: decryption failed Dec 2 10:06:03 (none) user.err kernel: [4852793.834412] reds13: red_rx_done: Decryption failed Dec 2 10:06:03 (none) user.err kernel: [4852793.841363] RX: decryption failed Dec 2 10:06:03 (none) user.err kernel: [4852793.841365] reds13: red_rx_done: Decryption failed Dec 2 10:06:03 (none) user.info kernel: [4852793.855208] USER ID copy: 0 Dec 2 10:06:03 (none) user.info kernel: [4852793.855210] USER ID copy1: 76 Dec 2 10:06:03 (none) user.info kernel: [4852793.855229] USER ID copy: 0 Dec 2 10:06:03 (none) user.info kernel: [4852793.855230] USER ID copy1: 76 Dec 2 10:06:03 (none) user.info kernel: [4852793.855430] USER ID copy: 0 Dec 2 10:06:03 (none) user.info kernel: [4852793.855431] USER ID copy1: 76 Dec 2 10:06:03 (none) user.info kernel: [4852793.855761] USER ID copy: 0 Dec 2 10:06:03 (none) user.info kernel: [4852793.855762] USER ID copy1: 76 Dec 2 10:06:03 (none) user.err kernel: [4852793.975483] no peer (tx) Dec 2 10:06:03 (none) user.warn kernel: [4852794.040532] netlink: 153776 bytes leftover after parsing attributes in process `ipsetelite'. Dec 2 10:06:03 (none) user.warn kernel: [4852794.040673] netlink: 153776 bytes leftover after parsing attributes in process `ipsetelite'. Dec 2 10:06:03 (none) user.warn kernel: [4852794.040744] netlink: 153776 bytes leftover after parsing attributes in process `ipsetelite'. Dec 2 10:06:04 (none) user.err kernel: [4852794.431819] RX: decryption failed Dec 2 10:06:04 (none) user.err kernel: [4852794.431821] reds13: red_rx_done: Decryption failed Dec 2 10:06:04 (none) user.err kernel: [4852794.431843] RX: decryption failed Dec 2 10:06:04 (none) user.err kernel: [4852794.431844] reds13: red_rx_done: Decryption failed Dec 2 10:06:05 (none) user.err kernel: [4852795.050096] RX: decryption failed Dec 2 10:06:05 (none) user.err kernel: [4852795.050098] reds13: red_rx_done: Decryption failed Dec 2 10:06:05 (none) user.err kernel: [4852795.050115] RX: decryption failed Dec 2 10:06:05 (none) user.err kernel: [4852795.050116] reds13: red_rx_done: Decryption failed Dec 2 10:06:05 (none) user.err kernel: [4852795.426891] no peer (tx) Dec 2 10:06:05 (none) user.info kernel: [4852795.428603] USER ID copy: 0 Dec 2 10:06:05 (none) user.info kernel: [4852795.428604] USER ID copy1: 76 Dec 2 10:06:05 (none) user.err kernel: [4852795.663663] RX: decryption failed Dec 2 10:06:05 (none) user.err kernel: [4852795.663665] reds13: red_rx_done: Decryption failed Dec 2 10:06:06 (none) user.err kernel: [4852796.439568] no peer (tx) Dec 2 10:06:06 (none) user.info kernel: [4852796.464605] USER ID copy: 0 Dec 2 10:06:06 (none) user.info kernel: [4852796.464606] USER ID copy1: 76 Dec 2 10:06:06 (none) user.info kernel: [4852796.512437] USER ID copy: 0 Dec 2 10:06:07 (none) user.info kernel: [4852796.512438] USER ID copy1: 76 Dec 2 10:06:07 (none) user.err kernel: [4852797.463573] no peer (tx) Dec 2 10:06:07 (none) user.info kernel: [4852797.768366] Autoadd peer 0 Dec 2 10:06:07 (none) user.info kernel: [4852797.768369] reds11: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:08 (none) user.warn kernel: [4852798.372490] red_rx_crypto: 10 callbacks suppressed Dec 2 10:06:08 (none) user.err kernel: [4852798.372491] RX: decryption failed Dec 2 10:06:08 (none) user.warn kernel: [4852798.372492] net_ratelimit: 10 callbacks suppressed Dec 2 10:06:08 (none) user.err kernel: [4852798.372493] reds12: red_rx_done: Decryption failed Dec 2 10:06:08 (none) user.err kernel: [4852798.616732] RX: decryption failed Dec 2 10:06:08 (none) user.err kernel: [4852798.616734] reds12: red_rx_done: Decryption failed Dec 2 10:06:08 (none) user.err kernel: [4852798.669497] RX: decryption failed Dec 2 10:06:08 (none) user.err kernel: [4852798.669499] reds12: red_rx_done: Decryption failed Dec 2 10:06:08 (none) user.err kernel: [4852798.669956] RX: decryption failed Dec 2 10:06:08 (none) user.err kernel: [4852798.669957] reds12: red_rx_done: Decryption failed Dec 2 10:06:09 (none) user.err kernel: [4852799.104738] RX: decryption failed Dec 2 10:06:09 (none) user.err kernel: [4852799.104740] reds12: red_rx_done: Decryption failed Dec 2 10:06:09 (none) user.err kernel: [4852799.265745] RX: decryption failed Dec 2 10:06:09 (none) user.err kernel: [4852799.265747] reds12: red_rx_done: Decryption failed Dec 2 10:06:09 (none) user.err kernel: [4852799.265987] RX: decryption failed Dec 2 10:06:09 (none) user.err kernel: [4852799.265987] reds12: red_rx_done: Decryption failed Dec 2 10:06:09 (none) user.err kernel: [4852799.427266] no peer (tx) Dec 2 10:06:09 (none) user.err kernel: [4852799.881528] RX: decryption failed Dec 2 10:06:09 (none) user.err kernel: [4852799.881530] reds12: red_rx_done: Decryption failed Dec 2 10:06:09 (none) user.err kernel: [4852799.881969] RX: decryption failed Dec 2 10:06:09 (none) user.err kernel: [4852799.881970] reds12: red_rx_done: Decryption failed Dec 2 10:06:09 (none) user.info kernel: [4852800.013581] USER ID copy: 0 Dec 2 10:06:10 (none) user.info kernel: [4852800.013582] USER ID copy1: 38 Dec 2 10:06:10 (none) user.err kernel: [4852800.080596] RX: decryption failed Dec 2 10:06:10 (none) user.err kernel: [4852800.080598] reds12: red_rx_done: Decryption failed Dec 2 10:06:10 (none) user.info kernel: [4852800.205048] Autoadd peer 0 Dec 2 10:06:10 (none) user.info kernel: [4852800.205051] reds5: Auto-adding peer 0 (from RED-IP-ADDRESS:52340 to XG-IP-ADDRESS:3410) Dec 2 10:06:10 (none) user.info kernel: [4852800.369004] Autoadd peer 0 Dec 2 10:06:10 (none) user.info kernel: [4852800.369006] reds20: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:10 (none) user.err kernel: [4852800.439666] no peer (tx) Dec 2 10:06:10 (none) user.err kernel: [4852800.636724] no peer (tx) Dec 2 10:06:10 (none) user.err kernel: [4852800.636743] no peer (tx) Dec 2 10:06:10 (none) user.err kernel: [4852800.636744] no peer (tx) Dec 2 10:06:10 (none) user.err kernel: [4852800.636750] no peer (tx) Dec 2 10:06:10 (none) user.err kernel: [4852800.636995] no peer (tx) Dec 2 10:06:10 (none) user.err kernel: [4852800.637003] no peer (tx) Dec 2 10:06:10 (none) user.info kernel: [4852800.637617] Autoadd peer 0 Dec 2 10:06:10 (none) user.info kernel: [4852800.637619] reds23: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:10 (none) user.info kernel: [4852800.873158] Autoadd peer 0 Dec 2 10:06:10 (none) user.info kernel: [4852800.873160] reds7: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:11 (none) user.err kernel: [4852801.463678] no peer (tx) Dec 2 10:06:11 (none) user.info kernel: [4852801.477688] Autoadd peer 0 Dec 2 10:06:11 (none) user.info kernel: [4852801.477691] reds16: Auto-adding peer 0 (from RED-IP-ADDRESS:51638 to XG-IP-ADDRESS:3410) Dec 2 10:06:12 (none) user.info kernel: [4852802.161231] Autoadd peer 0 Dec 2 10:06:12 (none) user.info kernel: [4852802.161234] reds22: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:12 (none) user.warn kernel: [4852802.569862] red_tx_skb: 5 callbacks suppressed Dec 2 10:06:12 (none) user.err kernel: [4852802.569862] no peer (tx) Dec 2 10:06:12 (none) user.err kernel: [4852802.619690] no peer (tx) Dec 2 10:06:12 (none) user.err kernel: [4852802.626575] no peer (tx) Dec 2 10:06:12 (none) user.err kernel: [4852802.633725] no peer (tx) Dec 2 10:06:12 (none) user.err kernel: [4852802.681543] no peer (tx) Dec 2 10:06:12 (none) user.err kernel: [4852802.806727] no peer (tx) Dec 2 10:06:12 (none) user.err kernel: [4852802.847825] no peer (tx) Dec 2 10:06:12 (none) user.err kernel: [4852802.918456] no peer (tx) Dec 2 10:06:12 (none) user.err kernel: [4852802.929926] no peer (tx) Dec 2 10:06:13 (none) user.err kernel: [4852803.352005] no peer (tx) Dec 2 10:06:13 (none) user.warn kernel: [4852803.768500] red_rx_crypto: 7 callbacks suppressed Dec 2 10:06:13 (none) user.err kernel: [4852803.768501] RX: decryption failed Dec 2 10:06:13 (none) user.warn kernel: [4852803.768502] net_ratelimit: 7 callbacks suppressed Dec 2 10:06:13 (none) user.err kernel: [4852803.768503] reds11: red_rx_done: Decryption failed Dec 2 10:06:13 (none) user.info kernel: [4852803.872768] Autoadd peer 0 Dec 2 10:06:13 (none) user.info kernel: [4852803.872771] reds1: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:14 (none) user.err kernel: [4852804.268252] RX: decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.268254] reds11: red_rx_done: Decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.399233] RX: decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.399235] reds23: red_rx_done: Decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.408425] RX: decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.408426] reds23: red_rx_done: Decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.409589] RX: decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.409590] reds23: red_rx_done: Decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.411183] RX: decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.411184] reds23: red_rx_done: Decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.411241] RX: decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.411242] reds23: red_rx_done: Decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.411500] RX: decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.411501] reds23: red_rx_done: Decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.411503] RX: decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.411504] reds23: red_rx_done: Decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.411507] RX: decryption failed Dec 2 10:06:14 (none) user.err kernel: [4852804.411508] reds23: red_rx_done: Decryption failed Dec 2 10:06:16 (none) user.info kernel: [4852806.178364] Autoadd peer 0 Dec 2 10:06:16 (none) user.info kernel: [4852806.178366] reds18: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:17 (none) user.warn kernel: [4852807.682819] red_tx_skb: 129 callbacks suppressed Dec 2 10:06:17 (none) user.err kernel: [4852807.682819] no peer (tx) Dec 2 10:06:17 (none) user.err kernel: [4852807.748873] no peer (tx) Dec 2 10:06:17 (none) user.err kernel: [4852807.765644] no peer (tx) Dec 2 10:06:17 (none) user.err kernel: [4852807.927840] no peer (tx) Dec 2 10:06:17 (none) user.err kernel: [4852807.935907] no peer (tx) Dec 2 10:06:18 (none) user.err kernel: [4852808.200808] no peer (tx) Dec 2 10:06:18 (none) user.err kernel: [4852808.281937] no peer (tx) Dec 2 10:06:18 (none) user.err kernel: [4852808.375849] no peer (tx) Dec 2 10:06:18 (none) user.err kernel: [4852808.379850] no peer (tx) Dec 2 10:06:18 (none) user.err kernel: [4852808.379851] no peer (tx) Dec 2 10:06:18 (none) user.warn kernel: [4852808.903064] red_rx_crypto: 1421 callbacks suppressed Dec 2 10:06:18 (none) user.err kernel: [4852808.903064] RX: decryption failed Dec 2 10:06:18 (none) user.warn kernel: [4852808.903065] net_ratelimit: 1421 callbacks suppressed Dec 2 10:06:18 (none) user.err kernel: [4852808.903066] reds7: red_rx_done: Decryption failed Dec 2 10:06:18 (none) user.err kernel: [4852808.904379] RX: decryption failed Dec 2 10:06:18 (none) user.err kernel: [4852808.904380] reds7: red_rx_done: Decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.127550] RX: decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.127556] reds16: red_rx_done: Decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.127595] RX: decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.127595] reds16: red_rx_done: Decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.205974] RX: decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.205976] reds5: red_rx_done: Decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.241569] RX: decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.241571] reds20: red_rx_done: Decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.242521] RX: decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.242524] reds20: red_rx_done: Decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.459055] RX: decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.459057] reds7: red_rx_done: Decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.460024] RX: decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.460026] reds20: red_rx_done: Decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.460492] RX: decryption failed Dec 2 10:06:19 (none) user.err kernel: [4852809.460493] reds7: red_rx_done: Decryption failed Dec 2 10:06:22 (none) user.warn kernel: [4852812.818338] red_tx_skb: 54 callbacks suppressed Dec 2 10:06:22 (none) user.err kernel: [4852812.818338] no peer (tx) Dec 2 10:06:23 (none) user.err kernel: [4852813.214893] no peer (tx) Dec 2 10:06:23 (none) user.err kernel: [4852813.214900] no peer (tx) Dec 2 10:06:23 (none) user.err kernel: [4852813.214921] no peer (tx) Dec 2 10:06:23 (none) user.err kernel: [4852813.214926] no peer (tx) Dec 2 10:06:23 (none) user.err kernel: [4852813.399973] no peer (tx) Dec 2 10:06:23 (none) user.err kernel: [4852813.403970] no peer (tx) Dec 2 10:06:23 (none) user.err kernel: [4852813.463972] no peer (tx) Dec 2 10:06:23 (none) user.err kernel: [4852813.463976] no peer (tx) Dec 2 10:06:23 (none) user.info kernel: [4852813.515987] reds22: auto-removing peer RED-IP-ADDRESS:3410 Dec 2 10:06:23 (none) user.err kernel: [4852813.524062] no peer (tx) Dec 2 10:06:24 (none) user.warn kernel: [4852814.055294] red_rx_crypto: 553 callbacks suppressed Dec 2 10:06:24 (none) user.err kernel: [4852814.055295] RX: decryption failed Dec 2 10:06:24 (none) user.warn kernel: [4852814.055296] net_ratelimit: 553 callbacks suppressed Dec 2 10:06:24 (none) user.err kernel: [4852814.055297] reds1: red_rx_done: Decryption failed Dec 2 10:06:24 (none) user.err kernel: [4852814.058332] RX: decryption failed Dec 2 10:06:24 (none) user.err kernel: [4852814.058333] reds1: red_rx_done: Decryption failed Dec 2 10:06:24 (none) user.err kernel: [4852814.101326] RX: decryption failed Dec 2 10:06:24 (none) user.err kernel: [4852814.101328] reds1: red_rx_done: Decryption failed Dec 2 10:06:24 (none) user.err kernel: [4852814.102098] RX: decryption failed Dec 2 10:06:24 (none) user.err kernel: [4852814.102099] reds1: red_rx_done: Decryption failed Dec 2 10:06:24 (none) user.err kernel: [4852814.108055] RX: decryption failed Dec 2 10:06:24 (none) user.err kernel: [4852814.108057] reds1: red_rx_done: Decryption failed Dec 2 10:06:25 (none) user.err kernel: [4852815.454968] RX: decryption failed Dec 2 10:06:25 (none) user.err kernel: [4852815.454970] reds18: red_rx_done: Decryption failed Dec 2 10:06:25 (none) user.err kernel: [4852815.455086] RX: decryption failed Dec 2 10:06:25 (none) user.err kernel: [4852815.455087] reds18: red_rx_done: Decryption failed Dec 2 10:06:25 (none) user.err kernel: [4852815.455192] RX: decryption failed Dec 2 10:06:25 (none) user.err kernel: [4852815.455192] reds18: red_rx_done: Decryption failed Dec 2 10:06:25 (none) user.err kernel: [4852815.455247] RX: decryption failed Dec 2 10:06:25 (none) user.err kernel: [4852815.455248] reds18: red_rx_done: Decryption failed Dec 2 10:06:25 (none) user.err kernel: [4852815.455298] RX: decryption failed Dec 2 10:06:25 (none) user.err kernel: [4852815.455298] reds18: red_rx_done: Decryption failed Dec 2 10:06:26 (none) user.info kernel: [4852816.659405] Autoadd peer 0 Dec 2 10:06:26 (none) user.info kernel: [4852816.659408] reds24: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:27 (none) user.warn kernel: [4852817.827284] red_tx_skb: 1860 callbacks suppressed Dec 2 10:06:27 (none) user.err kernel: [4852817.827284] no peer (tx) Dec 2 10:06:27 (none) user.err kernel: [4852817.841008] no peer (tx) Dec 2 10:06:27 (none) user.err kernel: [4852817.847666] no peer (tx) Dec 2 10:06:27 (none) user.err kernel: [4852817.867880] no peer (tx) Dec 2 10:06:27 (none) user.err kernel: [4852817.888432] no peer (tx) Dec 2 10:06:27 (none) user.err kernel: [4852817.908608] no peer (tx) Dec 2 10:06:27 (none) user.err kernel: [4852817.908788] no peer (tx) Dec 2 10:06:27 (none) user.err kernel: [4852817.928921] no peer (tx) Dec 2 10:06:27 (none) user.err kernel: [4852817.929033] no peer (tx) Dec 2 10:06:27 (none) user.err kernel: [4852817.949110] no peer (tx) Dec 2 10:06:28 (none) user.info kernel: [4852818.048360] USER ID copy: 0 Dec 2 10:06:28 (none) user.info kernel: [4852818.048362] USER ID copy1: 76 Dec 2 10:06:28 (none) user.info kernel: [4852818.280203] reds18: auto-removing peer RED-IP-ADDRESS:3410 Dec 2 10:06:28 (none) user.info kernel: [4852818.348571] Autoadd peer 0 Dec 2 10:06:28 (none) user.info kernel: [4852818.348573] reds22: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:29 (none) user.info kernel: [4852819.459455] USER ID copy: 0 Dec 2 10:06:29 (none) user.info kernel: [4852819.459457] USER ID copy1: 76 Dec 2 10:06:29 (none) user.warn kernel: [4852819.555546] red_rx_crypto: 570 callbacks suppressed Dec 2 10:06:29 (none) user.err kernel: [4852819.555546] RX: decryption failed Dec 2 10:06:29 (none) user.warn kernel: [4852819.555547] net_ratelimit: 570 callbacks suppressed Dec 2 10:06:29 (none) user.err kernel: [4852819.555548] reds18: red_rx_done: Decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.555673] RX: decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.555674] reds18: red_rx_done: Decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.555857] RX: decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.555857] reds18: red_rx_done: Decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.555957] RX: decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.555958] reds18: red_rx_done: Decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.555964] RX: decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.555964] reds18: red_rx_done: Decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.556038] RX: decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.556038] reds18: red_rx_done: Decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.556133] RX: decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.556133] reds18: red_rx_done: Decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.556289] RX: decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.556290] reds18: red_rx_done: Decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.556297] RX: decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.556297] reds18: red_rx_done: Decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.556399] RX: decryption failed Dec 2 10:06:29 (none) user.err kernel: [4852819.556399] reds18: red_rx_done: Decryption failed Dec 2 10:06:32 (none) user.warn kernel: [4852822.846268] red_tx_skb: 2035 callbacks suppressed Dec 2 10:06:32 (none) user.err kernel: [4852822.846268] no peer (tx) Dec 2 10:06:32 (none) user.err kernel: [4852822.866692] no peer (tx) Dec 2 10:06:32 (none) user.err kernel: [4852822.887326] no peer (tx) Dec 2 10:06:32 (none) user.err kernel: [4852822.907399] no peer (tx) Dec 2 10:06:32 (none) user.err kernel: [4852822.907533] no peer (tx) Dec 2 10:06:32 (none) user.err kernel: [4852822.925177] no peer (tx) Dec 2 10:06:32 (none) user.err kernel: [4852822.927540] no peer (tx) Dec 2 10:06:32 (none) user.err kernel: [4852822.940999] no peer (tx) Dec 2 10:06:32 (none) user.err kernel: [4852822.947816] no peer (tx) Dec 2 10:06:32 (none) user.err kernel: [4852822.947983] no peer (tx) Dec 2 10:06:32 (none) user.info kernel: [4852823.037279] USER ID copy: 0 Dec 2 10:06:33 (none) user.info kernel: [4852823.037280] USER ID copy1: 76 Dec 2 10:06:33 (none) user.info kernel: [4852823.077508] USER ID copy: 0 Dec 2 10:06:33 (none) user.info kernel: [4852823.077508] USER ID copy1: 76 Dec 2 10:06:33 (none) user.info kernel: [4852823.589895] Autoadd peer 0 Dec 2 10:06:33 (none) user.info kernel: [4852823.589897] reds18: Auto-adding peer 0 (from RED-IP-ADDRESS:3410 to XG-IP-ADDRESS:3410) Dec 2 10:06:38 (none) user.debug heartbeat: [SEND-TLV] No response from autherntication server expected. Dec 2 10:06:40 (none) user.info kernel: [4852830.221568] USER ID copy: 0 Dec 2 10:06:45 (none) user.info kernel: [4852830.221570] USER ID copy1: 70 Dec 2 10:06:45 (none) user.info kernel: [4852835.725400] USER ID copy: 0 Dec 2 10:06:45 (none) user.info kernel: [4852835.725401] USER ID copy1: 76 Dec 2 10:06:45 (none) user.info kernel: [4852835.725555] USER ID copy: 0 Dec 2 10:06:46 (none) user.info kernel: [4852835.725556] USER ID copy1: 76 Dec 2 10:06:46 (none) user.info kernel: [4852836.851836] USER ID copy: 0 Dec 2 10:06:46 (none) user.info kernel: [4852836.851836] USER ID copy1: 76 Dec 2 10:06:46 (none) user.info kernel: [4852836.855523] USER ID copy: 0 Dec 2 10:06:52 (none) user.info kernel: [4852836.855524] USER ID copy1: 76 Dec 2 10:06:52 (none) user.info kernel: [4852842.482622] USER ID copy: 0 Dec 2 10:06:52 (none) user.info kernel: [4852842.482623] USER ID copy1: 76 Dec 2 10:06:52 (none) user.info kernel: [4852842.502756] USER ID copy: 0 Dec 2 10:06:52 (none) user.info kernel: [4852842.502757] USER ID copy1: 76 Dec 2 10:06:52 (none) user.info kernel: [4852842.504006] USER ID copy: 0 Dec 2 10:06:52 (none) user.info kernel: [4852842.504007] USER ID copy1: 76 Dec 2 10:06:52 (none) user.info kernel: [4852842.504695] USER ID copy: 0 Dec 2 10:06:52 (none) user.info kernel: [4852842.504695] USER ID copy1: 76 Dec 2 10:06:52 (none) user.info kernel: [4852842.506999] USER ID copy: 0 Dec 2 10:06:52 (none) user.info kernel: [4852842.506999] USER ID copy1: 76 Dec 2 10:06:52 (none) user.info kernel: [4852842.507038] USER ID copy: 0 Dec 2 10:06:52 (none) user.info kernel: [4852842.507039] USER ID copy1: 76 Dec 2 10:06:52 (none) user.info kernel: [4852842.698003] USER ID copy: 0 Dec 2 10:06:56 (none) user.info kernel: [4852842.698003] USER ID copy1: 76 Dec 2 10:06:56 (none) user.info kernel: [4852846.336580] USER ID copy: 0 Dec 2 10:06:56 (none) user.info kernel: [4852846.336581] USER ID copy1: 76 Dec 2 10:06:56 (none) user.info kernel: [4852846.338555] USER ID copy: 0 Dec 2 10:07:00 (none) user.info kernel: [4852846.338555] USER ID copy1: 76 Dec 2 10:07:00 (none) user.info kernel: [4852850.177220] USER ID copy: 0 Dec 2 10:07:00 (none) user.info kernel: [4852850.177220] USER ID copy1: 76 Dec 2 10:07:00 (none) user.info kernel: [4852850.177711] USER ID copy: 0 Dec 2 10:07:00 (none) user.info kernel: [4852850.177711] USER ID copy1: 76 Dec 2 10:07:00 (none) user.info kernel: [4852850.177784] USER ID copy: 0 Dec 2 10:07:00 (none) user.info kernel: [4852850.177785] USER ID copy1: 76 Dec 2 10:07:00 (none) user.info kernel: [4852850.177820] USER ID copy: 0 Dec 2 10:07:01 (none) user.info kernel: [4852850.177820] USER ID copy1: 76 Dec 2 10:07:01 (none) user.info kernel: [4852851.953347] USER ID copy: 0 Dec 2 10:07:04 (none) user.info kernel: [4852851.953348] USER ID copy1: 76 Dec 2 10:07:04 (none) user.warn kernel: [4852854.164639] red_tx_skb: 47 callbacks suppressed Dec 2 10:07:04 (none) user.err kernel: [4852854.164639] no peer (tx) Dec 2 10:07:04 (none) user.info kernel: [4852854.353052] USER ID copy: 0 Dec 2 10:07:04 (none) user.info kernel: [4852854.353053] USER ID copy1: 76 Dec 2 10:07:04 (none) user.info kernel: [4852854.475749] USER ID copy: 0 Dec 2 10:07:04 (none) user.info kernel: [4852854.475749] USER ID copy1: 76 Dec 2 10:07:04 (none) user.info kernel: [4852854.756927] USER ID copy: 0 Dec 2 10:07:04 (none) user.info kernel: [4852854.756927] USER ID copy1: 76 Dec 2 10:07:04 (none) user.info kernel: [4852854.773147] USER ID copy: 0 Dec 2 10:07:04 (none) user.info kernel: [4852854.773148] USER ID copy1: 76 Dec 2 10:07:04 (none) user.info kernel: [4852854.775582] USER ID copy: 0 Dec 2 10:07:05 (none) user.info kernel: [4852854.775583] USER ID copy1: 76
Hello LHerzog,
Thank you for the follow-up!
Yes, that shouldn't be happening, please open a case with Support and provide me the Case ID.
Regards,
Hi LHerzog Are you using legacy RED firmware ? If yes then this is known behavior with RED legacy. You should move to unified firmware (beta firmware as per XG) and that will fix this issue.
How to change the firmware from legacy to unified:
You can navigate to "System Services"->"RED" and then at the bottom of the page there is an option for "RED beta firmware".
Reference snapshot:
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
PS: This "Beta" wording is somehow wrong.
As UTM Customers know, Unified Firmware is on UTM9 active since (i guess) UTM9.600. So It is not beta anymore.
__________________________________________________________________________________________________________________
LHerzog : Thanks for sharing the case details and confirmation on RED firmware part. You should move to unified firmware (beta firmware as per XG) and that will fix this issue.
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
I just read about unified firmware in this post: https://community.sophos.com/xg-firewall/f/discussions/123359/red-unified-firmware---please-explain
I was confused about the usage of the terms "beta" and "unified".
Just checked on my XG and it is already offering this as unified firmware. Did'nt notice it on the first look.
FW:SFOS 18.0.1 MR-1-Build396
I will send Vishal_R's recommendation as update to the case.
LHerzog : Thanks for sharing this latest snapshot from V18, in previous V17.x version it was labeled as in beta one and my snapshot is taken from older V17.x version.
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
