Sophos XG v18 Central Firewall Management and Reporting

Good morning,

I'm on a XG135 with SFOS 18.0.3 MR-3 configured in HA.

I want to enable Sophos Central services under Central synchronization section, i only choose "Use Sophos Central reporting" and then apply. I get a red banner sayings: "Couldn't apply settings to turn on firewall services from Sophos Central".

I have allready active central reporting license in central and for each subestate i have allocate the saparete license. I have used the same procedure for all of our firewall(six total all with same firmware). But i get this error only in this one, any advice? Reboot allready done.

Thankyou

Regards.

Parents
  •  : Are you trying to enabling Sophos Central reporting by accessing device UI from Central Management ( via Firewall management)? If yes can you try with below?

    Can you please login over XG device locally by LAN or WAN IP and enable the same and confirm the status of this issue or error...!?

    If via LAN or WAN access same error, you may check applog.log during this error and other log file related to Sophos Central.

    Log File reference : 

    https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/LogFileDetails.html

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

  • Thanks for you reply, i have always made this from LAN ip, so i checked the logs.

    in the applog.log i can found:

     Jan 18 14:15:28 opcode:sophos_central_enable Starting Backup: 1 JoinMethod: Manual Jan 18 14:15:28 appliance key is C17094M9FV24XD1 Jan 18 14:15:28 opcode:sophos_central_enable - sending request: Backup: true JoinMethod: Manual Jan 18 14:15:29 opcode:HBAddEacEpRel - processing 6 endpoint relations from request Jan 18 14:15:29 opcode:HBAddEacEpRel - perform 6 endpoint upserts Jan 18 14:15:29 opcode:HBAddEacEpRel - processing 6 endpoint relations from request Jan 18 14:15:29 opcode:HBAddEacEpRel - perform 7 endpoint to appid upserts Jan 18 14:15:32 opcode:sophos_central_enable - could not enable central management on firewall

    in centralmanagement.log:

     2021-01-18 14:31:26 INFO central-connect[10854]:72 main:: - Sending enable request to PIC-URI [] 2021-01-18 14:31:28 WARN API.pm[10854]:119 SFOS::Common::Central::API::send_request - HTTP/1.1 400 Bad Request Connection: close Date: Mon, 18 Jan 2021 13:31:28 GMT Server: - Content-Length: 0 Client-Date: Mon, 18 Jan 2021 13:31:28 GMT Client-Peer: 18.159.220.140:443 Client-Response-Num: 1 Client-SSL-Cert-Issuer: /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2 Client-SSL-Cert-Subject: /C=GB/ST=Oxfordshire/L=Abingdon/O=Sophos Ltd./CN=*.api-upe.p.hmr.sophos.com Client-SSL-Cipher: ECDHE-RSA-AES128-SHA256 Client-SSL-Socket-Class: IO::Socket::SSL 2021-01-18 14:31:28 INFO central-connect[10854]:83 main:: -  Firewall Management could not be enabled. 2021-01-18 14:31:28 ERROR Tools.pm[10854]:97 SFOS::Common::Central::Tools::report_status - ENOTENABLED: no sophisticated error message supplied

    in licensing.log

    INFO      Jan 16 18:40:23 [4154184768]: --fwversion = 18.0.3.457 INFO      Jan 16 18:40:23 [4154184768]: --cert = /content/licensing/lic_csr.pem INFO      Jan 16 18:40:23 [4154184768]: --key = /content/licensing/lic_csr.key INFO      Jan 16 18:40:23 [4154184768]: --token = Token-Id:C17094M9FV24XD1 INFO      Jan 16 18:40:23[4154184768]:URL :  INFO      Jan 16 18:40:23 [4154184768]: licensing_do_applianceupdate : request : { "serialNumber": "C17094M9FV24XD1", "applianceAttributes": [ { "name": "firmwareVersion", "value": "18.0.3.457" } ] } INFO      Jan 16 18:40:23 [4154184768]: response : {"errorCode":"ITSERVICELAYER_CLIENT_AUTHENTICATION_ERROR", "message":"IIS error: HTTP 403.0 - Forbidden", "statusCode": 403} ERROR     Jan 16 18:40:23 [4154184768]: Appliance Update Failed : IIS error: HTTP 403.0 - Forbidden ERROR     Jan 16 18:40:23 [4154184768]: licensing_do_activation() : parsing failed... INFO      Jan 17 18:40:27 [4153562176]: --requestType = 8 INFO      Jan 17 18:40:27 [4153562176]: --serial = C17094M9FV24XD1 INFO      Jan 17 18:40:27 [4153562176]: --fwversion = 18.0.3.457 INFO      Jan 17 18:40:27 [4153562176]: --cert = /content/licensing/lic_csr.pem INFO      Jan 17 18:40:27 [4153562176]: --key = /content/licensing/lic_csr.key INFO      Jan 17 18:40:27 [4153562176]: --token = Token-Id:C17094M9FV24XD1 INFO      Jan 17 18:40:27 [4153562176]: URL :  INFO      Jan 17 18:40:27 [4153562176]: licensing_do_applianceupdate : request : { "serialNumber": "C17094M9FV24XD1", "applianceAttributes": [ { "name": "firmwareVersion", "value": "18.0.3.457" } ] } INFO      Jan 17 18:40:27 [4153562176]: response : {"errorCode":"ITSERVICELAYER_CLIENT_AUTHENTICATION_ERROR", "message":"IIS error: HTTP 403.0 - Forbidden", "statusCode": 403} ERROR     Jan 17 18:40:27 [4153562176]: Appliance Update Failed : IIS error: HTTP 403.0 - Forbidden ERROR     Jan 17 18:40:27 [4153562176]: licensing_do_activation() : parsing failed...

    If i check the licenses status on the gui they are ok.

    Best regards.

  • Hello there,

    Can you try de-registering and re-registering the Firewall in Central.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Goodmorning,

    i found this docs: docs.sophos.com/.../ep_NetworkUTMs.html

    Can you confirm that if i deregister a firewall "security hearbeat" will stop function? In my configuration, users use security hearbeat for authentication, so i have to schedule this activity during off-work hour or i will block all of my device.
    There are other possible downtime related problem with deregistration?

    Many thanks.

  • Hello Alberto,

    Thank you for the follow-up!

    Yes, the Security Heartbeat function will stop working on the XG, but not in the Endpoints. If you’re using the XG to authenticate users using Heartbeat I will recommend you to do it after hours.

    You won’t be able to connect to the XG using Sophos Central, and you need to remember the email and password used for Sophos Central Registration.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Goodmorning,

    the registration fail with error: Temporary error while accessing Sophos Central

    I have allready checked time and password as wrote in those link:
    https://community.sophos.com/xg-firewall/f/discussions/121691/unable-to-register-with-sophos-central

    https://community.sophos.com/xg-firewall/f/discussions/114635/sophos-notification-advisory-sophos-xg-firewall---issues-registering-with-sophos-central

    I also try to register with command line use the command show in this link:
    https://community.sophos.com/xg-firewall/f/discussions/119669/central-registration-messed-up/434338

    but i get this error "Basic authorization user name can't contain ':' at /usr/bin/central-register line 155."

    At this point i thing, we need to open a support case, but the support site it's still not available, there's a ETA for when it will be up and running again?

    Many thanks.

  • Hello Alberto,

    Thank you for the follow-up!

    No ETA, but you can give us a call to get the case created and troubleshoot.

    However, if you follow this https://community.sophos.com/xg-firewall/f/discussions/119669/central-registration-messed-up/434338 most likely will help you fix the issue.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Thanks, i have opened a support case.

  • Hello Alberto,

    Thank you for the follow-up.

    Please, provide me with the Case ID, so I can follow-up and update this case once it has been resolve with the steps that resolved the issue, for future references.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply Children