Hi Ashruf, SSH into the XG -- go to option 5 then 3. Run the command tail -f /log/licensing.log Reproduce the synchronization and it will tell you where it is failing. I would recommend opening a support case for this as well.
↧
Forum Post: RE: Why does sophos XG not recognise that I have a connection
↧
Forum Post: RE: Sophos Connect using depreciated DH group?
I tested the latest client with a connection to a MR3 device and it still uses MODP_1024
↧
↧
Forum Post: RE: port forwarding 15000 to internal 15000
This is either one of the ISP's blocking the higher range port or a configuration issue with the DNAT (specifically the service object source port). Do you see the NAT rule being hit when you test with 15000? Turn on logging on the rule and check that.
↧
Forum Post: RE: Issue setting up HA
Ahhh, the hardest thing to do when solving problems is asking the right question. I would have asked you questions about what's where had I known this was virtual instead of hardware. Cheers - Bob
↧
Forum Post: RE: Feature Request - Show Available Connections When Starting Sophos Connect
Hello, have you tried the Auto-Connect feature on Sophos Connect. It will even avoid that addition step you have mentioned. Your firewall admin can configure a connection using Sophos Connect Admin and enable Auto-Connect for the connection. Now import his connection in Sophos Connect. What this does is the following. Based on the Auto-Connect configuration, Sophos Connect Client will automatically detect if it is on the company network or outside the company network. If your credentials are saved then as a user you have nothing to do to get VPN up and running. Only the first time you will be prompted for credentials and if you save them, from then on it is no additional key strokes required. Please let us know your feedback. Ramesh
↧
↧
Forum Post: RE: port forwarding 15000 to internal 15000
Yes, it is a common mistake when configuring custom service objects to put the source port the same as the destination port, whereas it should be set to "1:65535". In most cases, excluding some protocols like SIP or IKE which use the same source & destination ports. Tim
↧
Forum Post: RE: STAS DCOM errors 10028 spamming my PDC
Hey guys, Check my responses in this thread which was for the same issue https://community.sophos.com/products/xg-firewall/f/authentication/110642/dcom-errors-in-the-thousands/396485#396485 for ways to reduce the number of these errors.
↧
Forum Post: RE: UTM 9.355-1 - WAF Access Control in Site Path Routing doesn't honor DNS host objects
I saw this issue in another thread yesterday after my post above. My response in the later post was that it's a bug because the documentation says that it should work. Hopefully, the Sophos guy I PMd about this will have gotten a bug ID started. Anyone with paid support that's seeing this should open a case with Support. Cheers - Bob
↧
Forum Post: RE: Unable to Add DNS Host to Allowed Networks for Filtering
Clearly, it's not working correctly in WAF, and the log above demonstrates that. Cheers - Bob
↧
↧
Forum Post: RE: Slow web browsing
Hi Lester, This behavior makes no sense, so I will not be able to give you many suggestions outside of checking the basics (dos is disabled etc..). Can you open a case and reproduce this with support?
↧
Forum Post: RE: Sophos XG HA Active-Active mode vMware Primary IP not working
Hi Super, This is required because the primary will own/use the virtual mac for the cluster ports and the secondary uses the normal mac address. Without MAC spoofing (VMware has its equivalent to this), the hypervisor will drop all traffic to the host, if you failover you will see the same behavior for the new primary (now the new secondary will be reachable).
↧
Forum Post: RE: Update reset my root password
Hallo Reto and welcome to the UTM Community! You can only login directly as root with PuTTy if you've configured that on the 'Shell Access' tab. Otherwise, you must first login as loginuser and the su - to enter the root password. Cheers - Bob
↧
Forum Post: RE: ipv6 for hosts behind UTM
Me again ;) what I see in logs is that neighbor sollicitation for external ipv6 get never answered (capture on internal interface) 19:01:35.455562 IP6 2a01:xxxx:yyyy::10:254 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has guava, length 32 19:01:35.578057 IP6 2a01:xxxx:yyyy::10:254 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:xxxx:yyyy::1, length 32 19:01:36.474502 IP6 2a01:xxxx:yyyy::10:254 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has guava, length 32 19:01:36.602368 IP6 2a01:xxxx:yyyy::10:254 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:xxxx:yyyy::1, length 32 19:01:37.498390 IP6 2a01:xxxx:yyyy::10:254 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has guava, length 32 19:01:37.626370 IP6 2a01:xxxx:yyyy::10:254 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:xxxx:yyyy::1, length 32 19:01:38.522412 IP6 2a01:xxxx:yyyy::10:254 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has guava, length 32 19:01:39.034301 IP6 2a01:xxxx:yyyy::10:254 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:xxxx:yyyy::1, length 32 19:01:39.546318 IP6 2a01:xxxx:yyyy::10:254 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has guava, length 32 19:01:40.058373 IP6 2a01:xxxx:yyyy::10:254 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2a01:xxxx:yyyy::1, length 32 19:01:40.457457 IP6 fe80::xyz:ff:zyx:1234 > 2a01:xxxx:yyyy::10:254: ICMP6, neighbor solicitation, who has 2a01:xxxx:yyyy::10:254, length 32 19:01:40.457574 IP6 2a01:xxxx:yyyy::10:254 > fe80::xyz:ff:zyx:1234: ICMP6, neighbor advertisement, tgt is 2a01:xxxx:yyyy::10:254, length 24 but is for internal ipv6 (2 last lines). Is there a rule to add on firewall to allow those neighbor solicitations/advertisement ? Daniel
↧
↧
Forum Post: RE: Multi VLAN Issue
Hi Stephen, In Network -> Network Interface, there is advanced setting/bridge configuration button where you can add a host/network so that the appliance skips proxying any traffic for this (both as a source or destination). This may take 5/10 minutes to apply but should work.
↧
Forum Post: RE: Account Deletion
Hello Ayami, this shows you how to delete your sophos account support.home.sophos.com/.../115005445086-Deleting-Sophos-Home-account
↧
Forum Post: RE: Why does sophos XG not recognise that I have a connection
Thanks, The log revealed the following INFO Jan 02 09:46:11 [0]: --requestType = 1 INFO Jan 02 09:46:11 [0]: --serial = C01001Y7K2P42CC INFO Jan 02 09:46:11 [0]: --deviceid = 566c840b-f906-4655-8f32-1afc770ed7df INFO Jan 02 09:46:11 [0]: --model = SF01V INFO Jan 02 09:46:11 [0]: --vendor = SO01 INFO Jan 02 09:46:11 [0]: --upgradedFrom = 0 INFO Jan 02 09:46:11 [0]: --fwversion = 17.5.1.347 INFO Jan 02 09:46:11 [0]: --cert = /_conf/certificate/licensing/mfgr_vendor_SO.pem INFO Jan 02 09:46:11 [0]: --token = Token-Id:SO-D5C052A8 INFO Jan 02 09:46:11 [0]: --key = /_conf/certificate/licensing/mfgr_vendor_SO.key INFO Jan 02 09:46:11 [0]: URL : eu-prod-utm.soa.sophos.com/.../applianceactivation INFO Jan 02 09:46:11 [0]: request : { "serialNumber": "C01001Y7K2P42CC", "deviceId": "566c840b-f906-4655-8f32-1afc770ed7df", "model": "SF01V", "deviceFirmwareVersion": "17.5.1.347", "vendorCode": "SO01" } ERROR Jan 02 09:46:12 [0]: curl_easy_perform(60) failed: Peer certificate cannot be authenticated with given CA certificates ERROR Jan 02 09:46:12 [0]: licensing_do_activation() : Problem in contacting Server { "statusmessage": "Operation failed due to an unknown error. Please contact Support.", "status": "510" } I applied the workaround at https://community.sophos.com/kb/en-us/132458 but the error stays the same.
↧
Forum Post: XG 17.5, gotomeeting, and chrome...having lots of issues.
I have an issue where having the SSL inspection option turned on for malware filtering is causing app.gotomeeting.com URLs to fail to load. I turn off SSL inspection, the meeting loads. I HAVE added exceptions for gotmeeting.com, citrix.com, etc, but it does not make a difference. I look at the logs and there is no blocked traffic from that computer. I have tried multiple different options in the malware settings, Avira vs Sophos, allowing traffic to pass on malware scan failure, Real-time vs batch, etc...nothing makes a difference. Now, what I have noticed is that when launching a link through chrome, it is redirected to app.gotomeeting.com which is a web application. When opening the link in edge, it defaults to global.gotomeeting.com which does work fine. It's like the chrome web app is seeing that we are performing inspection and flips out even though the sophos is supposed to NOT inspect traffic for exceptions. Has anyone else seen this or can replicate it? Is there anyway to make an exception that actually works?
↧
↧
Forum Post: RE: Why does sophos XG not recognise that I have a connection
Perhaps try rebooting and if the issue persists, try the KB steps once more. If that does not resolve things and the logs are the same, I would suggest opening a support ticket to investigate what is going on at a deeper level.
↧
Forum Post: RE: XG 17.5, gotomeeting, and chrome...having lots of issues.
Hi Paul, Can you show us a screenshot of the exceptions you have created? Remote access applications like gotomeeting/logmein/bomgar/citrix/teamviewer etc.. do not work if the certificate chain is broken. These do require the exception but SHOULD work unless there is something in app filtering/IPS blocking the traffic as well.
↧
Forum Post: RE: ipv6 for hosts behind UTM
This sounds to me like a routing issue. Can you filter your TCPDump per interface and check to see if it is going out the correct one? Neighbor solicitation is done within the same broadcast domain so if you have two interfaces with the overlapping networks that could be the issue. I would suggest opening a support case for this issue if everything seems correct after doing the above.
↧