Guest User!

You are not Sophos Staff.

Firewall remains pending

Since a few days one of our firewalls is refusing to sync properly

I have already tried to remove the firewall from the group and adding it back, but syncing will keep as PENDING at 0%. I have also tried to switch primary and auxiliary but so far all to no avail.

Firewall is currently at firmware SFOS 19.0.1 MR-1-Build365 and has until recently always synced.

What can I do to get it to sync again?



Mistakenly added the picture twice.
[edited by: apijnappels at 2:07 PM (GMT -8) on 3 Feb 2023]
Parents
  • Hello there,

    Thank you for contacting the Sophos Community.

    If you push a change from Central, for example, create a Test user on central, does the change get applied to the Firewall?

    If you click the blue PENDING bottom, what does the log show?

    Regards,

  • When I try to create a test user, this also keeps "PENDING" and nothing happens, user is never created.

    When clicking on the PENDING for this last task, it shows the following:

    {
      "opcodeID": 7,
      "entityID": 301,
      "entityName": "create_access_time_policy",
      "opcodeType": 1,
      "orderID": 0,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Allowed all the time-301",
      "updateFlag": "f",
      "mainEntity": "f"
    }
    {
      "opcodeID": 2,
      "entityID": 301,
      "entityName": "edit_access_time_policy",
      "opcodeType": 1,
      "orderID": 1,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Allowed all the time-301",
      "updateFlag": "t",
      "mainEntity": "f"
    }
    {
      "opcodeID": 5,
      "entityID": 302,
      "entityName": "create_surfing_quota_policy",
      "opcodeType": 1,
      "orderID": 2,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Unlimited Internet Access-302",
      "updateFlag": "f",
      "mainEntity": "f"
    }
    {
      "opcodeID": 6,
      "entityID": 302,
      "entityName": "edit_surfing_quota_policy",
      "opcodeType": 1,
      "orderID": 3,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Unlimited Internet Access-302",
      "updateFlag": "t",
      "mainEntity": "f"
    }
    {
      "opcodeID": 3,
      "entityID": 304,
      "entityName": "create_group",
      "opcodeType": 1,
      "orderID": 8,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Guest Group-304",
      "updateFlag": "f",
      "mainEntity": "f"
    }
    {
      "opcodeID": 8,
      "entityID": 304,
      "entityName": "update_group",
      "opcodeType": 1,
      "orderID": 9,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Guest Group-304",
      "updateFlag": "t",
      "mainEntity": "f"
    }
    {
      "opcodeID": 1,
      "entityID": 305,
      "entityName": "add_user",
      "opcodeType": 1,
      "orderID": 12,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "sophoscentraltest-305",
      "updateFlag": "f",
      "mainEntity": "t"
    }
    {
      "opcodeID": 4,
      "entityID": 305,
      "entityName": "update_user",
      "opcodeType": 1,
      "orderID": 13,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "sophoscentraltest-305",
      "updateFlag": "t",
      "mainEntity": "t"
    }

    On the previous task it just shows an extermely long list with items that should be synced since I have removed and then added back the firewall to the group.

    In the meantime I have also upgraded the firewall to firmware 19.5 and after that again removed it from the group and added it back, but it stays the same.

Reply
  • When I try to create a test user, this also keeps "PENDING" and nothing happens, user is never created.

    When clicking on the PENDING for this last task, it shows the following:

    {
      "opcodeID": 7,
      "entityID": 301,
      "entityName": "create_access_time_policy",
      "opcodeType": 1,
      "orderID": 0,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Allowed all the time-301",
      "updateFlag": "f",
      "mainEntity": "f"
    }
    {
      "opcodeID": 2,
      "entityID": 301,
      "entityName": "edit_access_time_policy",
      "opcodeType": 1,
      "orderID": 1,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Allowed all the time-301",
      "updateFlag": "t",
      "mainEntity": "f"
    }
    {
      "opcodeID": 5,
      "entityID": 302,
      "entityName": "create_surfing_quota_policy",
      "opcodeType": 1,
      "orderID": 2,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Unlimited Internet Access-302",
      "updateFlag": "f",
      "mainEntity": "f"
    }
    {
      "opcodeID": 6,
      "entityID": 302,
      "entityName": "edit_surfing_quota_policy",
      "opcodeType": 1,
      "orderID": 3,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Unlimited Internet Access-302",
      "updateFlag": "t",
      "mainEntity": "f"
    }
    {
      "opcodeID": 3,
      "entityID": 304,
      "entityName": "create_group",
      "opcodeType": 1,
      "orderID": 8,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Guest Group-304",
      "updateFlag": "f",
      "mainEntity": "f"
    }
    {
      "opcodeID": 8,
      "entityID": 304,
      "entityName": "update_group",
      "opcodeType": 1,
      "orderID": 9,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "Guest Group-304",
      "updateFlag": "t",
      "mainEntity": "f"
    }
    {
      "opcodeID": 1,
      "entityID": 305,
      "entityName": "add_user",
      "opcodeType": 1,
      "orderID": 12,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "sophoscentraltest-305",
      "updateFlag": "f",
      "mainEntity": "t"
    }
    {
      "opcodeID": 4,
      "entityID": 305,
      "entityName": "update_user",
      "opcodeType": 1,
      "orderID": 13,
      "opcodeString": "",
      "responseStatus": null,
      "uniqueName": "sophoscentraltest-305",
      "updateFlag": "t",
      "mainEntity": "t"
    }

    On the previous task it just shows an extermely long list with items that should be synced since I have removed and then added back the firewall to the group.

    In the meantime I have also upgraded the firewall to firmware 19.5 and after that again removed it from the group and added it back, but it stays the same.

Children
  • Hello there,

    Thank you for the update.

    Is your Firewall able to resolve the following?

    nslookup dzr-utm-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com

    If not make sure you are using a Public DNS in the Firewall. 

    If it is able to resolve the above, what is the output of:

    # cat /var/fwcm_data/pending_trx.dat

    # ll /sdisk/fwcm_data/pending_trx.dat

    If there is no pending transaction in the Firewall, the above commands will show an error.

    /log/fwcm-updaterd.log

  • Hi  ,

    URL is resolvable by both forwarders from firewall

    Both commands for pending_trx.dat tell me the file does not exist.

    The fwcm_updaterd.log files contains recurring entries (about every minute) that all look similar to this:

    Feb 07 13:39:32.252Z dbg There is data in UPD TLV FD. Starting Recv
    Feb 07 13:39:32.252Z dbg Received TLV length:148
    Feb 07 13:39:32.252Z dbg id:159,type:2,resp:1,len:140,body:{"forceSync":0,"skipTransaction":"0","trxnId":"0","grp_id":"9aefbe97-776e-405f-89c4-8e51b59b686e","transaction_type":"1","trxnStatus":"200"}
    Feb 07 13:39:32.252Z dbg process_tlv Entry (0xffe91138)
    Feb 07 13:39:32.252Z dbg Received FWCMTLV_UPDATERD_START_PULL, body:{"forceSync":0,"skipTransaction":"0","trxnId":"0","grp_id":"9aefbe97-776e-405f-89c4-8e51b59b686e","transaction_type":"1","trxnStatus":"200"}
    Feb 07 13:39:32.252Z dbg Preparing to send GET to: 
    URL: https://utm-cloudstation-eu-central-1.prod.hydra.sophos.com/sophos/api/v1/firewalls/transactions/520a87e4-94a0-4b1f-a79e-2d43688207bd
    Feb 07 13:39:33.380Z dbg  Response code: '404'
    Feb 07 13:39:33.380Z dbg  Response content len: '0'
    Feb 07 13:39:33.380Z dbg  Response content: ''
    Feb 07 13:39:33.380Z err Error in GET transactions: code: 404, msg: null. No processing required
    Feb 07 13:39:33.380Z dbg update_transaction_id Entry (0, sts:200, type:1)
    Feb 07 13:39:33.380Z dbg Sending TrxId Update to HB: {"grp_id":"9aefbe97-776e-405f-89c4-8e51b59b686e","trx_id":"0", "trx_status":"200", "transaction_type":"1"}
    Feb 07 13:39:33.576Z dbg Completed: fwcm-heartbeatd:update_trx: status:200, err:SUCCESS, output:OK
    Feb 07 13:39:33.576Z dbg update_transaction_id Exit
    Feb 07 13:39:33.576Z dbg process_tlv Exit(0)
    Feb 07 13:39:33.576Z dbg process_tlv returned:0
    Feb 07 13:39:33.576Z dbg Starting Wait for message TLVs

  • Hello there,

    Thank you for the update.

    Please open a case with Support and share the Case ID once you have it, this most likely will have to go to GES/DEV.

    Regards,

  • Hello,

    Thank you for the Case ID.

    I have added a note.

    Regards,

  • Problem was resolved by deregistering and reregistering the firewall to Sophos Central.