Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 5467 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Failed to connect to the registration service - XG 135 - Solved!

Jake Smith1

Hi All,

I wanted to post an issue I encountered while performing the initial setup of an XG 135 and provide the solution that fixed the issue for me.

 

Note: I am deploying 15 XG firewalls to my environment and this particular issue occurred on the 14th firewall deployed. In other words, I was using a know good environment for performing the setup of the firewall.

While performing the initial setup wizard for the brand new XG 135, I was unable to register the firewall and received the message (Failed to connect to the registration service).

Note:

The laptop connected on LAN port 1 was unable to access the internet. Nor was I able to update the firmware via the web interface.

 

Steps performed:

1. Performed Factory Reset via the console... Did not help. 

2. Using the Sophos Diagnostics tools I pinged Google DNS ... Tested Good

& performed a DNS Query to www.sophos.com ... Tested Good

This told me that the WAN port was working and the issue was somewhere within the XG 135.... 

3. Updated the firmware via a local file upload... Did not help.

4. Verified the Firewall Rules and noticed that the default firewall rule named "#Default_Network_Policy" was not created.

I manually created the "#Default_Network_Policy" rule manually by copying the settings from another known good XG 135.

In the case you do not have another XG firewall to compare with:

 

Source = "LAN", "Any" & "All the Time"

Destination and Services = "WAN", "Any" & "Any"

Identity = unchecked "Match known users"

Web malware and content scanning = All boxes unchecked

Advanced = NAT & routing Check Rewrite source address and select "MASQ" for the outbound address

 

This fixed the issue on why the laptop plugged into LAN port 1 could not access the internet. I now have internet on the local LAN.

However, I was still unable to register the XG firewall, update the firmware or perform pattern updates via the webui.

To keep this post short(ish)... While poking around the console, I noticed that the system date and time was off by a 100 years or so, yet the time zone was accurate to what I set it to during the initial setup... (I never looked at the date and time when I performed the initial setup, just the time zone.)

 

After updating the date and time to reflect the appropriate and rebooting the XG Firewall, I was able to register, assign the correct licence and perform Pattern Updates.

Problem solved!!!!

I would bet that the security certificate assigned to the registration and update portals was invalidated by the XG firewall's date, thus causing all my issues.

 

Hope this saves someone time and heartache!! :)

 



This thread was automatically locked due to age.