Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 28 subscribers
  • Views 8755 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall Home registration assistance... trying to upgrade to newer hardware

Rick Dunn

SF01V (SFOS 17.0.6 MR-6) << booted and loaded unable to register

Tried newest firmware ISO ...

SW-17.5.12_MR-12-664 downloaded iso but boots with no bootable device on this new hardware.

New Hardware: Intel i7 8550U 8GB DDR4 RAM dual Intel NICs Sata 160GB hard disk... VT-x is set in BIOS
BIOS is American Megatrend

I am trying to upgrade my hardware and continue running XG Firewall Home
that I have running on very old Pentium4 ver: SFVH (SFOS 17.5.11 MR-11.HF051220.1)


I have tried registering the new hardware running SFVH (SFOS 17.5.11 MR-11.HF051220.1)
with a new serial number and it fails:

Failed to connect to the registration service
To register, you require an Internet connection, and must be able to connect to the following address:
https://www.sophos.com/

Registration has failed. Error Code:

Operation failed due to an unknown error. Please contact Support.

This could be a problem with the local connection or between your firewall and the server. Your options are:

Shows connected to the Internet as well...

I had the new FW behind my current with a rule to not scan no IPS no Web Filter no App controls.

License log


INFO May 13 08:44:31 [0]: --requestType = 1
INFO May 13 08:44:31 [0]: --serial = C01001RTVM*****
INFO May 13 08:44:31 [0]: --deviceid = 3527a95f-13ef-4f39-984f-f6e30eed****
INFO May 13 08:44:31 [0]: --model = SF01V
INFO May 13 08:44:31 [0]: --vendor = SO01
INFO May 13 08:44:31 [0]: --upgradedFrom = 0
INFO May 13 08:44:31 [0]: --fwversion = 17.0.6.181
INFO May 13 08:44:31 [0]: --cert = /_conf/certificate/licensing/mfgr_vendor_SO.pem
INFO May 13 08:44:31 [0]: --token = Token-Id:SO-D5C052A8
INFO May 13 08:44:31 [0]: --key = /_conf/certificate/licensing/mfgr_vendor_SO.key
INFO May 13 08:44:31 [0]: URL : eu-prod-utm.soa.sophos.com/.../applianceactivation
INFO May 13 08:44:31 [0]: request : { "serialNumber": "C01001RTVM*****", "deviceId": "3527a95f-13ef-4f39-984f-f6e30eed****", "model": "SF01V", "deviceFirmwareVersion": "17.0.6.181", "vendorCode": "SO01" }
INFO May 13 08:44:43 [0]: response : {"errorCode":"ITSERVICELAYER_CLIENT_AUTHENTICATION_ERROR", "message":"IIS error: HTTP 403.0 - Forbidden", "statusCode": 403}
ERROR May 13 08:44:43 [0]: Activation Failed : IIS error: HTTP 403.0 - Forbidden
ERROR May 13 08:44:43 [0]: licensing_do_activation() : parsing failed...



This thread was automatically locked due to age.
  • 0 in reply to Rick Dunn

    Hi Rick,

    you go to Certificates -> certificate authorities -> SecurityApplicance_SSL_CA -> the cogged wheel will regenerate.

    Ian

  • 0 in reply to rfcat_vk

    OK we are getting closer to resolving this however .. I did run the Cert Update thru the cogged wheel ... It is showing updated in the GUI, pic attached... I rebooted the FW .. retried and failed. Is there another procedure to get the cert being used for registration to use the updated cert??

    In the advanced console I checked the logs and cert and the cert being used for the registration did not get the update..

    INFO May 14 06:32:05 [0]: --token = Token-Id:SO-D5C0****
    INFO May 14 06:32:05 [0]: --key = /_conf/certificate/licensing/mfgr_vendor_SO.key
    INFO May 14 06:32:05 [0]: URL : eu-prod-utm.soa.sophos.com/.../applianceactivation
    INFO May 14 06:32:05 [0]: request : { "serialNumber": "C01001MX9QP3GA1", "deviceId": "658f3498-47d7-4f8a-9c40-f7888c4*****", "model": "SF01V", "deviceFirmwareVersion": "17.0.6.181", "vendorCode": "SO01" }
    INFO May 14 06:32:06 [0]: response : {"errorCode":"ITSERVICELAYER_CLIENT_AUTHENTICATION_ERROR", "message":"IIS error: HTTP 403.0 - Forbidden", "statusCode": 403}
    ERROR May 14 06:32:06 [0]: Activation Failed : IIS error: HTTP 403.0 - Forbidden
    ERROR May 14 06:32:06 [0]: licensing_do_activation() : parsing failed...

    ~
    SF01V_SO01_SFOS 17.0.6 MR-6# more /_conf/certificate/licensing/mfgr_vendor_SO.pem
    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 6 (0x6)
    Signature Algorithm: ecdsa-with-SHA256
    Issuer: C=GB, ST=Oxfordshire, L=Abingdon, O=Sophos Ltd., OU=NSG, CN=Sophos Firewall Content/Licensing CA/emailAddress=updates@sophos.com
    Validity
    Not Before: Apr 27 05:09:54 2015 GMT
    Not After : Apr 26 05:09:54 2020 GMT
    Subject: C=GB, ST=Oxfordshire, O=Sophos Ltd., OU=NSG, CN=SF_Manufacturer_6/emailAddress=sf_manufacturer_6@sophos.com
    Subject Public Key Info:
    Public Key Algorithm: id-ecPublicKey

  • 0 in reply to rfcat_vk

    rfcat_vk said:

    Hi Rick

    Please read through this forum thread it might provide some information.

    https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/120338/problems-with-appliance-cert-change-to-a-new-one

     

    Ian

     

     

    Thanks for the link.. I am trying to get the Appliance Cert updated to use a valid SSL cert for registration... this link alludes to using a custom SSL appliance Cert. 

    I updated the SecurityAppliance_SSL_CA via web GUI however the Cert being used to register wasn't updated during that procedure.

    I also updated the appliance cert...

    I did follow the link SYSTEM -> Administration -> Port Settings for Admin Console .. Certificate drop-down ( Only has ApplianceCertificate ) and chose apply... Going to reboot again to see if that updates the 

    /_conf/certificate/licensing/ folder to reflect the certs for the device... until this is updated I don't believe I can get this box registered... Or am I wrong???