Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 2139 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trouble with connecting RED Devices to our new Sophos XG Firewall - Solved

André Kufner

Hey,

 

I am just configuring our new Sophos XG Firewall and migrating RED Devices from our good old UTM to new XG. After a lot of investigating, I solved my problem. I want to share my solution with you.

After deleting the configuration in UTM I did the configuration in XG. But nothing happened. I still was able to see connection tries in UTM RED Log and due to missing log possibilities, I did not see the problem immediately.

After regarding the /vol/red.log in XGs console I saw that the configuration upload to sophos provisioning server is done and my RED device tries to connect. But there was always an error:

Thu Sep 3 10:49:59 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xx.xxx.xx.xx': SSL accept attempt failed because of handshake problems
Thu Sep 3 10:51:20 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xx.xxx.xx.xx': SSL accept attempt failed because of handshake problems
Thu Sep 3 10:52:40 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xx.xxx.xx.xx': SSL accept attempt failed because of handshake problems
Thu Sep 3 10:54:02 2020 REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xx.xxx.xx.xx': SSL accept attempt failed because of handshake problems

(Where xx.xxx.xx.xx is the public IP of my remote office)

I also tried to enable/disable the "Force TLS 1.2" setting at Configure/System services/RED. No improvement. BUT: after changing the setting I recognized the following enty in red.log:

Thu Sep 3 10:57:17 2020 REDD INFO: server: (Re-)loading device configurations
get_object: errstring({"filter":[["hostname","=","Gesperrte Ger▒te WLAN"]],"attribList":["macaddress"],"Entity":"machost"}): OK

I have configured a group of blocked mac-addresses with the german name "Gesperrte Geräte WLAN". I added that group to the MAC Filtering in the RED Device configuration.

 

Solution of my problem:
- change the name of MAC host "Gesperrte Geräte WLAN" to "Gesperrte Geraete WLAN"
- restart red service from console: XG430_WP02_SFOS 18.0.1 MR-1-Build396# service red:restart -ds nosync

==> The RED Device immediately connected, installed new firmware and connected the tunnel :-)

 



This thread was automatically locked due to age.