Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 1347 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to access “User Portal” or “Admin portal” from external and internal

HakamDNS

Kindly be informed that our end users are facing an issue where they are unreachable when try to access or firewall (Sophos) but able to ping test all available IP from Firewall(Sophos). Detail issue per below.

  1. They are unable to access “User Portal” or “Admin portal” from external and internal. (Ping test and telnet to port 443 and 7443 success)
  2. After a few minutes, all their external URL unable to access as NAT have been configure inside Firewall(Sophos) (Ping test and telnet to port 443 and 7443 success).
  3. Enter SSH from internal to restart services but still failed to access.
  4. Restart firewall then all services back to normal.
  5. The issues happen between 2.30PM – User portal unreachable, then 3PM – All external and VPN disconnect – 3:30PM – end users restart the FW 13/10/2020

log syslog.

Oct 13 10:00:01 (none) user.err kernel: [6931134.479972] 215:appfiltermap_adt_parser:policy 6 max app order 1 max eac apporder 0
Oct 13 10:00:01 (none) user.err kernel: [6931134.479974] 711:appdev_write:count 854
Oct 13 10:00:01 (none) user.err kernel: [6931134.479976] 758:appdev_release:dev open 3
Oct 13 10:00:01 (none) user.err kernel: [6931134.479976] 771:appdev_release:counter 7 size 128
Oct 13 10:00:01 (none) user.err kernel: [6931134.479977] 774:appdev_release:dev open 0
Oct 13 10:00:01 (none) user.err kernel: [6931134.480522] 729:appdev_open:dev open 0 1f
Oct 13 10:00:01 (none) user.err kernel: [6931134.480523] 750:appdev_open:dev open 3
Oct 13 10:00:01 (none) user.err kernel: [6931134.480537] 703:appdev_write:ptr U 7,ACCEPT,1:DENY:13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-2023-2158-2170-2188-2189-2192-2197-2216-2217-2219-2238-2248-2351-2353-2358-2359-2360-2361-2363-2364-2365-2366-2367-2368-2369-2370-2371-2372-2373-2374-2376-2377-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470-2535-2536-2547-2569-2576-2597-2711-2718-2749-2786-2787-2788-2791-2794-2795-2829-2831-2849-2854-2855-2856-2857-2858-2859-2860-2868-2869-2870-2876-2877-2883-2890-2891-2892-2897-2899-2900-2902-2903-2904-2908-2909-2916-2919-2922-2923-2924-2927-2933-2936-2937-2938-2954-2955-2956-2957-2958-2959-2960-2962-2963-2964-3125-3126-3127-3128-3166-3167-3178-3228-3229-3272-3310-3311-3312-3321-3322-3346-3392-3434-3442-3545,2:DENY:3-5-10-11-12-21-26-27-31-32-34-37-40-51-54-59-64-66-71-76-79-85-86-93-117-120-121-122-127-128-1
Oct 13 10:00:01 (none) user.err kernel: [6931134.480541] 75:appfiltermap_adt_parser: buff U 7,ACCEPT,1:DENY:13-43-44-45-47-49-50-60-62-63-77-80-84-107-119-130-151-153-176-201-203-216-227-229-230-242-244-247-248-252-253-254-255-256-261-270-278-279-284-299-304-305-310-373-387-493-543-557-657-676-692-802-803-808-816-2023-2158-2170-2188-2189-2192-2197-2216-2217-2219-2238-2248-2351-2353-2358-2359-2360-2361-2363-2364-2365-2366-2367-2368-2369-2370-2371-2372-2373-2374-2376-2377-2419-2420-2421-2422-2423-2428-2429-2438-2443-2468-2469-2470-2535-2536-2547-2569-2576-2597-2711-2718-2749-2786-2787-2788-2791-2794-2795-2829-2831-2849-2854-2855-2856-2857-2858-2859-2860-2868-2869-2870-2876-2877-2883-2890-2891-2892-2897-2899-2900-2902-2903-2904-2908-2909-2916-2919-2922-2923-2924-2927-2933-2936-2937-2938-2954-2955-2956-2957-2958-2959-2960-2962-2963-2964-3125-3126-3127-3128-3166-3167-3178-3228-3229-3272-3310-3311-3312-3321-3322-3346-3392-3434-3442-3545,2:DENY:3-5-10-11-12-21-26-27-31-32-34-37-40-51-54-59-64-66-71-76-79-85-86-93-117-120-121-1
Oct 13 10:00:01 (none) user.err kernel: [6931134.480559] 215:appfiltermap_adt_parser:policy 7 max app order 2 max eac apporder 0
Oct 13 10:00:01 (none) user.err kernel: [6931134.480561] 711:appdev_write:count 2012
Oct 13 10:00:01 (none) user.err kernel: [6931134.480563] 758:appdev_release:dev open 3
Oct 13 10:00:01 (none) user.err kernel: [6931134.480564] 771:appdev_release:counter 7 size 128
Oct 13 10:00:01 (none) user.err kernel: [6931134.480564] 774:appdev_release:dev open 0
Oct 13 10:04:31 (none) authpriv.info ipsec_starter[8072]: expanding file pattern '/_conf/ipsec/connections/*.conf' failed: No such file or directory
Oct 13 14:14:46 (none) authpriv.info ipsec_starter[8072]: expanding file pattern '/_conf/ipsec/connections/*.conf' failed: No such file or directory
Oct 13 15:33:18 (none) syslog.info syslogd started: BusyBox v1.21.1
Oct 13 15:33:18 (none) user.notice kernel: klogd started: BusyBox v1.21.1 (2020-06-05 20:04:01 UTC)



This thread was automatically locked due to age.
  • 0

    Hi , Would you please share XG device model and current firmware version?  Thanks for sharing the syslog output.  

    From the time span of 10:04 to 15:33 only 3 lines in syslog.log 

    Oct 13 10:04:31 (none) authpriv.info ipsec_starter[8072]: expanding file pattern '/_conf/ipsec/connections/*.conf' failed: No such file or directory
    Oct 13 14:14:46 (none) authpriv.info ipsec_starter[8072]: expanding file pattern '/_conf/ipsec/connections/*.conf' failed: No such file or directory
    Oct 13 15:33:18 (none) syslog.info syslogd started: BusyBox v1.21.1

    Can you check few other logs around the issue time ? Like applog.log, tomcat.log. dgd.log, apache_access.log and how many entries or logs you are able to see to confirm there is similar kind of observation as above or there are more lines ?

  • 0 in reply to Vishal_R

    Hi Vishal,

    Version Sfos V18.0.1  Sophos XG310

    this tomcat log during issue


    2020-10-13 00:03:09,176:INFO:CSC - UserId: -1, ___username: LOCAL, __currentlyloggedinuserip: , ___component: LOCAL
    2020-10-13 00:03:09,176:INFO:CSC - Event Bean:{ opCode: getappkey, mode: 0, waitForeResponse: true, requestType: 0, opcodetype: 0, entityId: 39, beanName: null, syncalbe: true, comProtocol: u }
    2020-10-13 00:03:09,176:INFO:CSC - JSON Keys:
    2020-10-13 00:03:09,176:INFO:CSC - JSON Keys: JSON Keys: ["mode", "___serverport", "___component", "___serverprotocol", "___username", "currentlyloggedinuserip", "___serverip"]
    final opcode :
    opcode getappkey csc/1.0
    content-type:json
    content-length:189


    2020-10-13 15:34:56.207:INFO::main: Logging initialized @3920ms to org.eclipse.jetty.util.log.StdErrLog
    2020-10-13 15:34:56.754:INFO:oejs.Server:main: jetty-9.4.15.v20190215; built: 2019-02-15T16:53:49.381Z; git: eb70b240169fcf1abbd86af36482d1c49826fa0b; jvm 1.8.0_242-internal-GA-b242
    2020-10-13 15:34:56.783:INFO:oejdp.ScanningAppProvider:main: Deployment monitor [file:///usr/share/jetty/webapps/] at interval 1
    2020-10-13 15:34:59.319:INFO:oeja.AnnotationConfiguration:main: Scanning elapsed time=1476ms

    How i can share log file with here ?

    Thanks

  • 0 in reply to Vishal_R

    Hi Vishal,

    I hope you can help me to check this ticket number regarding this issue..

    03235630

  • 0 in reply to HakamDNS

    Hi Thanks for sharing the case ID details. Let me check the case details.

  • 0 in reply to Vishal_R

    Hi,

    I have the same problem, Could you tell me, where is the problem?

    thank you in advance