Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 32 replies
  • Answers 3 answers
  • Subscribers 30 subscribers
  • Views 5247 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update - internal server error

Tomas Beran

Hi all,

just curious if anyone noticed the behavior below. Many times I can see error below in /log/u2d.log:

DEBUG Oct 30 10:01:07 [7784]: Response body :
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"">www.w3.org/.../xhtml1-transitional.dtd">
<html xmlns="">http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>500 - Internal Server Error</title>
</head>
<body>
<h1>500 - Internal Server Error</h1>
</body>
</html>

Observation:

- on v17.5.13 it was about 50% of requests

- on v18.0.3 it is about 25% of all requests

Majority of incidents looks like:
DEBUG Oct 29 17:01:16 [6703]: --pkg_sysupdate_version = 2
DEBUG Oct 29 17:01:16 [6703]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
DEBUG Oct 29 17:01:16 [6703]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
DEBUG Oct 29 17:01:16 [6703]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
DEBUG Oct 29 17:01:16 [6703]: Final query string is :
?&serialkey=XXXXX&deviceid=XXXXXX&fwversion=18.0.3.457&productcode=CN&appmodel=SF01V&appvendor=SO01&useragent=SF&oem=&pkg_sysupdate_version=2
DEBUG Oct 29 17:01:16 [6703]: Response code : 500

Do you see something similar or it just my problem with my installation?



This thread was automatically locked due to age.
  • 0 in reply to Tomas Beran

     can you please provide your firmware?

    Support seems again digging in the dark and wrote me: "I have gone through some community links, I request you to upgrade your firewall on 18.0 MR-3."

    We're on MR1 but in MR3 and MR4 there's nothing listed about this issue and not about the NC ID wrote above. Also I wonder how the firmware should change response codes sent by the webserver from sophos. But I'm happy to learn.

     

  • FormerMember
    0 FormerMember in reply to LHerzog

    Hi and ,

    I have investigated this internally and the errors do not indicate any issues on the XG.  these errors were related to the update server. 

    However,  if you have any issue updating the firmware or patterns open a support case for further investigation. 

    Thanks,

  • 0 in reply to FormerMember

    Thank you! And is this a cosmetical issue? I ask because as written earlier, this is happening only in relation to the "big" firmware upgrade <File name="HW-18.0.3_MR-3.SF300-457.sig"> from this URL d3tusa5dvomhzy.cloudfront.net/.../HW-18.0.3_MR-3.SF300-457.sig


    DEBUG     Dec 16 13:53:44 [5593]: --serial = C4207xxxxxx
DEBUG     Dec 16 13:53:44 [5593]: --deviceid = 6d848b4deb5xxxxxxxxxxxxxxx
DEBUG     Dec 16 13:53:44 [5593]: --fwversion = 18.0.1.396
DEBUG     Dec 16 13:53:44 [5593]: --productcode = CN
DEBUG     Dec 16 13:53:44 [5593]: --model = XG430
DEBUG     Dec 16 13:53:44 [5593]: --vendor = WP02
DEBUG     Dec 16 13:53:44 [5593]: --pkg_ips_version = 18.17.71
DEBUG     Dec 16 13:53:44 [5593]: --pkg_ips_cv = 15.0
DEBUG     Dec 16 13:53:44 [5593]: --pkg_atp_version = 1.0.0333
DEBUG     Dec 16 13:53:44 [5593]: --pkg_atp_cv = 1.00
DEBUG     Dec 16 13:53:44 [5593]: --pkg_savi_version = 1.0.16369
DEBUG     Dec 16 13:53:44 [5593]: --pkg_savi_cv = 1.00
DEBUG     Dec 16 13:53:44 [5593]: --pkg_avira_version = 1.0.412546
DEBUG     Dec 16 13:53:44 [5593]: --pkg_avira_cv = 4.00
DEBUG     Dec 16 13:53:44 [5593]: --pkg_apfw_version = 11.0.012
DEBUG     Dec 16 13:53:44 [5593]: --pkg_apfw_cv = 1.00
DEBUG     Dec 16 13:53:44 [5593]: --pkg_sslvpn_version = 1.0.007
DEBUG     Dec 16 13:53:44 [5593]: --pkg_sslvpn_cv = 1.00
DEBUG     Dec 16 13:53:44 [5593]: --pkg_ipsec_version = 2.0.001
DEBUG     Dec 16 13:53:44 [5593]: --pkg_ipsec_cv = 1.00
DEBUG     Dec 16 13:53:44 [5593]: --pkg_geoip_version = 2.0.003
DEBUG     Dec 16 13:53:44 [5593]: --pkg_geoip_cv = 1.00
DEBUG     Dec 16 13:53:44 [5593]: --pkg_clientauth_version = 1.0.0019
DEBUG     Dec 16 13:53:44 [5593]: --pkg_clientauth_cv = 2.00
DEBUG     Dec 16 13:53:44 [5593]: --pkg_redfw_version = 3.0.002
DEBUG     Dec 16 13:53:44 [5593]: --pkg_redfw_cv = 2.00
DEBUG     Dec 16 13:53:44 [5593]: --oem = Sophos
DEBUG     Dec 16 13:53:44 [5593]: --server = u2d.sophos.com
DEBUG     Dec 16 13:53:44 [5593]: --port = 443
DEBUG     Dec 16 13:53:44 [5593]: Added new server : Host - u2d.sophos.com, Port - 443
DEBUG     Dec 16 13:53:44 [5593]: Final query string is :
?&serialkey=C4207xxxxxx&deviceid=6d848b4deb5xxxxxxxxxxxxxxx&fwversion=18.0.1.396&productcode=CN&appmodel=XG430&appvendor=WP02&useragent=SF&oem=Sophos&pkg_ips_version=18.17.71&pkg_ips_cv=15.0&pkg_atp_version=1.0.0333&pkg_atp_cv=1.00&pkg_savi_version=1.0.16369&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.412546&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.003&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0019&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.012&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.002&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.007&pkg_sslvpn_cv=1.00&pkg_ipsec_version=2.0.001&pkg_ipsec_cv=1.00
DEBUG     Dec 16 13:53:45 [5593]: Response code : 200
DEBUG     Dec 16 13:53:45 [5593]: Response body :
<Up2Date>
  <Package u2dtype="firmware" requiresMandatoryUpdate="1">
    <File name="HW-18.0.3_MR-3.SF300-457.sig">
      <location>https://d3tusa5dvomhzy.cloudfront.net/HW/HW-18.0.3_MR-3.SF300-457.sig</location>
      <version>SFOS 18.0.3-457</version>
      <fwversion>18.0.3.457</fwversion>
      <appmodel>XG430</appmodel>
      <appvendor>WP02</appvendor>
      <productcode>CN</productcode>
      <size>399932970</size>
      <md5sum>895386850bc6f4a3056f76ac4e51e6bf</md5sum>
      <release>GA</release>
      <releasenotes>https://d3tusa5dvomhzy.cloudfront.net/CHANGELOG/18.0.3.457.releasenotes</releasenotes>
      <message>Sophos Firewall MR Release</message>
      <releasedate>2020-10-13</releasedate>
    </File>
  </Package>
</Up2Date>

DEBUG     Dec 16 13:53:45 [5593]: Response length : 749
DEBUG     Dec 16 13:53:45 [5593]: Received requiresMandatoryUpdate = 1
DEBUG     Dec 16 13:53:45 [5593]: Received name : HW-18.0.3_MR-3.SF300-457.sig
DEBUG     Dec 16 13:53:45 [5593]: Received location : https://d3tusa5dvomhzy.cloudfront.net/HW/HW-18.0.3_MR-3.SF300-457.sig
DEBUG     Dec 16 13:53:45 [5593]: Received version : SFOS 18.0.3-457
DEBUG     Dec 16 13:53:45 [5593]: Received fwversion : 18.0.3.457
DEBUG     Dec 16 13:53:45 [5593]: Received appmodel : XG430
DEBUG     Dec 16 13:53:45 [5593]: Received appvendor : WP02
DEBUG     Dec 16 13:53:45 [5593]: Received productcode : CN
DEBUG     Dec 16 13:53:45 [5593]: Received size : 399932970
DEBUG     Dec 16 13:53:45 [5593]: Received md5sum : 895386850bc6f4a3056f76ac4e51e6bf
DEBUG     Dec 16 13:53:45 [5593]: Received release : GA
DEBUG     Dec 16 13:53:45 [5593]: Received releasenotes : https://d3tusa5dvomhzy.cloudfront.net/CHANGELOG/18.0.3.457.releasenotes
DEBUG     Dec 16 13:53:45 [5593]: Received message : Sophos Firewall MR Release
DEBUG     Dec 16 13:53:45 [5593]: Received releasedate : 2020-10-13
DEBUG     Dec 16 14:01:13 [17548]: --serial = C4207xxxxxx
DEBUG     Dec 16 14:01:13 [17548]: --deviceid = 6d848b4deb5xxxxxxxxxxxxxxx
DEBUG     Dec 16 14:01:13 [17548]: --fwversion = 18.0.1.396
DEBUG     Dec 16 14:01:13 [17548]: --productcode = CN
DEBUG     Dec 16 14:01:13 [17548]: --model = XG430
DEBUG     Dec 16 14:01:13 [17548]: --vendor = WP02
DEBUG     Dec 16 14:01:13 [17548]: --pkg_sysupdate_version = 11
DEBUG     Dec 16 14:01:13 [17548]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
DEBUG     Dec 16 14:01:13 [17548]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
DEBUG     Dec 16 14:01:13 [17548]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
DEBUG     Dec 16 14:01:13 [17548]: Final query string is :
?&serialkey=C4207xxxxxx&deviceid=6d848b4deb5xxxxxxxxxxxxxxx&fwversion=18.0.1.396&productcode=CN&appmodel=XG430&appvendor=WP02&useragent=SF&oem=&pkg_sysupdate_version=11
DEBUG     Dec 16 14:01:15 [17548]: Response code : 500
DEBUG     Dec 16 14:01:15 [17548]: Response body :
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>500 - Internal Server Error</title>
 </head>
 <body>
  <h1>500 - Internal Server Error</h1>
 </body>
</html>

  • 0 in reply to LHerzog

    Hi,

    I have 18.0.3.
    Just addition to my previous comments. Noticed that for me from 14th afternoon the Avira signatures are not updated anymore - only ips and savi.

    In 18.0.4 release notes there is some note about fix in up2date client. So I will recheck the behavior later on with this version and then maybe raise the ticket. Just waiting the fix to be available in GUI - so probably in January.

  • 0 in reply to Tomas Beran

    Neither ATP nor Avira have updated since the 14th Dec 2020 on my mr-4 XG.

    Ian

  • 0 in reply to rfcat_vk

    Thanks and for providing your Firmware versions here. Hope the L1 support from case 03331743  acknowledges it finnaly and raises it to further levels.

  • FormerMember
    0 FormerMember in reply to Tomas Beran

    Hi ,

    The issue you reported with Avira signatures are not updating from 14th December is currently being investigated with internal ID NC-66996. If you have an open support case, please provide the support case and I will follow up with your support case.

    This issue is also reported on the following Community thread.

    Avira AV pattern not updated 

    Sophos is working on this and we recommend you to switch to single scan “Sophos” if there are any concerns.

    Thanks,
  • 0 in reply to FormerMember

    Hi,

    so the issue described with error 500 is NC-64992

    and the avira thing is NC-66996

    please keep the avira postings in the other thread.

  • FormerMember
    0 FormerMember in reply to FormerMember

    Hi ,

    The issue you reported with Avira signatures are not updating from 14th December is now resolved with internal ID NC-66996.

  • 0 in reply to FormerMember

    Hi Patel,
    thanks for info. It seems as some problem with update server(s) in general as it sometimes woks and sometimes not. It's about this 500 error and signature update problem in general in another threats. Let's see how it goes in time.