Firewalls lost connection to Central

Hi Ben@Network,

Thank you for reaching out to the Community! 

Did you open a support case for this issue? If not, please open a support case at support.sophos.com and PM me the support case number.

Could you please check the status of the ssod service on the firewall that lost the connection with the central and provide the ssod and centralmanagement logs?

Run the following command from the advanced shell to check the status of the service: service -S | grep ssod

Thanks, 

Hi Harsh,

the ssod service is stopped.

SG125_XN01_SFOS 18.0.3 MR-3# service -S | grep ssod
ssod                 STOPPED

This is the log:

Nov 19 12:58:29.232 *****************************
Nov 19 12:58:29.236 Starting ssod
Nov 19 12:58:29.236 *****************************
Nov 19 13:10:36.904 err [0000004154705664] Wait for channel failed. Channel not found
Nov 19 13:10:36.904 err [0000004154705664] Failed to accept connection from listener: Connection reset by peer
Nov 19 13:20:47.916 err [0000004154705664] Wait for channel failed. Channel not found
Nov 19 13:20:47.916 err [0000004154705664] Failed to accept connection from listener: Connection reset by peer
Nov 19 13:30:58.917 err [0000004154705664] Wait for channel failed. Channel not found
Nov 19 13:30:58.917 err [0000004154705664] Failed to accept connection from listener: Connection reset by peer
Nov 19 13:41:09.900 err [0000004154705664] Wait for channel failed. Channel not found
Nov 19 13:41:09.900 err [0000004154705664] Failed to accept connection from listener: Connection reset by peer
Nov 19 13:41:10.331 *****************************
Nov 19 13:41:10.331 ssod stopped
Nov 19 13:41:10.331 *****************************

How can I restart the service?

Regards,

Ben

Hi Ben@Network,

Please run the following command: service ssod:start -ds nosync 

Let me know if that makes any difference. 

Thanks,

Hi Ben, thanks for reporting. We are investigating the cause. It appears to have been triggered by a maintenance task, and as a result has caused the status to be shown incorrectly for some firewalls. SSO to should still be working, and you should still be able to perform other management tasks from Central, just the status is currently incorrect. We are still investigating, and can update once we have more info about the cause and resolution. 

Hi Alan,

thanks for your reply. Also after starting the ssod the central status stays by "last contact x hours ago". Does it change anything when I reboot the firewalls?

Ben

no, it makes no difference. The Central console shows 8 of our 27 firewalls are last seen x hours ago. But we can manage the firewalls and I was able to push objects to the "offline" firewalls.

The SSOd agent is not connected to the online status for v18 firewalls. It's normally stopped, unless you click the link in Central to initiate a connection to the firewall. There is a separate agent that handles communications with central in parallel for management tasks, and that reports the online status of the firewall. The agent is in fact online, but due to an event notice received out of order, the status is reported as offline incorrectly. 

If you were to reboot a firewall now, it should correct the state, though I wouldn't recommend that as a solution, since that would be a rather disruptive way to solve it. I am expecting an update in the next few hours on how we can resolve it for you. 

I can confirm that rebooting the XG restored the state to Connected from Last seen 9 hours ago. 

11:17AM for me was the timestamp prior to the reboot.

Hi Alan,

now all firewalls shown as "synchronized" in Sophos Central again.

Ben

That's great to hear Ben! The team rolled out an update this morning that was meant to resolve the issue for any firewalls still showing the wrong state. Sounds like it did its job!