Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 26 subscribers
  • Views 869 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Changes in "show vpn setting" not applied

Kay Werrmann

In version SFOS 18.0.3 MR-3 we would like to change the SSL-port from 8443 to 443.In the dialogue "VPN / Show VPN settings" the value can be changed, but after pressing "Apply" and leaving the dialogue with "close vpn settings" and opening it again with "VPN / Show VPN settings" these settings are lost.

This now also occurs after a downgrade to version 17.5.



This thread was automatically locked due to age.

Top Replies

  • FormerMember
    FormerMember in reply to Kay Werrmann +2 verified

    Hi Kay Werrmann,

    Thank you for providing debug logs. 

    As per the following log entries, the issue is that the firewall's default certificate is not configured, or the name of the certificate has some special characters or space in it. 

    INFO Dec 14 09:30:34 [sslvpn_global_settings:16934]: opcode 'sslvpn_global_settings': time taken: 0.283496160 seconds
    DEBUG Dec 14 09:30:34 [worker:16934]: {"response":{"method":"opcode","name":"sslvpn_global_settings","version":"1.14","type":"text","length":104,"data":{ "statusmessage": "Default CA is not configured", "invalidparams": [ "perusercert" ], "status": "501" },"statusCode":500,"statusStrlen":2,"statusString":"OK"}}
    DEBUG Dec 14 09:30:34 [worker:16934]: # OPCODE Exited: 'sslvpn_global_settings' with Status: '500'
    DEBUG Dec 14 09:30:34 [worker:16934]: write_packet: 52+104+2
    DEBUG Dec 14 09:30:34 [worker:16934]: write_packet: write 158 bytes to listener

    Could you please ensure default CA details are properly configured on your firewall? Let us know if that resolves your issue. 

    Thanks,

    Jump to answer
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    I'm able to change the SSL VPN port to 443 on my XG firewall that is also running on firmware SFOS 18.0.3 MR-3. 

    Do you have any other local service that is using port 443? 

    Could you please replicate the issue and collect the following logs from your firewall. 

    SSH into the XG firewall by following this KBA: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    • To connect using SSH, you may use any SSH client to connect to port 22 of the SFOS device.
    • Select option 5 Device Management.
    • Select option 3 Advanced Shell.

    Run the following command to collect applog: tail -f /log/applog.log 

    You also need to put the CSC service in debugging and collect csc logs. 

    Run the following command to put the csc service in debug: csc custom debug

    Note: Run the same command to remove the service from debugging. 

    Run the following command to collect csc logs: tail -f /log/csc.log 

    Thanks,

  • 0 in reply to FormerMember

    Hello Harsh Patel,

    thank you very much for the feedback.

    It is not only a problem with port 443. No parameter can be changed in the dialog at all. Every change is lost again after closing. After pressing Apply, the spinning wheel comes briefly, but no green confirmation at the top of the window. Maybe a symptom?


    It concerns meanwhile 4 (!) newly delivered Sophos XG (2x XG125, 2x XG135). We have tried updates and downgrades, always the same. Meanwhile, we no longer believe in a hardware or software error, but in an operating problem.

    On Monday, I would continue the topic.

    Best regards,

    Kay Werrmann

Reply
  • 0 in reply to FormerMember

    Hello Harsh Patel,

    thank you very much for the feedback.

    It is not only a problem with port 443. No parameter can be changed in the dialog at all. Every change is lost again after closing. After pressing Apply, the spinning wheel comes briefly, but no green confirmation at the top of the window. Maybe a symptom?


    It concerns meanwhile 4 (!) newly delivered Sophos XG (2x XG125, 2x XG135). We have tried updates and downgrades, always the same. Meanwhile, we no longer believe in a hardware or software error, but in an operating problem.

    On Monday, I would continue the topic.

    Best regards,

    Kay Werrmann

Children
No Data