Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 86 replies
  • Subscribers 46 subscribers
  • Views 18249 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall v18 MR-5: Feedback and experiences

LuCar Toni

New Thread to cover changes / feedback / experiences about MR5.

MR5 was Re Released. New Build number: 586

"Old" MR3 Thread: https://community.sophos.com/xg-firewall/f/discussions/123403/xg-firewall-v18-mr-3-feedback-and-experiences

"Old" MR4 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/124771/xg-firewall-v18-mr-4-feedback-and-experiences

Release Notes: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/xg-firewall-v18-mr5-is-now-available

https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_180_rn.html



This thread was automatically locked due to age.
Parents
  • 0

    LDAP Auth is broken on 18 MR-5

    all auth requests on the firewall are producing "LDAP Server not found with authserver id" errors, tried to recreate the LDAP server, tried setting the LDAPserver to use an known dn instead of anonymous ... auth failed.

    ldap server is configured like the kb states https://support.sophos.com/support/s/article/KB-000035738

    had to rollback to -MR 4

  • 0 in reply to Alex_Wo

    Can you show us a screenshot of this issue? You are using LDAP server to anything specific? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    we have an pretty standard OpenLDAP setup

    i don't have any screenshots but i have some logs:

    ERROR     Apr 12 06:39:47.620137 [LDAP_AUTH]: (ldapauth_handle_authrequest): LDAP_AUTH: LDAP Server not found with authserver id 4
    ERROR     Apr 12 06:39:47.620155 [LDAP_AUTH]: (ldapauth_handle_authrequest): LDAP_AUTH: LDAP Server not found with authserver id 3
    ERROR     Apr 12 06:39:47.620266 [access_server]: check_auth_result: VPN/SSLVPN/MYACC Authentication Failed
    MESSAGE   Apr 12 06:39:47.620301 [access_server]: (update_admin_access_table): ### Admin user authentication failed from IP xx.xx.xx.xx
    MESSAGE   Apr 12 06:40:02.521909 [access_server]: tlvserver_process_request: GOT ALERT.EXECUTE_HEARTBEAT
    ERROR     Apr 12 06:40:15.155300 [access_server]: ldapauth_bind: bind failed: Invalid credentials
    ERROR     Apr 12 06:40:15.155311 [access_server]: ldapauth_test_auth:'ldap.xxx.xx:389': bind failed for user: 'uid=xxxxxx'
    ERROR     Apr 12 06:40:20.247596 [LDAP_AUTH]: (nsg_decryption): failed to find needed_length for :

    ERROR     Apr 12 06:40:20.247613 [LDAP_AUTH]: (pg_db_handle_get_ldap_server_config): LDAP server password decryption failed
    ERROR     Apr 12 06:40:20.247620 [LDAP_AUTH]: (pg_db_handle_get_ldap_server_config): LDAP server: password not found, will not add server
    ERROR     Apr 12 06:40:20.247624 [LDAP_AUTH]: (pg_db_handle_get_ldap_server_config): couldn't added LDAP server 'ldap.xxx.xx:389'

  • 0 in reply to Alex_Wo

    Did you configure your SSMK in MR3 (Set the Secure Storage Master Key)? Seems like the database could not migrate the password.

    Check the /log/migration.log for any migration errors after/while migration to MR5. 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to Alex_Wo

    Did you configure your SSMK in MR3 (Set the Secure Storage Master Key)? Seems like the database could not migrate the password.

    Check the /log/migration.log for any migration errors after/while migration to MR5. 

    __________________________________________________________________________________________________________________

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?