This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall has not checked in Sophos Central

Hello guys...

I'm seeing reports of Firewall has not checked in with Sophos Central related to some (not all) of my firewalls registred in Sophos Central as you can see below:

I also attached the centralmanagement.log file. Hope you can help me, these notifications are annoying.

XG210_WP03_SFOS 18.0.4 MR-4# cat centralmanagement.log[J
2021-05-29 08:11:41 INFO central-connect[21638]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:11:56 WARN API.pm[21638]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)
Content-Type: text/plain
Client-Date: Sat, 29 May 2021 11:11:56 GMT
Client-Warning: Internal response

Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)

LWP::Protocol::https::Socket: connect: Connection timed out at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.
 
2021-05-29 08:11:56 INFO API.pm[21638]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error 
2021-05-29 08:11:56 INFO central-connect[21638]:230 main:: -  Poll for SSO Sessions failed. 
2021-05-29 08:11:56 ERROR Tools.pm[21638]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 
2021-05-29 08:12:26 INFO central-connect[21811]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:12:42 WARN API.pm[21811]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)
Content-Type: text/plain
Client-Date: Sat, 29 May 2021 11:12:42 GMT
Client-Warning: Internal response

Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)

LWP::Protocol::https::Socket: connect: Connection timed out at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.
 
2021-05-29 08:12:42 INFO API.pm[21811]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error 
2021-05-29 08:12:42 INFO central-connect[21811]:230 main:: -  Poll for SSO Sessions failed. 
2021-05-29 08:12:42 ERROR Tools.pm[21811]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 
2021-05-29 08:13:13 INFO central-connect[22038]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:13:28 WARN API.pm[22038]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)
Content-Type: text/plain
Client-Date: Sat, 29 May 2021 11:13:28 GMT
Client-Warning: Internal response

Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)

LWP::Protocol::https::Socket: connect: Connection timed out at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.
 
2021-05-29 08:13:28 INFO API.pm[22038]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error 
2021-05-29 08:13:28 INFO central-connect[22038]:230 main:: -  Poll for SSO Sessions failed. 
2021-05-29 08:13:28 ERROR Tools.pm[22038]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 
2021-05-29 08:13:59 INFO central-connect[22232]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:14:14 WARN API.pm[22232]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)
Content-Type: text/plain
Client-Date: Sat, 29 May 2021 11:14:14 GMT
Client-Warning: Internal response

Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)

LWP::Protocol::https::Socket: connect: Connection timed out at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.
 
2021-05-29 08:14:14 INFO API.pm[22232]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error 
2021-05-29 08:14:14 INFO central-connect[22232]:230 main:: -  Poll for SSO Sessions failed. 
2021-05-29 08:14:14 ERROR Tools.pm[22232]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 
2021-05-29 08:14:45 INFO central-connect[22524]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:15:00 WARN API.pm[22524]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)
Content-Type: text/plain
Client-Date: Sat, 29 May 2021 11:15:00 GMT
Client-Warning: Internal response

Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)

LWP::Protocol::https::Socket: connect: Connection timed out at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.
 
2021-05-29 08:15:00 INFO API.pm[22524]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error 
2021-05-29 08:15:00 INFO central-connect[22524]:230 main:: -  Poll for SSO Sessions failed. 
2021-05-29 08:15:00 ERROR Tools.pm[22524]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 
2021-05-29 08:15:30 INFO central-connect[22766]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:15:46 WARN API.pm[22766]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)
Content-Type: text/plain
Client-Date: Sat, 29 May 2021 11:15:46 GMT
Client-Warning: Internal response

Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)

LWP::Protocol::https::Socket: connect: Connection timed out at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.
 
2021-05-29 08:15:46 INFO API.pm[22766]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error 
2021-05-29 08:15:46 INFO central-connect[22766]:230 main:: -  Poll for SSO Sessions failed. 
2021-05-29 08:15:46 ERROR Tools.pm[22766]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 
2021-05-29 08:16:17 INFO central-connect[22999]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:16:32 WARN API.pm[22999]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)
Content-Type: text/plain
Client-Date: Sat, 29 May 2021 11:16:32 GMT
Client-Warning: Internal response

Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)

LWP::Protocol::https::Socket: connect: Connection timed out at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.
 
2021-05-29 08:16:32 INFO API.pm[22999]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error 
2021-05-29 08:16:32 INFO central-connect[22999]:230 main:: -  Poll for SSO Sessions failed. 
2021-05-29 08:16:32 ERROR Tools.pm[22999]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 
2021-05-29 08:17:03 INFO central-connect[23247]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:17:04 INFO central-connect[23247]:269 main:: -  got response of poll for SSO. Status: disconnected backupExpected:  
2021-05-29 08:17:35 INFO central-connect[23394]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:17:50 WARN API.pm[23394]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)
Content-Type: text/plain
Client-Date: Sat, 29 May 2021 11:17:50 GMT
Client-Warning: Internal response

Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)

LWP::Protocol::https::Socket: connect: Connection timed out at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.
 
2021-05-29 08:17:50 INFO API.pm[23394]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error 
2021-05-29 08:17:50 INFO central-connect[23394]:230 main:: -  Poll for SSO Sessions failed. 
2021-05-29 08:17:50 ERROR Tools.pm[23394]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 
2021-05-29 08:18:21 INFO central-connect[23572]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:18:37 WARN API.pm[23572]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)
Content-Type: text/plain
Client-Date: Sat, 29 May 2021 11:18:37 GMT
Client-Warning: Internal response

Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)

LWP::Protocol::https::Socket: connect: Connection timed out at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.
 
2021-05-29 08:18:37 INFO API.pm[23572]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error 
2021-05-29 08:18:37 INFO central-connect[23572]:230 main:: -  Poll for SSO Sessions failed. 
2021-05-29 08:18:37 ERROR Tools.pm[23572]:97 SFOS::Common::Central::Tools::report_status - EPOLLSSOFAIL: no sophisticated error message supplied 
2021-05-29 08:19:07 INFO central-connect[23817]:219 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/C23076BRGRHCTE7/sshTunnel  Timezone: America/Bahia 
2021-05-29 08:19:23 WARN API.pm[23817]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com:443 (Connection timed out)
Content-Type: text/plain
Client-Date: Sat, 29 May 2021 11:19:23 GMT
Client-Warning: Internal response
XG210_WP03_SFOS 18.0.4 MR-4# cat centralmanagement.log[J

This thread was automatically locked due to age.

Parents

0 FormerMember over 4 years ago

Hi Mariana Varanda,

Thanks for reaching out to the Community!

Is there any upstream proxy at the firewall locations where you see these alerts from? Looking at the logs, it seems the firewall can't connect to the central, and it might be an upstream device blocking access to the central.

Do you use internal DNS servers on your firewalls or DNS servers from ISP?

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 FormerMember over 4 years ago

Hi Mariana Varanda,

Thanks for reaching out to the Community!

Is there any upstream proxy at the firewall locations where you see these alerts from? Looking at the logs, it seems the firewall can't connect to the central, and it might be an upstream device blocking access to the central.

Do you use internal DNS servers on your firewalls or DNS servers from ISP?

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Mariana Varanda over 4 years ago in reply to FormerMember

Hi , thank you for the reply!

We actually have a internal proxy at the firewalls locations. We already allowed the traffic to *.upe.p.hmr.sophos.com and *.sophos.com in it.

We also use internal DNS servers. Is there anything else I should do internally to make this communication work?

Thank you.
Cancel
Vote Up 0 Vote Down

Cancel
0 Mariana Varanda over 4 years ago in reply to FormerMember

Also I verified if the DNS servers are resolving the name, and the test was successful, as you can see below:
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 4 years ago in reply to Mariana Varanda

Do you use a Parent Proxy? Which Version do you use?
Cancel
Vote Up 0 Vote Down

Cancel