Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central: TLS inspection rule sync failed because of Invalid Parameters (501)

Ben@Network

Hello Community,

I have the problem with the Sophos Central Sync that a TLS rule does not want to be synchronized. I always get the following error message:

This error can be reproduced with complete every sync. For example, on a new firewall that has connected to Sophos Central for the first time and initially gets the objects and rules synchronized. I have the same problem with "used" firewalls, which I remove from the group and reassign, so that they do a full sync again. 

Unfortunately, I do not see why the parameter is found fault with. Does anyone have a tip on how to debug this in a practical way?

Thanks,

Ben



This thread was automatically locked due to age.
Parents
  • 0

    Hi Ben 

    Please share TLS rule and parameters you are selecting with a snapshot?Along with SSL/TLS Inspection rules status under protect->rules and policies—> SSL/TLS Inspections rule.

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Hi Bharat,

    It's a little strange. I had revised the TLS rules and settings this week because of the CA certificate issues. I had adjusted the TLS settings and pushed them to the firewalls without any problems. Now when I add a new firewall or an existing firewall to the group and want all transitions to be listed, it fails again. In the Sophos Firewall Transaction Details I see the following:

    {
     "opcodeID": 129,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7738,
     "opcodeString": "",
     "responseStatus": "{\"Entity\":\"tlsrule\",\"Event\":\"ADD\",\"statusmessage\":\"Failed because of Invalid Parameters\",\"status\":\"501\",\"invalidparams\":[\"invalid [moveto,orderby]\"]}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 130,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7739,
     "opcodeString": "",
     "responseStatus": "{\"status\":\"501\",\"Event\":\"ADD\",\"statusmessage\":\"Failed because of Invalid Parameters\",\"invalidparams\":[\"invalid [moveto,orderby]\"],\"Entity\":\"tlsrule\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 131,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7740,
     "opcodeString": "",
     "responseStatus": "{\"statusmessage\":\"Failed because of Invalid Parameters\",\"Event\":\"ADD\",\"invalidparams\":[\"invalid [moveto,orderby]\"],\"Entity\":\"tlsrule\",\"status\":\"501\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 141,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7741,
     "opcodeString": "",
     "responseStatus": "{\"Event\":\"ADD\",\"Entity\":\"tlsrule\",\"invalidparams\":[\"invalid [moveto,orderby]\"],\"statusmessage\":\"Failed because of Invalid Parameters\",\"status\":\"501\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 139,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7742,
     "opcodeString": "",
     "responseStatus": "{\"Entity\":\"tlsrule\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"status\":\"502\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 128,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7743,
     "opcodeString": "",
     "responseStatus": "{\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"tlsrule\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 140,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7744,
     "opcodeString": "",
     "responseStatus": "{\"Entity\":\"tlsrule\",\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 142,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7745,
     "opcodeString": "",
     "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"tlsrule\",\"status\":\"502\",\"Event\":\"ADD\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 136,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7746,
     "opcodeString": "",
     "responseStatus": "{\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"tlsrule\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 132,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7747,
     "opcodeString": "",
     "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\",\"Entity\":\"tlsrule\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 137,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7748,
     "opcodeString": "",
     "responseStatus": "{\"status\":\"502\",\"Entity\":\"tlsrule\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 138,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7749,
     "opcodeString": "",
     "responseStatus": "{\"Event\":\"ADD\",\"Entity\":\"tlsrule\",\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 133,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7750,
     "opcodeString": "",
     "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"tlsrule\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 135,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7751,
     "opcodeString": "",
     "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\",\"Entity\":\"tlsrule\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 134,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7752,
     "opcodeString": "",
     "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"Entity\":\"tlsrule\",\"status\":\"502\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3674,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7753,
     "opcodeString": "",
     "responseStatus": "{\"statusmessage\":\"Failed because of Invalid Parameters\",\"invalidparams\":[\"invalid [moveto,orderby]\"],\"Entity\":\"tlsrule\",\"status\":\"501\",\"Event\":\"UPDATE\"}",
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3675,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7754,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3676,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7755,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3677,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7756,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3679,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7757,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3673,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7758,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3686,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7759,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3687,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7760,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3681,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7761,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3683,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7762,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3684,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7763,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3678,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7764,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3680,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7765,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3685,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7766,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }
    {
     "opcodeID": 3682,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 7767,
     "opcodeString": "",
     "responseStatus": null,
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }

    For comparison, if I sync a TLS rule individually to the firewall (this transaction completes successfully) to the firewall:

    {
     "opcodeID": 4,
     "entityID": 1401,
     "entityName": "add_decryption_profile",
     "opcodeType": 1,
     "orderID": 0,
     "opcodeString": "",
     "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\",\"Entity\":\"decryptionprofile\"}",
     "uniqueName": "-1401",
     "updateFlag": "f",
     "mainEntity": "f"
    }
    {
     "opcodeID": 3,
     "entityID": 1401,
     "entityName": "edit_decryption_profile",
     "opcodeType": 1,
     "orderID": 1,
     "opcodeString": "",
     "responseStatus": "{\"statusmessage\":\"service success\",\"status\":\"200\",\"Event\":\"UPDATE\",\"Entity\":\"decryptionprofile\"}",
     "uniqueName": "-1401",
     "updateFlag": "t",
     "mainEntity": "f"
    }
    {
     "opcodeID": 1,
     "entityID": 1402,
     "entityName": "add_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 4,
     "opcodeString": "",
     "responseStatus": "{\"Entity\":\"tlsrule\",\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\"}",
     "uniqueName": "-1402",
     "updateFlag": "f",
     "mainEntity": "t"
    }
    {
     "opcodeID": 2,
     "entityID": 1402,
     "entityName": "edit_tls_inspection_rule",
     "opcodeType": 1,
     "orderID": 5,
     "opcodeString": "",
     "responseStatus": "{\"Entity\":\"tlsrule\",\"status\":\"200\",\"statusmessage\":\"service success\",\"Event\":\"UPDATE\"}",
     "uniqueName": "-1402",
     "updateFlag": "t",
     "mainEntity": "t"
    }

    Ben

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Ben@Network

    Thanks for the update

    The issue is observed if there is a duplicate entry for SSL/TLS Inspections rule exits on Sophos XG firewall under protect->rules and policies—> SSL/TLS Inspections rule.

    Please share the snapshot of the current status of the  SSL/TLS Inspections rules on Sophos XG and SSL/TLS Inspections rules pushing from Sophos Central.

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Ben@Network

    Thanks for the update

    The issue is observed if there is a duplicate entry for SSL/TLS Inspections rule exits on Sophos XG firewall under protect->rules and policies—> SSL/TLS Inspections rule.

    Please share the snapshot of the current status of the  SSL/TLS Inspections rules on Sophos XG and SSL/TLS Inspections rules pushing from Sophos Central.

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to Bharat J

    HI Bharat,

    on firewall and Sophos Central are not duplicated TLS Inspection rules. See screenshots. 

    Rules on Sophos Central: (1) is defined on to level and (2) is defined in a subgroup:

    If I look on firewall, I see the same rules:

    If I delete all TLS Inspection rules except the default Rule “Exclusions by website or category” (which cannot delete) and I moved the Firewall to “ungrouped” and back to my subgroup, all 12 TLS rules are back on firewall, but I get the same error message.

    If I move the Firewall to the “Root” group of the hierarchy, I get no error message (the 9 rules of (1) are synced without any error). I also deleted the 3 rules in the subgroup and created new rules (2211, 2212, 2213), but I get always the error message if the firewall is moved to the subgroup.

    Regards,

    Ben

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML