Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 3 answers
  • Subscribers 29 subscribers
  • Views 1346 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF no longer working after backup XG and then restore to XGS

Michael Großmann

Good morning community,

I have a problem with WAF after a migration from XG230 to XGS2300.

It was a XG230 HA cluster which I disbanded before the backup and only backed up one firewall.

I imported this backup into a new XGS2300 and again formed a new HA cluster.

I have now noticed that no web publishing rule is working. VPN and outgoing rules are working.

What did I do wrong here? Surely this can't be that I can't just import the backup of an XG into an XGS? The firmware is of course identical on all systems.

Best regards
Michael



This thread was automatically locked due to age.
Parents
  • 0

    Hello  ,

    Thank you for reaching out to the community, may we know the firmware on XG 230 to XGS 2300 ?
    As there has been a known issue where WAF might stop working after restoring a backup - NC-87676


    Would suggest you to lock a support service request !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    I still found the following errors in reverseproxy.log:

    (Several:) AH00112: Warning: DocumentRoot [/sdisk/waffiles/...] does not exist
    AH00526: Syntax error on line ... of /cfs/waf/reverseproxy.conf:
    Invalid encrypted key

    So it seems to have something to do with the encryption key (sskm)?

    I reset the sskm on the XG, created a new backup to file (with a new password) and uploaded it to the XGS (which I previously reset the firmware) directly during setup (and not after initial setup with "restore backup" from the GUI).

    But I can only check tonight if everything works now.

  • 0 in reply to Michael Großmann

    Hello  

    The error "Invalid encrypted key" indeed related to  NC-87676, please check tonight and if it still does not work then raise support ticket.

    root cause here is the database corruption for WAF profile/signature which is not being decrypted and hence does not allow reverse proxy service to start.

    Hardik R 
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Michael Großmann

    And this to add on to what   said, this might be a corruption too due to backup workflow, this is fixable with the help of support. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply Children
Unfiltered HTML