Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 633 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XGS107s behind XGS3100 can't be remoted using central

AstaroNBack

We have (3) XGS107 which offices use to connect to our hub.  At our hub we have XGS3100.  The XGS107's function as routers.

The XGS107 traffic must pass through the XGS3100, to get to Sophos Central.

We were able to access the XGS107's via central for remote control when installed in Aug until about a month ago. 

We can NO longer use central to remote connect to XGS107 GUI.  

I can access all XGS107 directly from within our private network via HTTPS GUI.

All of the XGS107 are Sync'd with central, they can obtain new policies / rules.

I've tried capturing packets on the XGS3100 to see if it is blocking, but no luck.  -- Ideas ?

Q:  IS there a LOG on the XGS107 that records central activity, specifically Central https admin access attempts?

which shows TimeDate, IP address of XGS107, port, Destination IP, port (central), etc?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    I am comparing logs: Sophos FW is direct connectable from Central - applog.log

    You can see that it is getting a List of Sophos infrastructure IP's when I request firewall management / (remote config) from central.

    Feb 13 21:26:59Z opcode:poll_for_SSO - SSO poll success
    Feb 13 21:27:05Z manage_fqdn_ipset: Request for Subsystem ID: 674 of Type: 1 and Action: add.
    Feb 13 21:27:05Z Type: FQDN HOST IPSET entry add/updated Successfully.
    Feb 13 21:27:05Z manage_fqdn_ipset: Request for Subsystem ID: 674 of Type: 1 and Action: delete.
    Feb 13 21:27:05Z Type: FQDN HOST IPSET entry add/updated Successfully.
    Feb 13 21:27:05Z TLV output: 674,1,162.159.200.1,129.250.35.251,64.251.10.152,64.62.194.188,138.197.15.27,74.6.168.72,66.85.78.80,162.159.200.123,38.17.55.111,73.61.36.59,129.146.193.200,142.147.88.111,216.66.48.42,17.253.2.123,69.164.198.192,147.182.226.62,204.93.207.11,171.66.97.126,137.190.2.4,23.131.64.12,198.137.202.56,20.190.12.161,104.156.229.103,209.126.83.42,38.229.56.9,24.214.53.97,155.248.196.28,23.131.160.7,38.229.57.9,204.2.134.162,96.248.124.200,147.182.158.78,64.79.100.197,75.146.106.189,108.61.56.35,162.220.14.14,66.220.10.2,72.30.35.88,66.220.9.122,209.94.190.139,38.229.52.9,44.190.40.123,45.33.53.84,172.107.84.94,69.64.225.2,12.167.151.1,159.203.82.102,198.60.22.240,5.161.111.190,45.33.103.94,38.17.55.196,104.171.113.34,64.142.54.12,69.89.207.99,204.93.207.12,192.48.105.15,216.229.0.50,64.62.194.189,159.65.174.140,157.245.141.244,104.236.116.147,142.202.190.19,45.55.58.103,45.79.51.42,50.205.57.38,216.229.4.66,38.229.53.9,38.229.62.9,72.14.183.239,140.82.42.212,209.50.63.74,206.82.28.3,108.61.73.243,104.194.8.227,205.233.73.201
    Feb 13 21:27:10Z opcode:hbtrust_synchronize - starting

    This one is from a Sophos FW on our LAN, and works as a router, connecting one location to another on internal network.

    It doesn't ever get the FQDN HOST IPSET data from central.

    This device can send backups to central on demand so it has communication, and is in SYNC, NO remote config. -- Timesout

    The following is repeated in logs many times.....

    Feb 13 21:30:53Z heartbeat_ipset: sets restored
    Feb 13 21:30:53Z function:hbtrust_response - starting
    Feb 13 21:30:53Z function:hbtrust_response - returned with SUCCESS; hb_availability [ 1 ]; request->{cloud_hb_availability} [ 1 ]
    Feb 13 21:30:53Z function:hbtrust_response - successfully synchronized
    Feb 13 21:30:53Z function:hbtrust_response - call c_rehash on /conf/sysfiles/heartbeatd/ca-certificates
    Feb 13 21:30:53Z opcode:hbrust_synchronize - successful
    Feb 13 21:31:06Z appliance key is XXXXXXXXXXXXXXXXXX
    Feb 13 21:31:08Z opcode:poll_for_SSO SSOD Service Status: RUNNING SSO Status: requested
    Feb 13 21:31:08Z opcode:poll_for_SSO - firmwareupgrade flag Feb 13 21:31:08Z opcode:poll_for_SSO - backup flag
    Feb 13 21:31:08Z opcode:poll_for_SSO - SSO poll success
    Feb 13 21:31:21Z getpublickey success Key: XXXXXXXXXXXXXXXXXXXXXXXXXX
    Feb 13 21:31:39Z appliance key is XXXXXXXXXXXXXXXXX
    Feb 13 21:31:41Z opcode:poll_for_SSO SSOD Service Status: RUNNING SSO Status: requested
    Feb 13 21:31:41Z opcode:poll_for_SSO - firmwareupgrade flag Feb 13 21:31:41Z opcode:poll_for_SSO - backup flag
    Feb 13 21:31:41Z opcode:poll_for_SSO - SSO poll success

  • 0 in reply to AstaroNBack

    Logs compare 1 FW, which can be remote configured from central vs another which cannot....

  • 0 in reply to AstaroNBack

    Is SSH free for this firewall? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I can SSH from LAN.  I obtained logs that way.

  • 0 in reply to AstaroNBack

    I mean, can the firewall reach Central via Port 22 ? 
    Central uses 443 and 22 outbound. This means, SSH and 443 needs to be open. 

    __________________________________________________________________________________________________________________

Unfiltered HTML