Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XGS107s behind XGS3100 can't be remoted using central

AstaroNBack

We have (3) XGS107 which offices use to connect to our hub.  At our hub we have XGS3100.  The XGS107's function as routers.

The XGS107 traffic must pass through the XGS3100, to get to Sophos Central.

We were able to access the XGS107's via central for remote control when installed in Aug until about a month ago. 

We can NO longer use central to remote connect to XGS107 GUI.  

I can access all XGS107 directly from within our private network via HTTPS GUI.

All of the XGS107 are Sync'd with central, they can obtain new policies / rules.

I've tried capturing packets on the XGS3100 to see if it is blocking, but no luck.  -- Ideas ?

Q:  IS there a LOG on the XGS107 that records central activity, specifically Central https admin access attempts?

which shows TimeDate, IP address of XGS107, port, Destination IP, port (central), etc?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    can the xgs107 see the internet eg do the firmware updates happen?
    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Yes, I can login to gui console and DL firmware updates.  Current 19.5

  • 0 in reply to AstaroNBack

    What restrictions are placed on its internet access?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    This device must pass through another upstream XG prior to getting to internet.  It will create a backup on demand from central, so I know it can communicate and send backup to central & via email.  I grabbed some logs, here are a snippits:

    SophosCentral.log

    SAME stuff for a few months previous

    2023-02-13 19:00:36Z INFO central-refresh[3887]:80 main:: - Refreshing access_token for Sophos Central
    2023-02-13 19:45:39Z INFO central-refresh[27951]:80 main:: - Refreshing access_token for Sophos Central
    2023-02-13 20:30:40Z INFO central-refresh[20625]:80 main:: - Refreshing access_token for Sophos Central

    CentralManagement.log

    2023-02-13 20:39:27Z INFO central-connect[25238]:221 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/X10108W2M8GTQD3/sshTunnel Timezone: America/Chicago
    2023-02-13 20:39:28Z INFO central-connect[25238]:271 main:: - got response of poll for SSO. Status: requested backupExpected:
    2023-02-13 20:40:00Z INFO central-connect[25589]:221 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/X10108W2M8GTQD3/sshTunnel Timezone: America/Chicago
    2023-02-13 20:40:00Z INFO central-connect[25589]:271 main:: - got response of poll for SSO. Status: requested backupExpected: REQUESTED
    2023-02-13 20:40:02Z INFO central-connect[25603]:286 main:: - Getting backup upload info from PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]

    CSC.log - Has a bunch of stuff, not sure if applicable or good idea to post here.

    NOT a word about not being able to "Talk" or making a connection to central for remote configuration.

Reply
  • 0 in reply to rfcat_vk

    This device must pass through another upstream XG prior to getting to internet.  It will create a backup on demand from central, so I know it can communicate and send backup to central & via email.  I grabbed some logs, here are a snippits:

    SophosCentral.log

    SAME stuff for a few months previous

    2023-02-13 19:00:36Z INFO central-refresh[3887]:80 main:: - Refreshing access_token for Sophos Central
    2023-02-13 19:45:39Z INFO central-refresh[27951]:80 main:: - Refreshing access_token for Sophos Central
    2023-02-13 20:30:40Z INFO central-refresh[20625]:80 main:: - Refreshing access_token for Sophos Central

    CentralManagement.log

    2023-02-13 20:39:27Z INFO central-connect[25238]:221 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/X10108W2M8GTQD3/sshTunnel Timezone: America/Chicago
    2023-02-13 20:39:28Z INFO central-connect[25238]:271 main:: - got response of poll for SSO. Status: requested backupExpected:
    2023-02-13 20:40:00Z INFO central-connect[25589]:221 main:: - Polling for SSO to PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]/sophos/api/v1/firewalls/X10108W2M8GTQD3/sshTunnel Timezone: America/Chicago
    2023-02-13 20:40:00Z INFO central-connect[25589]:271 main:: - got response of poll for SSO. Status: requested backupExpected: REQUESTED
    2023-02-13 20:40:02Z INFO central-connect[25603]:286 main:: - Getting backup upload info from PIC-URI [https://dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com]

    CSC.log - Has a bunch of stuff, not sure if applicable or good idea to post here.

    NOT a word about not being able to "Talk" or making a connection to central for remote configuration.

Children
No Data
Unfiltered HTML