Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 29 replies
  • Subscribers 27 subscribers
  • Views 45099 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFM - I built one

IanMorehouse

I built one on my VMware esxi6.x system. An interesting afternoons fun. The registration was about as much fun as registering an XG, not much fun. Activated and that was it, no more internet. Used the same trick of opening up the mac book pro second connection and setting the basic connection to point at the XG gateway.

Next trick, the OVF comes with 4 NICs, not sure why. Any way removed two from the VM configuration, but 4 still show in the SFM and cannot be highlited/marked for deletion even after an SFM restart.

Having to identify each device before it can bo connected is sort of old world or just plain lazy in the design when the utm allows for devices to call home.

Allowing inter device communication on port 80. Not being able to disable port 80 for management access, again another either lazy or thoughtless design for something that wants to be a big business security device.


My 10c worth so far.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to IanMorehouse

    Itt was connected long enough to download the configuration.

    Also other issues

    1/. I do not receive any notifications from the SFM even though the test connection is successful.

    2/. does not appear to be able to handle the UTM acting as a relay agent. I think that is a request for the XG as well.

    3/. even though you disable port 80 access using the system settings -> administration -> device access you are still not able to remove port 80, system settings -> administration -> settings. You can change the value of the port then you receive a warning to change the settings in the devices as well.This implies that something in the SFM is still iistening on that port, not very secure.

  • 0 in reply to IanMorehouse

    I have added a NAT rule to my UTM 9.4 to allow the heartbeat port 6514 to be directed to the SFM. I am not sure how often a heartbeat is sent, but so far at least 30 minutes no update of status.

    Another little issue, is how do you name the SFM?

  • 0 in reply to IanMorehouse

    Looking at the XG logs I see many failed to send heartbeat the sfm as well as failed updates reports. I have turned off sfm will send updates until I fix this communication issue.

    I think I must be missing a setting in the XG that allows the heartbeat to be sent? Do I need a specific allow outgoing heartbeat policy from the XG?

  • 0 in reply to IanMorehouse

    Hi Ian,

    User do not have to do any setting in the XG for heartbeat to be send.User have to just add SFM IP in Central Management page of XG and heartbeat communication start between SFM and XG.Heartbeat is sent every 1 minute from XG to SFM.

    Please go to advance shell of XG and check tcpdump for port 6514 using below command and check the connection was successful or not.

    tcpdump -n port 6514

    Please provide below detail to check issue further.

    SFM device page (System Management --> Device Settings --> Managed Device --> Devices)  screen-shot
    XG device Central management page (System --> Administration--> Central Management) screen-shot
    XG Admin Console HTTPS Port value (System --> Administration --> Setting Page) ____  ?
    SFM test connection page screen-shot (System Management --> Device Settings --> Managed Devices --> Devices)

    Regards,

    Ravi

  • 0 in reply to RaviPatel

    I will try again for the 4th time to attach the reqested information This site is so difficult to do simple things like add files.


    I have added 1 file, which does not show. Some of us do not use word or MS products. Now two files, but nothing shows.

    Now 3 files and still none show. Now 2 more files and still nothing shows.

  • 0 in reply to RaviPatel

    Hi Ravi,

    another attempt to load the information you requested.

    http://www.pbase.com/edit_gallery/ianm_au/xgstuff

  • 0 in reply to IanMorehouse

    Hi Ian,

    From the  screenshot of SFM and XG ,we are able to derive that configuration part is correct.

    As per tcpdump screenshot of XG, there is communication issue between XG device and SFM. Packets from XG is getting out from XG but packets are not coming from SFM side to XG device.

    Please check NAT rule of UTM 9 device for 6514 port.Have you configure the NAT rule in UTM  with Full NAT option (Source + Destination) ?

    Ravi

  • 0 in reply to IanMorehouse

    After the upgrade completed I am still receiving failed to send messages in the log?

    what is required to make this work?

  • 0 in reply to RaviPatel

    Hi Ravi,

    I have been working interstate, that is why the response is a little delayed.

    I didn't setup a full NAT on the UTM 9.4. I treated this the same way as I treat the SUM access using specific ports. I will change the SFM nat and advise the results.