Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 16147 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG : Activation process failed (home licence)

MartinBergs

I installed Sophos XG Firewall (SFOS 15.01.0 MR-3) in a VM.

Port1 is LAN with default IP settings = 172.16.16.16/24, no gateway

Port2 is WAN with IP settings via DHCP = 192.168.xxx.44/24, gateway 192.168.xxx.96

I login to console and start from Main Menu the Device Activation

After entering the serial number I got following messages:

Device Activation in progress......

Activation process failed.

SSL connection error. SSL handshaking failed. Please contact Support.

I have a home licence and therefore no technical vendor support.

Here is what I saw during the activation process with a network sniffer.

17:14:08.274090 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 66: 192.168.xxx.44.58995 > 52.28.130.115.6061: Flags [S], seq 3916523970, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
17:14:08.297751 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 66: 52.28.130.115.6061 > 192.168.xxx.44.58995: Flags [S.], seq 3472106248, ack 3916523971, win 17922, options [mss 8961,nop,nop,sackOK,nop,wscale 7], length 0
17:14:08.297849 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 60: 192.168.xxx.44.58995 > 52.28.130.115.6061: Flags [.], ack 1, win 229, length 0
17:14:08.298164 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 62: 192.168.xxx.44.58995 > 52.28.130.115.6061: Flags [P.], seq 1:9, ack 1, win 229, length 8
17:14:08.320815 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 310: 52.28.130.115.6061 > 192.168.xxx.44.58995: Flags [P.], seq 1:257, ack 9, win 141, length 256
17:14:08.320906 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 60: 192.168.xxx.44.58995 > 52.28.130.115.6061: Flags [.], ack 257, win 237, length 0
17:14:08.321175 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 310: 192.168.xxx.44.58995 > 52.28.130.115.6061: Flags [P.], seq 9:265, ack 257, win 237, length 256
17:14:08.345412 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 74: 52.28.130.115.6061 > 192.168.xxx.44.58995: Flags [P.], seq 257:277, ack 265, win 149, length 20
17:14:08.345579 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 154: 192.168.xxx.44.58995 > 52.28.130.115.6061: Flags [P.], seq 265:365, ack 277, win 237, length 100
17:14:08.375170 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 1514: 52.28.130.115.6061 > 192.168.xxx.44.58995: Flags [.], seq 277:1737, ack 365, win 149, length 1460
17:14:08.375247 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 1514: 52.28.130.115.6061 > 192.168.xxx.44.58995: Flags [.], seq 1737:3197, ack 365, win 149, length 1460
17:14:08.375300 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 60: 192.168.xxx.44.58995 > 52.28.130.115.6061: Flags [.], ack 3197, win 283, length 0
17:14:08.630554 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 740: 52.28.130.115.6061 > 192.168.xxx.44.58995: Flags [P.], seq 3197:3883, ack 365, win 149, length 686
17:14:08.661078 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 69: 192.168.xxx.44.58995 > 52.28.130.115.6061: Flags [P.], seq 365:380, ack 3883, win 305, length 15
17:14:08.719562 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 60: 52.28.130.115.6061 > 192.168.xxx.44.58995: Flags [.], ack 380, win 149, length 0
17:14:08.719721 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 82: 192.168.xxx.44.58995 > 52.28.130.115.6061: Flags [P.], seq 380:408, ack 3883, win 305, length 28
17:14:08.745979 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 60: 52.28.130.115.6061 > 192.168.xxx.44.58995: Flags [.], ack 408, win 149, length 0
17:14:12.121669 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 86: 192.168.xxx.44.32988 > 192.168.xxx.96.53: 13984+ A? eu-prod-utm.soa.sophos.com. (44)
17:14:12.121814 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 86: 192.168.xxx.44.26701 > 192.168.xxx.96.53: 24878+ AAAA? eu-prod-utm.soa.sophos.com. (44)
17:14:12.185716 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 199: 192.168.xxx.96.53 > 192.168.xxx.44.26701: 24878 1/1/0 CNAME eu-prod-01-utm.soa.sophos.com. (157)
17:14:12.647940 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 131: 192.168.xxx.96.53 > 192.168.xxx.44.32988: 13984 2/0/0 CNAME eu-prod-01-utm.soa.sophos.com., A 54.77.84.45 (89)
17:14:15.209610 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 89: 192.168.xxx.44.41925 > 192.168.xxx.96.53: 4551+ AAAA? eu-prod-01-utm.soa.sophos.com. (47)
17:14:15.211824 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 89: 192.168.xxx.96.53 > 192.168.xxx.44.41925: 4551 0/0/0 (47)
17:14:15.669639 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 89: 192.168.xxx.44.5528 > 192.168.xxx.96.53: 34608+ A? eu-prod-01-utm.soa.sophos.com. (47)
17:14:15.671692 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 105: 192.168.xxx.96.53 > 192.168.xxx.44.5528: 34608 1/0/0 A 54.77.84.45 (63)
17:14:15.672193 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 66: 192.168.xxx.44.37536 > 54.77.84.45.443: Flags [S], seq 516595310, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
17:14:15.672737 00:0c:29:21:c2:b7 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 66: 54.77.84.45.443 > 192.168.xxx.44.37536: Flags [S.], seq 43902033, ack 516595311, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
17:14:15.672971 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 60: 192.168.xxx.44.37536 > 54.77.84.45.443: Flags [.], ack 1, win 229, length 0
17:14:15.708885 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 66: 54.77.84.45.443 > 192.168.xxx.44.37536: Flags [S.], seq 3663535847, ack 516595311, win 17922, options [mss 1460,nop,nop,sackOK,nop,wscale 8], length 0
17:14:15.708987 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 60: 192.168.xxx.44.37536 > 54.77.84.45.443: Flags [.], ack 675333483, win 229, length 0
17:14:15.725101 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 571: 192.168.xxx.44.37536 > 54.77.84.45.443: Flags [P.], seq 1:518, ack 675333483, win 229, length 517
17:14:15.725220 00:0c:29:21:c2:b7 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 54: 54.77.84.45.443 > 192.168.xxx.44.37536: Flags [.], ack 518, win 237, length 0
17:14:15.745053 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 60: 54.77.84.45.443 > 192.168.xxx.44.37536: Flags [R], seq 43902034, win 0, length 0
17:14:15.761024 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 60: 54.77.84.45.443 > 192.168.xxx.44.37536: Flags [R], seq 43902034, win 0, length 0
17:14:15.830457 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 74: 52.18.180.21.443 > 192.168.xxx.44.54167: Flags [S.], seq 2763694158, ack 2044591030, win 17898, options [mss 1460,sackOK,TS val 267565435 ecr 368480041,nop,wscale 8], length 0
17:14:15.869152 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 66: 52.18.180.21.443 > 192.168.xxx.44.54167: Flags [.], ack 518, win 75, options [nop,nop,TS val 267565444 ecr 368480050], length 0
17:14:15.873065 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 1514: 52.18.180.21.443 > 192.168.xxx.44.54167: Flags [.], seq 1:1449, ack 518, win 75, options [nop,nop,TS val 267565445 ecr 368480050], length 1448
17:14:15.873169 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 1602: 52.18.180.21.443 > 192.168.xxx.44.54167: Flags [P.], seq 1449:2985, ack 518, win 75, options [nop,nop,TS val 267565445 ecr 368480050], length 1536
17:14:15.873574 00:0c:29:21:c2:b7 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 1502: 54.77.84.45.443 > 192.168.xxx.44.37536: Flags [P.], seq 675333483:675334931, ack 518, win 237, length 1448
17:14:15.873639 00:0c:29:21:c2:b7 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 1514: 54.77.84.45.443 > 192.168.xxx.44.37536: Flags [.], seq 675334931:675336391, ack 518, win 237, length 1460
17:14:15.873707 00:0c:29:21:c2:b7 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 130: 54.77.84.45.443 > 192.168.xxx.44.37536: Flags [P.], seq 675336391:675336467, ack 518, win 237, length 76
17:14:15.873924 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 60: 192.168.xxx.44.37536 > 54.77.84.45.443: Flags [R], seq 516595828, win 0, length 0
17:14:15.873996 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 60: 192.168.xxx.44.37536 > 54.77.84.45.443: Flags [R], seq 516595828, win 0, length 0
17:14:15.873999 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 60: 192.168.xxx.44.37536 > 54.77.84.45.443: Flags [R], seq 516595828, win 0, length 0
17:14:15.913465 e0:ce:c3:f5:58:f2 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 66: 52.18.180.21.443 > 192.168.xxx.44.54167: Flags [F.], seq 2985, ack 519, win 75, options [nop,nop,TS val 267565455 ecr 368480061], length 0
17:14:16.829549 00:0c:29:21:c2:b7 > 00:0c:29:dd:20:14, ethertype IPv4 (0x0800), length 54: 84.39.152.32.80 > 192.168.xxx.44.44124: Flags [F.], seq 1537311383, ack 665, win 239, length 0
17:14:16.869473 00:0c:29:dd:20:14 > e0:ce:c3:f5:58:f2, ethertype IPv4 (0x0800), length 60: 192.168.xxx.44.44124 > 84.39.152.32.80: Flags [.], ack 1537311384, win 365, length 0

From that I understand that the firewall has access to the internet and contact different server (52.28.130.115 and 52.18.180.21 and 54.77.84.45). From Whois these IP's belong to Amazon. But I have no clue why SSL connection fail.

Did anyone had the same problem and a solution or anyone has an idea how to solve the problem?

Thanks



This thread was automatically locked due to age.
  • 0

    Here is the output of the licensing.log

    INFO      Sep 17 16:11:25 [0]: --requestType = 6
    INFO      Sep 17 16:11:27 [0]: --requestType = 6
    INFO      Sep 17 16:11:37 [0]: --requestType = 6
    INFO      Sep 17 16:14:06 [0]: --requestType = 7
    INFO      Sep 17 16:14:07 [0]: --requestType = 1
    INFO      Sep 17 16:14:07 [0]: --serial = xxxxxxxxxxxxxxxx
    INFO      Sep 17 16:14:07 [0]: --deviceid = 9b059ab6-36ce-4842-ab8a-a8386cf746f8
    INFO      Sep 17 16:14:07 [0]: --model = SF01V
    INFO      Sep 17 16:14:07 [0]: --vendor = SO01
    INFO      Sep 17 16:14:07 [0]: --upgradedFrom = 0
    INFO      Sep 17 16:14:07 [0]: --fwversion = 15.01.0.447
    INFO      Sep 17 16:14:07 [0]: --cert = /_conf/certificate/licensing/mfgr_vendor_SO.pem
    INFO      Sep 17 16:14:07 [0]: --token = Token-Id:SO-D5C052A8
    INFO      Sep 17 16:14:07 [0]: --key = /_conf/certificate/licensing/mfgr_vendor_SO.key
    INFO      Sep 17 16:14:07 [0]: URL : eu-prod-utm.soa.sophos.com/.../applianceactivation
    INFO      Sep 17 16:14:07 [0]: request : { "serialNumber": "xxxxxxxxxxxxxxxx", "deviceId": "9b059ab6-36ce-4842-ab8a-a8386cf746f8", "model": "SF01V", "deviceFirmwareVersion": "15.01.0.447", "vendorCode": "SO01" }
    ERROR     Sep 17 16:14:13 [0]: curl_easy_perform(35) failed: SSL connect error
    ERROR     Sep 17 16:14:13 [0]: licensing_do_activation() : Problem in contacting Server
    { "statusmessage": "SSL connection error. SSL handshaking failed. Please contact Support.", "status": "35" }

  • 0

    Hi,

    Download the ISO file again and reinstall it on the VM, may be caused due to faulty installation.

    Hope this helps.

  • 0 in reply to MartinBergs

    HI Martin , 

    Thank you for the Log File .  As per the post above , I have checked and found that the TOKENID i.e. XXXXXXXXXX in serial (as per the currect logs) is missing which is your Appliance key . After installing the SFOS on VM machine you would need to make sure the the Virtual ethernet port have DHCP and able to communicate to the WAN . From Console try to ping any poular website  or to be specfic ping eu-prod-utm.soa.sophos.com. You must get a Reply in order to proceed further. Now if you see an option AA activation on the console after you logiin you must enter the Appliance Key received in your Mail box . 

    Note : The ISO received is not account bound , only the Appliance Key or Activation Key is . So if you have received the Appliance Key , first login onto your Sophos portal and Register the Device after the regsiteration wait for an hour and then Activate the device via AA on console.

    Thanks and Regards

    Aditya Patel | Network and Security Engineer. 

  • 0 in reply to Aditya Patel

    Hi Aditya

    Thank you for reply.

    I'm able to ping eu-prod-utm.soa.sophos.com from the console.

    I already saw the AA option and tried to activate but got the error message "Activation process failed. SSL connection error. SSL handshaking failed. Please contact Support."

    I have no Appliance Key received in my mail box but a serial number for my Sophos XG Firewall Home Edition.

    Do you have any other suggestion?

    Thanks

    Martin

  • 0 in reply to MartinBergs

    Hi Martin,

    Sophos XG is not able to contact the server, is there any firewall situated between XG and the internet? How is ISP line deployed on XG; via modem or direct connection. Did you try from a different ISP line?

    Thanks 

  • 0 in reply to MartinBergs

    HI Martin , 

    Seems as per the current snaps of the Logs the Serial Key is attached , Seems there is an issue  with the SSL connection with our servers from your system . Kindly , check if your Endpoint is disabled  during the Activation as the communication is monitored by System VM  . Secondly if not then try to open the same URL  in your Browsers and check the Certificate  of the Website. Verify if the certificate if it's the same as per the snaps provided.

    -------------------------------------------------------------Update -------------------------------------------------------

    I have just downloaded the Sophos Home and Registered the appliance from my VMware without any issue . SO there is definitely the issue on the communication from your system to our servers

     

    Thanks and Regards

    Aditya Patel | Network and Security Engineer.

  • 0 in reply to sachingurung

    Hi Sachingurung

    The WAN interface of the XG Firewall is connected via a switch to the perimeter firewall of the ISP. The perimeter firewall permit all outgoing connection and filter only incoming connection. The ISP link is a fiber connection and therefore the ISP firewall is needed.

    Thanks

    Martin

  • 0 in reply to Aditya Patel

    Hi Aditya

    Finally it work's.

    I reinstalled the image once more but didn't configure the LAN port to match the local requirements but used the default values till the activation was successful.

    But now I get an alert.

    Essential Firewall,Network Protection,Web Protection,Email Protection,Webserver Protection,Enhanced Support module(s) expired

    I expected that with a home user license  all modules should be enabled but all are expired.

    Thanks

    Martin

  • +1 in reply to MartinBergs

    Hi Martin,

    As I suggested it could be a faulty installation. Not sure if the LAN default settings had anything to do with that. For the licensing part, refer https://community.sophos.com/products/xg-firewall/f/137/t/10794 .

    Any help?