This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iOS client disconnected immediately when device go to standby

Hello,

I'm currently facing a problem with the iOS Client connected to V16 Sophos XG : when I'm using the authentication Agent to login, it is only working when the device is awake. As soon as it is going to standby, the client is disconnected and the device does not have access to internet anymore. This is very annoying especially for background application like software update or email.

Login through the ios web browser does not exhibit this kind of problem, the client stay connected when the device is going to standby.

On Android platform, the client is not disconnected when going to standby.

Is it a setting for this? Or is it a bug ?

This thread was automatically locked due to age.

0 lferrara over 8 years ago

Philippe,

are you saving the password inside the network agent?
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to lferrara
Philippe,

can you connect to XG and type the following command?

service access_server:debug -ds nosync

and then:

tail -f /var/log/access_server.log

Post the output while your mobile goes to standby.

then run again the "service access_server:debug -ds nosync" command to stop debugging.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 PhilippeGressier over 8 years ago in reply to lferrara

of course :)
Cancel
Vote Up 0 Vote Down

Cancel

0 PhilippeGressier over 8 years ago in reply to lferrara

Hello
I'm sorry but there are no log files actually :

SFVH_VM01_SFOS 16.01.2# service access_server:debug -ds nosync                                      
200 OK                                                                                              
SFVH_VM01_SFOS 16.01.2# tail -f /var/log/access_server.log                                          
tail: can't open '/var/log/access_server.log': No such file or directory                            
tail: no files                                                                                      
SFVH_VM01_SFOS 16.01.2# service access_server:debug -ds nosync                                      
200 OK                                                                                              
SFVH_VM01_SFOS 16.01.2# tail -f /var/log/access_server.log                                          
tail: can't open '/var/log/access_server.log': No such file or directory                            
tail: no files                                                                                      
SFVH_VM01_SFOS 16.01.2#    

Let me know if I can run another command

Regards

0 PhilippeGressier over 8 years ago in reply to lferrara

Hello

I'm sorry but there are no logs :

SFVH_VM01_SFOS 16.01.2# service access_server:debug -ds nosync                                      
200 OK                                                                                              
SFVH_VM01_SFOS 16.01.2# tail -f /var/log/access_server.log                                          
tail: can't open '/var/log/access_server.log': No such file or directory                            
tail: no files                                                                                      
SFVH_VM01_SFOS 16.01.2# tail -f /var/log/access_server.log                                          
tail: can't open '/var/log/access_server.log': No such file or directory                            
tail: no files                                                                                      
SFVH_VM01_SFOS 16.01.2# service access_server:debug -ds nosync                                      
200 OK                                                                                              
SFVH_VM01_SFOS 16.01.2# tail -f /var/log/access_server.log                                          
tail: can't open '/var/log/access_server.log': No such file or directory                            
tail: no files                                                                                      
SFVH_VM01_SFOS 16.01.2#

If I look to authentication logs, I've got these messages:

2016-12-04 15:07:39	Firewall Authentication	SUCCESSFUL	test	192.168.1.14	iOS Client	N/A	User update was logged out of firewall	17703	Open PCAP
2016-12-04 15:07:15	Firewall Authentication	SUCCESSFUL	test	192.168.1.14	iOS Client	Local	User update of group Update Group logged in successfully to Firewall through Local authentication mechanism from 192.168.33.14	17701	Open PCAP

Let me know If I can run another command

Regards

0 lferrara over 8 years ago in reply to PhilippeGressier

Philippe,

you are in the wrong directory:

/var/tslog and not var/log

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 PhilippeGressier over 8 years ago in reply to lferrara

FVH_VM01_SFOS 16.01.2# tail -f /var/tslog/access_server.log
MESSAGE   Dec 04 19:23:08 [4144125760]: (CA_keep_alive): Sending PING to toto
MESSAGE   Dec 04 19:23:08 [4144125760]: (process_command): PONG 362 from toto
MESSAGE   Dec 04 19:23:18 [4144125760]: (process_command): Client type is IOS
MESSAGE   Dec 04 19:23:18 [4144125760]: (CA_authentication_result): User test authenticated (CA)
ERROR     Dec 04 19:23:18 [4135574336]: config_resolve_bwid: BW Policy 0 not found
MESSAGE   Dec 04 19:23:18 [4144125760]: (process_command): Received IP for user test: 192.168.33.1
4
MESSAGE   Dec 04 19:23:32 [4144125760]: Toggling log level to: MAX
DEBUG     Dec 04 19:23:32 [4144125760]: (CA_epoll_wait): returning -1
DEBUG     Dec 04 19:23:32 [4144125760]: (do_epoll): Waiting for events
DEBUG     Dec 04 19:23:32 [4144125760]: (CA_epoll_wait): timeout=45000, time_to_keep_alive=21000
DEBUG     Dec 04 19:23:38 [4144125760]: (CA_epoll_wait): returning 1
ERROR     Dec 04 19:23:38 [4144125760]: (process_command): Failed to read from SSL socket: len 0 5
MESSAGE   Dec 04 19:23:38 [4144125760]: (CA_disconnect_user): Will disconnect user test
DEBUG     Dec 04 19:23:38 [4144125760]: (new_livereq_data): _livereq_data=0x98e8870
DEBUG     Dec 04 19:23:38 [4144125760]: sqlite_db_handle_request: req_type:6, query:SELECT liveuseri
d, tblliveuser.userid, groupid, username, name, starttime, lastlivetime, isactive, groupid, squotapo
licy, accesspolicy, bwpolicy, datatransferpolicy, lastusedtime, usedminutes, cycleusedminutes, renew
date, upload, download, cycleupload, cycledownload, message, macaddress, clienttype, address_family,
authserverid FROM tblliveuser, tblliveuseraccounting WHERE ipaddress = '192.168.1.14' AND clientty
pe != 5 AND tblliveuser.userid = tblliveuseraccounting.userid
DEBUG     Dec 04 19:23:38 [4144125760]: sqlite_db_handle_get_liveuserinfo: row count: 1
DEBUG     Dec 04 19:23:38 [4144125760]: sqlite_db_handle_get_liveuserinfo: column:'liveuserid', value:'1'
DEBUG     Dec 04 19:23:38 [4144125760]: sqlite_db_handle_get_liveuserinfo: column:'userid', value:'12'
DEBUG     Dec 04 19:23:38 [4144125760]: sqlite_db_handle_get_liveuserinfo: column:'groupid', value:'
Cancel
Vote Up 0 Vote Down

Cancel
0 varunparikh over 8 years ago in reply to PhilippeGressier

Hello Philippe

Hope you are well. Just a quick one, I am sure you might have checked it though but still verifying.

iOS 10 does restrict background activity, can you ensure that the app is allowed to do transfer in background (background activity is turned on?)

Settings > General > Background app refresh
Cancel
Vote Up 0 Vote Down

Cancel
0 PhilippeGressier over 8 years ago in reply to varunparikh

Hello,

I checked and The Network Agent is not available in the background apps on both my iPhone and my ipad ☹️️

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to PhilippeGressier

I confirm what Philippe is writing. Anyway network agent works if it is opened otherwise it will stop working. I think that network agent should work in background when a recognized wifi network is used. I even opened a feature request on ideas.sophos.com

Vote it!

Thanks
Cancel
Vote Up 0 Vote Down

Cancel