Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 15542 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No access to Sophos WEB after Restore

Roger Wolf

Hello All

I face the problem that i have no Access to the Sophos WEB Portal to manage the firewall after restoring the configuration.

Some special roules that apply:

Backup from Sophos XG Virtual Appliance Home Edition.

Restore to Sophos XG215 physical Appliance. (with licence and sync)

The backup restore compatibility check says that this should be supported. With the following limitations:

The restore destination must have equal or more NICs. And the Version must be qual or higher.

The Virtual Appliance has 3 NICs, the HW got 8. The FW Version ist the latest on both.

After restoring the Backup the appliance makes a reboot and sends the Gateway up message via mail (WAN seems to be ok) (FW is not working -> no access from LAN to WAN.)

The LAN interface is issuing DHCP request. But the WEB is not accessible. Ping is not possible. (COM Console is working and showing the correct NIC settings on the LAN NIC).

How has got an idea how i can restore the settings?

Thanks for all tips.

Cheers Roger



This thread was automatically locked due to age.
Parents
  • 0

    Off the top of my head, make sure that in the Network \ Interfaces each interface is properly declared as WAN, LAN, etc.  Make sure that each firewall rule correctly specifies the source and destinations zones and has the HTTP/HTTPS in Services (and perhaps temporarily try Any->Any to debug).  Also go to Administration, Device Access and review that the services you are trying to use are enabled for the zones you are connecting from.

  • 0 in reply to Michael Dunn

    Hello Michael

    Thanks for your tip. There is no way to control this settings after restoring the configuration. (no access to the Web interface) So I believe you mean that I should check the in the virtual appliance before I do the restore. Correct?

    To me the interface assignment looks ok.

     

    Maybe it makes sense to delete all firewall rules and create a new config backup to try a restore with less configuration.

  • 0 in reply to Roger Wolf

    Sorry, I had though you were having problems accessing the web proxy and user portal.  I did not realize you could not access the WebAdmin at all.

    You should still be able to access the system through keyboard/mouse (VMWare console).  Perhaps playing with the network settings in there.

    Make sure that on the system that you back up and the system that you restore that the interfaces are the same.  You need the same interfaces, connected to the same networks.  For example, if eth1 was your WAN connection, it needs to still be your WAN connection on the VM console you restore to.

     

Reply
  • 0 in reply to Roger Wolf

    Sorry, I had though you were having problems accessing the web proxy and user portal.  I did not realize you could not access the WebAdmin at all.

    You should still be able to access the system through keyboard/mouse (VMWare console).  Perhaps playing with the network settings in there.

    Make sure that on the system that you back up and the system that you restore that the interfaces are the same.  You need the same interfaces, connected to the same networks.  For example, if eth1 was your WAN connection, it needs to still be your WAN connection on the VM console you restore to.

     

Children
  • 0 in reply to Michael Dunn

    Hello Michael

    Thanks for the help so fare.

    Look like all Interfaces are the same in the VM as well the physical appliance.

    1) LAN

    2) WAN

    3) DMZ

     

    I can see over the COM Port that the IP's assigned to the Ports are correct. LAN is fix in the config and WAN set to DHCP.

    Rebooting the appliance will issue the gateway up eMail. And the LAN Port is issuing IP's on DHCP requests.

    It looks like the Interface assignment is fine.

    Are the any log's that can be accessed via COM Port to get more details?

    Cheers Roger

  • 0 in reply to Roger Wolf

    Hello All

     

    Any other Ideas?

     

    Thanks

    Roger