Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 2381 views
  • Users 0 members are here
Options
Suggested

"No records found" at the SSL/TLS Inspection Rules Tab after adding multiple Rules.

Prism

Hello!

I'm currently running a XG 115w Rev.3 on v19 EAP 1.

After adding multiple TLS Inspection Rules, the admin interface stopped showing any rules and now only returns "No records found".

Even if I add a new Rule, it won't be shown in the interface but will work as expected.

I've been fiddling within the logs but I couldn't find anything useful on it besides this snippet:

XG115w_XN03_SFOS 19.0.0 EAP1-Build244# tail -f /log/applog.log
Dec 23 13:16:33Z
->input_string=ssl_curr_summary,hourly,N/A
Dec 23 13:16:41Z apiInterface:: Deleting Entity and Event for legacy mode base operation
Dec 23 13:16:42Z Request type = 1
Dec 23 13:16:42Z apiInterface:versionsupported: true.
Dec 23 13:16:42Z apiInterface:request mode -> 2836.
Dec 23 13:16:42Z apiInterface:Current ver :::'1900.1'
Dec 23 13:16:42Z apiInterface:entityjson::::::::HASH(0x9e91e30)
Dec 23 13:16:42Z Info:: Transaction will not be rolled back for opcode get_tls_rule_bandwidth_info. If any operation fails, request is part of multiple request :
Dec 23 13:16:42Z get_tls_rule_bandwidth_info

Is there any log file where I can find the reason on why the WebUI stopped showing the rules?

Thanks!



Fixed Thread Name.
[edited by: Prism at 1:19 PM (GMT -8) on 23 Dec 2021]
Parents Reply Children
  • 0 in reply to LuCar Toni

    Thanks, hopefully this can be fixed before the official release.

    Looking at CSC I've found these (ERROR) lines being generated every time I do something over the SSL/TLS Inspection Tab:

    DEBUG     Dec 24 10:54:57Z  [getvalidcacerts:23813]: log_exec: Command: /bin/certverify /conf/certificate/cacerts /conf/certificate/cacerts/Default.pem
ERROR     Dec 24 10:54:57Z  [getvalidcacerts:23813]: log_exec: Failed Command: /bin/certverify /conf/certificate/cacerts /conf/certificate/cacerts/Default.pem
DEBUG     Dec 24 10:54:57Z  [getvalidcacerts:23813]: log_exec: Command: /bin/certverify /conf/certificate/cacerts /conf/certificate/cacerts/SecurityAppliance_SSL_CA.pem
ERROR     Dec 24 10:54:57Z  [getvalidcacerts:23813]: csc_execve: Child exited with status 101
ERROR     Dec 24 10:54:57Z  [getvalidcacerts:23813]: log_exec: Failed Command: /bin/certverify /conf/certificate/cacerts /conf/certificate/cacerts/SecurityAppliance_SSL_CA.pem
INFO      Dec 24 10:54:57Z  [getvalidcacerts:23813]: create_act_out_perl_obj: varname=out
INFO      Dec 24 10:54:57Z  [getvalidcacerts:23813]: create_act_out_perl_obj: out.status=101
INFO      Dec 24 10:54:57Z  [getvalidcacerts:23813]: FORLOOP condition false
DEBUG     Dec 24 10:54:57Z  [getvalidcacerts:23813]: destroy_db_handle_pl: Destroying DBI DB handle.
INFO      Dec 24 10:54:57Z  [getvalidcacerts:23813]: opcode 'getvalidcacerts': time taken: 0.349907818 seconds

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    I couldn't find the reason on why this is happening, but I've managed to replicate It on a virtual machine.

    One cool thing about this, if you try to create two rules with the same name, even that they don't show in the WebUI or work as expected, the interface will warn you there's already a rule with the same name.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    This issue is being tracked with NC-83395.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    The Dev team has been able to find the cause of this issue.

    Here is a snippet from the e-mail I have received:

    "The underlying cause has to do with using an apostrophe (as in Don’t) and using “Add rule above/below”.

    After repairing the box, please do not create any rules with apostrophe in order to avoid this until we can get a fix."

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • +1 in reply to Prism

    Thanks for letting me track this down on your box, Prism.

    It seems that when rules have special characters (such as apostrophe) and then do certain operations (Add below, move) there is a problem.  This also exists in 18.5, but the EAP always means people are changing and reconfiguring and trying new things which means it was hit a few times.

    If anyone has this specific problem (cannot see any rules in the TLS Rules tab) please raise a ticket with Support and reference NC-79417.  If you cannot use support, you can send me a message in PM and I can repair their box.

Unfiltered HTML