Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 1227 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SG125 - IPS FATAL error after applying backup on new hardware

Danscho

Hi Community.

I did a hardware refresh of a SG125.

Created a backup on my "old" appliance, started the new one, updated to the latest version and imported the backup.

After some time the connection to the internet got lost (could not resolve DNS queries) and I was wondering what happened so I checked the logs.
In the IPS log there is a fatal error:

"2021:04:15-18:12:03 gateway snort[20140]: FATAL ERROR: Failed to initialize dynamic preprocessor: SF_S7COMMPLUS version 1.0.1 (-1)"

Current FW: 9.705-3
Patterns: 197756

When I turn off IPS the system works fine.
I want to avoid reconfiguring the appliance.

Has anyone experienced this error and can help me?

Thank you,
Daniel



This thread was automatically locked due to age.
Parents
  • FormerMember
    FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Please check which ipsbundle package is currently installed on the device.

    ==> utm:/root # rpm -qa | grep ipsbundle

    Please share version details as well.

    ==> utm:/var/log # version

  • in reply to FormerMember

    Hi Yash Kothari.

    The ipsbundle version is: 
    u2d-ipsbundle2-9-407

    And the version details are:
    Current software version...: 9.705003
    Hardware type..............: 125r3

    Installation image.........: 9.702-1.1
    Installation type..........: ssi
    Installed pattern version..: 197775
    Downloaded pattern version.: 197775
    Up2Dates applied...........: 3 (see below)
    sys-9.702-9.703-1.3.3.tgz (Mar 5 18:19)
    sys-9.703-9.704-3.2.3.tgz (Mar 5 18:21)
    sys-9.704-9.705-2.3.1.tgz (Mar 5 18:22)
    Up2Dates available.........: 0
    Factory resets.............: 1
    Timewarps detected.........: 0

    Thank you,
    Daniel

  • FormerMember
    FormerMember in reply to Danscho

    Can you please force pattern update with the below command?

    utm:/root # auisys.plx -nosys

  • in reply to FormerMember

    Hi Yash Kothari.
    Output from the command (running as root):  
    auisys.plx -nosys --verbose
    'verbose' mode implicits set noqueue option!
    no HA system or cluster node
    waiting for db_verify to return (30 seconds max)
    not cleaning /var/up2date/sys-install in --nosys mode
    removing '/var/up2date/appctrl43-install'
    removed directory: `/var/up2date/appctrl43-install'
    removing '/var/up2date/aptp-install'
    removed directory: `/var/up2date/aptp-install'
    removing '/var/up2date/cadata-install'
    removed directory: `/var/up2date/cadata-install'
    removing '/var/up2date/geoip-install'
    removed directory: `/var/up2date/geoip-install'
    removing '/var/up2date/ipsbundle2-install'
    removed directory: `/var/up2date/ipsbundle2-install'
    removing '/var/up2date/man9-install'
    removed directory: `/var/up2date/man9-install'
    removing '/var/up2date/ohelp9-install'
    removed directory: `/var/up2date/ohelp9-install'
    Starting Up2Date Package Installer
    No suitable packages of type <man9> found, skipping
    No suitable packages of type <appctrl43> found, skipping
    No suitable packages of type <ohelp9> found, skipping
    No suitable packages of type <aptp> found, skipping
    No suitable packages of type <cadata> found, skipping
    No suitable packages of type <geoip> found, skipping
    No suitable packages of type <ipsbundle2> found, skipping
    Up2Date Package Installer finished, exiting
    Unfortunately nothing has changed.
    Thanks,
    Daniel

  • in reply to Danscho

    Hallo Daniel,

    I would be tempted to re-image with the 9.705 hardware ISO and then restore again.  If that doesn't resolve this, you may have a dead 125.  Please let us know what happens.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    Hi BAlfson.

    Thanks I will give it a shot. Just had to buy a external CD drive to go the officially supported way :-).

    I will update this post with my results.

  • in reply to Danscho

    The re-imaging did the trick.

    After that I was able to restore the backup and everything is working again.

    Thanks a lot for your help.

Reply Children
No Data
Unfiltered HTML