Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 28 replies
  • Subscribers 3 subscribers
  • Views 13009 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Clients not showing up in Web-IF

scorpionking
Hi!

As the Beta forum is closed now I'm posting in this section again:

I configured EP a few days ago and installed the Client on 5 machines. Although the installation went fine and the clients are getting signature updates, they do not show up in the UTM. The "Manage Computers" tab is empty!

On the Main Screen of Endpoint Protection category in the UTM-Web-IF it states: 
Sophos LiveConnect is disabled. 0 computers registered out of 12 licensed, 0 computers are currently online.


The UTM EP log frequently shows errors 4280 and 4281: 
2012:07:25-12:41:28 vpn-2 epsecd[29781]:  id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 300 seconds"

2012:07:25-12:42:42 vpn-1 epsecd[2726]: I Epsec::Utils::Logging::_log:59() => id="4202" severity="info" sys="System" sub="epsecd" name="Run initialization database"

2012:07:25-12:42:42 vpn-1 epsecd[2726]: I Epsec::Utils::Logging::_log:59() => id="4247" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM with the Broker"

2012:07:25-12:42:42 vpn-1 epsecd[2726]: D Epsec::Utils::Logging::_log:59() => id="4208" severity="debug" sys="System" sub="epsecd" name="User triggered changes in webadmin"

2012:07:25-12:42:43 vpn-1 epsecd[2726]: W Epsec::Utils::Logging::_log:59() => id="4212" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"

2012:07:25-12:42:43 vpn-1 epsecd[2726]: D Epsec::Utils::Logging::_log:59() => id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 300 seconds"

2012:07:25-12:46:28 vpn-2 epsecd[29781]: D Epsec::Utils::Logging::_log:59() => id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 22 seconds"

2012:07:25-12:47:10 vpn-2 epsecd[29781]: >=========================================================================

2012:07:25-12:47:10 vpn-2 epsecd[29781]: E id="4280" severity="critical" sys="System" sub="epsecd" name="Error creating socket" ssl_errstr="IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)" syscall_error="Invalid argument"

2012:07:25-12:47:10 vpn-2 epsecd[29781]:

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 1. Epsec::Utils::Logging::_log:59() /Epsec/Utils/Logging.pm

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 2. Epsec::Logic::Client::_start:77() /Epsec/Logic/Client.pm

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 3. Epsec::Logic::Client:[:$]n_load:40() /Epsec/Logic/Client.pm

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 4. (eval):53() /Epsec/Logic/Base.pm

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 5. Epsec::Logic::Base::run:52() /Epsec/Logic/Base.pm

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 6. main::top-level:62() client.pl

2012:07:25-12:47:30 vpn-2 epsecd[29781]: |=========================================================================

2012:07:25-12:47:30 vpn-2 epsecd[29781]: E id="4281" severity="critical" sys="System" sub="epsecd" name="No internet connection. at /Epsec/Logic/Client.pm line 89." effect="Can't talk to Sophos LiveConnect"

2012:07:25-12:47:30 vpn-2 epsecd[29781]:

2012:07:25-12:47:30 vpn-2 epsecd[29781]: 1. Epsec::Utils::Logging::_log:59() /Epsec/Utils/Logging.pm

2012:07:25-12:47:30 vpn-2 epsecd[29781]: 2. Epsec::Logic::Client:[:$]n_error:1039() /Epsec/Logic/Client.pm

2012:07:25-12:47:30 vpn-2 epsecd[29781]: 3. Epsec::Logic::Base::run:60() /Epsec/Logic/Base.pm

2012:07:25-12:47:30 vpn-2 epsecd[29781]: 4. main::top-level:62() client.pl

2012:07:25-12:47:30 vpn-2 epsecd[29781]:  id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 240 seconds"

2012:07:25-12:47:44 vpn-1 epsecd[2726]: I Epsec::Utils::Logging::_log:59() => id="4202" severity="info" sys="System" sub="epsecd" name="Run initialization database"

2012:07:25-12:47:44 vpn-1 epsecd[2726]: I Epsec::Utils::Logging::_log:59() => id="4247" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM with the Broker"

2012:07:25-12:47:44 vpn-1 epsecd[2726]: D Epsec::Utils::Logging::_log:59() => id="4208" severity="debug" sys="System" sub="epsecd" name="User triggered changes in webadmin"

2012:07:25-12:47:46 vpn-1 epsecd[2726]: W Epsec::Utils::Logging::_log:59() => id="4212" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"

2012:07:25-12:47:46 vpn-1 epsecd[2726]: D Epsec::Utils::Logging::_log:59() => id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 300 seconds" 


The internet connection is working fine, at least I do not have any client problems in accessing the internet.
The UTM Web Protection is configured in Standard Mode. The Sophos Broker Exceptions are present.

I'm using a home license and reapplied my 8.305 backup after a fresh install of the UTM9 GA release.

What is wrong here?

Thanks for any help!
scorpionking


This thread was automatically locked due to age.
Parents
  • 0
    Create a packet filter rule that allows HTTPS and HTTP (probably only need https, but I added http in for good measure) outbound from these clients to all.broker.sophos.com (this definition was pre-defined on my V9 system -- if it's not on yours, it's a DNS group, should list about 5 IPs) --- they have to "phone home" for the UTM to pick them up.  I though there was supposed to be an automatic rule defined, but with my upgrade, I did not see it, so I made one of my own.

    If you are using transparent HTTP/S proxy, you'll want to check and make sure the built-in exception for the broker services is enabled.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Thanks for your answer.
    At the moment HTTP and HTTPS is allowed for the whole internal net via Firewall rule. So this should be ok.
    The predefined proxy exceptions also exist although I'm not using the transparent proxy for HTTPS.

    Any other suggestions?

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Reply
  • 0 in reply to BrucekConvergent
    Thanks for your answer.
    At the moment HTTP and HTTPS is allowed for the whole internal net via Firewall rule. So this should be ok.
    The predefined proxy exceptions also exist although I'm not using the transparent proxy for HTTPS.

    Any other suggestions?

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Children
  • 0 in reply to scorpionking
    Well, given the wierdness I've been seeing the past couple of days with the Broker service... I'd uninstall the client software (totally... after the uninstall, delete the Sophos Folder in C:\ProgramData), and, in the UTM, reset the Registration Token... then try again with one system.

    Actually -- one other thought -- do you have country blocking enabled?  Try it with it disabled.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Did that already, but didn't help...

    I do not have country blocking enabled.

    Any other thoughts?

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking
    Do you have any firewalls upstream of your UTM that might be blocking it from reaching the broker servers?  Other than that, maybe the DB that EPSEC is looking at locally is broken, maybe try backing up your config and reinstall?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?