Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 28 replies
  • Subscribers 3 subscribers
  • Views 13010 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Clients not showing up in Web-IF

scorpionking
Hi!

As the Beta forum is closed now I'm posting in this section again:

I configured EP a few days ago and installed the Client on 5 machines. Although the installation went fine and the clients are getting signature updates, they do not show up in the UTM. The "Manage Computers" tab is empty!

On the Main Screen of Endpoint Protection category in the UTM-Web-IF it states: 
Sophos LiveConnect is disabled. 0 computers registered out of 12 licensed, 0 computers are currently online.


The UTM EP log frequently shows errors 4280 and 4281: 
2012:07:25-12:41:28 vpn-2 epsecd[29781]:  id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 300 seconds"

2012:07:25-12:42:42 vpn-1 epsecd[2726]: I Epsec::Utils::Logging::_log:59() => id="4202" severity="info" sys="System" sub="epsecd" name="Run initialization database"

2012:07:25-12:42:42 vpn-1 epsecd[2726]: I Epsec::Utils::Logging::_log:59() => id="4247" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM with the Broker"

2012:07:25-12:42:42 vpn-1 epsecd[2726]: D Epsec::Utils::Logging::_log:59() => id="4208" severity="debug" sys="System" sub="epsecd" name="User triggered changes in webadmin"

2012:07:25-12:42:43 vpn-1 epsecd[2726]: W Epsec::Utils::Logging::_log:59() => id="4212" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"

2012:07:25-12:42:43 vpn-1 epsecd[2726]: D Epsec::Utils::Logging::_log:59() => id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 300 seconds"

2012:07:25-12:46:28 vpn-2 epsecd[29781]: D Epsec::Utils::Logging::_log:59() => id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 22 seconds"

2012:07:25-12:47:10 vpn-2 epsecd[29781]: >=========================================================================

2012:07:25-12:47:10 vpn-2 epsecd[29781]: E id="4280" severity="critical" sys="System" sub="epsecd" name="Error creating socket" ssl_errstr="IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)" syscall_error="Invalid argument"

2012:07:25-12:47:10 vpn-2 epsecd[29781]:

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 1. Epsec::Utils::Logging::_log:59() /Epsec/Utils/Logging.pm

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 2. Epsec::Logic::Client::_start:77() /Epsec/Logic/Client.pm

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 3. Epsec::Logic::Client:[:$]n_load:40() /Epsec/Logic/Client.pm

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 4. (eval):53() /Epsec/Logic/Base.pm

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 5. Epsec::Logic::Base::run:52() /Epsec/Logic/Base.pm

2012:07:25-12:47:10 vpn-2 epsecd[29781]: 6. main::top-level:62() client.pl

2012:07:25-12:47:30 vpn-2 epsecd[29781]: |=========================================================================

2012:07:25-12:47:30 vpn-2 epsecd[29781]: E id="4281" severity="critical" sys="System" sub="epsecd" name="No internet connection. at /Epsec/Logic/Client.pm line 89." effect="Can't talk to Sophos LiveConnect"

2012:07:25-12:47:30 vpn-2 epsecd[29781]:

2012:07:25-12:47:30 vpn-2 epsecd[29781]: 1. Epsec::Utils::Logging::_log:59() /Epsec/Utils/Logging.pm

2012:07:25-12:47:30 vpn-2 epsecd[29781]: 2. Epsec::Logic::Client:[:$]n_error:1039() /Epsec/Logic/Client.pm

2012:07:25-12:47:30 vpn-2 epsecd[29781]: 3. Epsec::Logic::Base::run:60() /Epsec/Logic/Base.pm

2012:07:25-12:47:30 vpn-2 epsecd[29781]: 4. main::top-level:62() client.pl

2012:07:25-12:47:30 vpn-2 epsecd[29781]:  id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 240 seconds"

2012:07:25-12:47:44 vpn-1 epsecd[2726]: I Epsec::Utils::Logging::_log:59() => id="4202" severity="info" sys="System" sub="epsecd" name="Run initialization database"

2012:07:25-12:47:44 vpn-1 epsecd[2726]: I Epsec::Utils::Logging::_log:59() => id="4247" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM with the Broker"

2012:07:25-12:47:44 vpn-1 epsecd[2726]: D Epsec::Utils::Logging::_log:59() => id="4208" severity="debug" sys="System" sub="epsecd" name="User triggered changes in webadmin"

2012:07:25-12:47:46 vpn-1 epsecd[2726]: W Epsec::Utils::Logging::_log:59() => id="4212" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"

2012:07:25-12:47:46 vpn-1 epsecd[2726]: D Epsec::Utils::Logging::_log:59() => id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 300 seconds" 


The internet connection is working fine, at least I do not have any client problems in accessing the internet.
The UTM Web Protection is configured in Standard Mode. The Sophos Broker Exceptions are present.

I'm using a home license and reapplied my 8.305 backup after a fresh install of the UTM9 GA release.

What is wrong here?

Thanks for any help!
scorpionking


This thread was automatically locked due to age.
Parents
  • 0
    There is a DEFINED OBJECT in Menu>Definitions and Users >Network Definitions   called Sophos LiveConnect  it DNS resolves to     all.broker.sophos.com

    Can you "ping it from a PC that has the EP on it ?

    If not the "call home" Broker won't work... as Bruce says there isn't an UPSTREAM filter / Block is there ?
  • 0 in reply to RufusToofus
    I had this same issue, so I uninstalled the clients, generated a new token, downloaded the full client, and everything is working for me now.
  • 0 in reply to HobyBrenner
    I have a separate Router/Firewall in front of the UTM (from my provider, does also do VoIP), but the UTM is defined as "Exposed Host" so every traffic from outside is passed to the UTM's WAN port...

    I can ping the DNS group all.broker.sophos.com from every client in my network.

    I had this same issue, so I uninstalled the clients, generated a new token, downloaded the full client, and everything is working for me now.

    As I wrote above I already did this more than once. Sadly this didn't fix it for me.

    I more have the feeling that the UTM has some kind of problem connecting/registering at the broker service.

    At the weekend I will try it with a separate DSL modem instead of the provider router to avoid the double NAT.
    I will let you know the result...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Reply
  • 0 in reply to HobyBrenner
    I have a separate Router/Firewall in front of the UTM (from my provider, does also do VoIP), but the UTM is defined as "Exposed Host" so every traffic from outside is passed to the UTM's WAN port...

    I can ping the DNS group all.broker.sophos.com from every client in my network.

    I had this same issue, so I uninstalled the clients, generated a new token, downloaded the full client, and everything is working for me now.

    As I wrote above I already did this more than once. Sadly this didn't fix it for me.

    I more have the feeling that the UTM has some kind of problem connecting/registering at the broker service.

    At the weekend I will try it with a separate DSL modem instead of the provider router to avoid the double NAT.
    I will let you know the result...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Children
  • 0 in reply to scorpionking
    Ping isn't necessarily the end-all be-all for diagnosing this.... since you do have an upstream router, I'd almost certainly bet it has a hand in this game --- can you access the logs on that box?  As an example, the seriously "quirky" 2-Wire 3600 gateway that comes with U-Verse service, by default, mangles a lot of legit traffic... it takes some "adjustments" (frankly I wanted to use a hammer on it) to make it pass traffic without molesting it.  My guess is your upstream router is mangling / blocking the HTTPS communication used to talk to the Broker service.  Updates use plain HTTP, hence why they might work while the broker updates don't.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    I'm pretty sure it doesn't block standard HTTPS. It's a AVM FritzBox, I'm living in Germany...

    But to become sure I will try it directly with a modem at the weekend.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking
    I'm pretty sure it doesn't block standard HTTPS. It's a AVM FritzBox, I'm living in Germany...

    But to become sure I will try it directly with a modem at the weekend.


    Be sure to let us know what you find... I can't think of what else it could be.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Bad news:
    I have reconfigured the WAN port. It now runs PPPoE directly with a simple ADSL modem.
    But that didnt' change much. [:(]

    I still can't see any client online in the Web interface. At the moment i have 6 clients installed in my network. All are getting signature updates.

    On the Endpoint Protection Status page it still says "LiveConnect ist disabled":


    The EP log shows the following messages every 5 minutes, is this OK? 
    2012:08:04-12:57:42 vpn epsecd[10403]: I Epsec::Utils::Logging::_log:59() => id="4202" severity="info" sys="System" sub="epsecd" name="Run initialization database"

    2012:08:04-12:57:42 vpn epsecd[10403]: I Epsec::Utils::Logging::_log:59() => id="4247" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM with the Broker"

    2012:08:04-12:57:42 vpn epsecd[10403]: D Epsec::Utils::Logging::_log:59() => id="4208" severity="debug" sys="System" sub="epsecd" name="User triggered changes in webadmin"

    2012:08:04-12:57:43 vpn epsecd[10403]: W Epsec::Utils::Logging::_log:59() => id="4212" severity="warn" sys="System" sub="epsecd" name="Quit recieved from Sophos LiveConnect"

    2012:08:04-12:57:43 vpn epsecd[10403]: D Epsec::Utils::Logging::_log:59() => id="4210" severity="debug" sys="System" sub="epsecd" name="Sleeping for 300 seconds" 


    The only good news is: I don't get the "no internet connection" message any more...

    Any further ideas on this?

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?