Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 1067 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrade to 9.209-8: Endpoint Protection Problems

FamilyHart
Upgraded to 9.209-8 yesterday

Added a Server this morning, and Endpoint Protection on the UTM did not see it.  In addition, other servers are not shown as online in EndPoint Protection and not talking to Sophos LiveConnect.  In Live Log am seeing looping of the following.

2014:10:30-14:19:06 F1 epsecd[5078]: I id="4210" severity="info" sys="System" sub="epsecd" name="Sleeping for 240 seconds" 

2014:10:30-14:23:53 F1 epsecd[5078]: W id="424200" severity="warn" sys="System" sub="epsecd" name="Timeout starting SSL session." 

2014:10:30-14:23:53 F1 epsecd[5078]: >========================================================================= 

2014:10:30-14:23:53 F1 epsecd[5078]: E id="4281" severity="crit" sys="System" sub="epsecd" name="Unexpected error: Timeout starting SSL session. at /Epsec/Logic/Client.pm line 184." effect="Can't talk to Sophos LiveConnect" 

2014:10:30-14:23:53 F1 epsecd[5078]: 

2014:10:30-14:23:53 F1 epsecd[5078]: 1. Epsec::Utils::Logging::_log:59() /Epsec/Utils/Logging.pm 

2014:10:30-14:23:53 F1 epsecd[5078]: 2. Epsec::Logic::Client:[:$]n_error:1458() /Epsec/Logic/Client.pm 

2014:10:30-14:23:53 F1 epsecd[5078]: 3. Epsec::Logic::Base::run:60() /Epsec/Logic/Base.pm 

2014:10:30-14:23:53 F1 epsecd[5078]: 4. main::top-level:63() client.pl


This thread was automatically locked due to age.
Parents
  • 0
    If this is a commercially-licensed installation, I'd recommend starting a support case with Sophos (this forum is meant for hobbyists, etc. -- while Sophos employees do peruse these forums from time to time, they don't provide direct support via these forums).

    If not .. 2 thoughts come to mind.

    1)  the cloud broker server that your system is trying to contact is down or is having trouble -- I've seen this before and it's typically back up and running in about 24 hours most of the time on its own.

    2)  If you have country blocking enabled in your UTM, it can at times block access to the cloud broker server -- realize that when you initialize endpoint on the UTM, it doesn't necessarily pick a group of broker services near your geographic location.  Most of my customers are in the USA, and many of them seem to be using Germany or Signapore locales for the Broker Services FQDN.  I've fixed many "down" broker connections by tweaking the Country Blocking configuration in the UTM.  I've recommended to Sophos that they whitelist (internally) the broker services used when it's enabled, but that has not been done yet.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0
    If this is a commercially-licensed installation, I'd recommend starting a support case with Sophos (this forum is meant for hobbyists, etc. -- while Sophos employees do peruse these forums from time to time, they don't provide direct support via these forums).

    If not .. 2 thoughts come to mind.

    1)  the cloud broker server that your system is trying to contact is down or is having trouble -- I've seen this before and it's typically back up and running in about 24 hours most of the time on its own.

    2)  If you have country blocking enabled in your UTM, it can at times block access to the cloud broker server -- realize that when you initialize endpoint on the UTM, it doesn't necessarily pick a group of broker services near your geographic location.  Most of my customers are in the USA, and many of them seem to be using Germany or Signapore locales for the Broker Services FQDN.  I've fixed many "down" broker connections by tweaking the Country Blocking configuration in the UTM.  I've recommended to Sophos that they whitelist (internally) the broker services used when it's enabled, but that has not been done yet.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
  • 0 in reply to BrucekConvergent
    Hello, 
    We have recently upgraded one UTM220 to SG310 and thought the problem with the "offline" clients comes from a new UUID assignment.
    But looking at the live log, showing exactly the same lines as stated above, we now think that the cloud broker service is down. Again. 
    This happens regularly, but - you know - it adds confusion. 
    Hopefully the service will be back up soon, but we already had up to three days of outage. 

    Best regards, 
    SM
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?