LAG Load Balancing

May 5, 2013, 7:10 pm

≫ Next: Update auf 9.1

≪ Previous: Have 2 Internet Links - SMTP Proxy combines them

$

0

0

Hi, I have the UTM 525 configured with two LAGs. The links are up and 802.3ad is working perfect (end device is a Cisco switch).

Basically, I need to change the 802.3ad load balancing hash (xmit_hash_policy) to layer2+3 or ideally layer3+4 if supported. Based on my setup, a layer 2 source MAC hash will be useless, since traffic traverses a transit, and the source / destination MAC would almost always be the same.

fw1:/proc/11241/net/bonding # cat lag0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

According to the documentation for v3.7.1 bonding driver, this is fully supported.

I'm surprised they don't give an option to configure this via GUI... most higher end L3 Cisco devices use an L3 hash by default, and depending on the setup, an L2 source MAC hash may (or may not) be useless - hence the need to control this setting.
As you can see, the current Transmit hash policy is layer 2. Clearly there is no option to change this in the GUI... what is the process to change this via cli?

---

Update auf 9.1

May 5, 2013, 11:20 pm

≫ Next: Cluster Update to UMT9 failed

≪ Previous: LAG Load Balancing

$

0

0

Hallo Zusammen,

wir haben zur Zeit noch die Sophos UTM 9.006-5 (SW-Version) am laufen. Das Update auf die Version 9.1 wird mir im Up2Date-System noch nicht angeboten.

Kann ich mir das manuell downloaden und installieren? Gibt es da irgendwelche Beschränkungen bzw. Probleme die auftreten können? Oder warum wird das Update im Up2Date-System nicht angeboten?

Vielen Dank.

Gruß envy

Cluster Update to UMT9 failed

May 6, 2013, 12:15 am

≫ Next: WAF und Exchange 2013

≪ Previous: Update auf 9.1

$

0

0

Hello,
i tried to update my Astaro ASG320 HA Cluster (aktive/aktive)
Firmware-Version: 8.309 to the new UMT9 Firmware.
When I start the Update, it failed after some seconds.
In the HA Status i see one node with the Status UP2DATE-FAILED and the Cluster is now running with only one node.

In the log I see the message:
2013:05:06-08:15:01 astaro-2 audld[23360]: running on HA slave system or cluster node, exiting
2013:05:06-08:15:01 astaro-2 audld[23360]:
2013:05:06-08:15:01 astaro-2 audld[23360]: 1. main::run:185() audld.pl
2013:05:06-08:15:01 astaro-2 audld[23360]: 2. main::top-level:27() audld.pl

Can someone tell me what i should do now?

Thanks for your help.

Jörg Laufenburg

WAF und Exchange 2013

May 6, 2013, 12:24 am

≫ Next: Nach Update - Seiten unvollständig

≪ Previous: Cluster Update to UMT9 failed

$

0

0

Hi Ihr,

hat jemand schon einen Exchange 2013 über die WAF getestet? Aktuell erhalte ich einen RPC Fehler wenn ich versuche Outlook Anywhere über die WAF zu betreiben.
Wird von seitens Sophos der Exchange 2013 bereits unterstützt?

Grüße Falconbase

Nach Update - Seiten unvollständig

May 6, 2013, 12:54 am

≫ Next: Setting IP and hostname through commandline

≪ Previous: WAF und Exchange 2013

$

0

0

Hallo,

nach dem Update unserer Sophos UTM 9 auf die Version 9.006-5(Patternversion: 45281) werden Webseiten nur noch unvollständig geladen.
D.h. es fehlen oftmals Bilder bzw. komplette Scripts(bspw. auf mobile.de)
Auf yahoo.de ist das komplette Layout verhauen(siehe Anhang).

An was könnte das liegen?

Vielen Dank

Attached Images

20130506_Yahoo! Deutschland_000031.jpg (20.6 KB)

Setting IP and hostname through commandline

May 6, 2013, 2:42 am

≫ Next: Update is blocked

≪ Previous: Nach Update - Seiten unvollständig

$

0

0

I recently downloaded sophos vmware utm-9.003-esx-v5-x86-smp file for evaluation. Upon successfully deploying ovf on ESX 5.1 and powering on the VM
it gets an IP 192.168.0.1. Also Sophos throws a Welcome message stating

"support is void if any changes to config is made by root. It says that use Sophos WebAdmin UI to do any config changes"

By this, cant i change/set hostname and IP address using commands
like
hostname -v ***
ip addr add dev eth0 X.x.x.x/24
ip link set up dev eth0
route add -net x.x.x.x netmask 255.255.255.0 dev eth0
route add default gw x.x.x.x dev eth0

After doing the above config changes, the IP and hostname is effective untill the session ends ( I mean till next reboot happens). Isn't this commandline configuration persistent even though i do reboot.

Is it mandatory that i should use webadmin GUI to set up changes to config

Also
can't i use IPTables command to add rules to sophos for setting Nat rules, port forwarding

Sophos also provides a cc comandline utility to do some config. Where can i get the document of syntax and supported commands, any online help doc available

regards,
Vijay

Update is blocked

May 6, 2013, 3:26 am

≫ Next: Exchange 2007- ActiveSync problems

≪ Previous: Setting IP and hostname through commandline

$

0

0

Hello We use a UTM 9 firewall (firmware 9.006-5). I want to use EP AV and we testing now to remove Mcafee and install Sophos EP
We use a proxy in standard mode. I made a firewall rule:

Groups ("DNS Groups", because the DNS names contains multiple IP adresses)

Broker Service

Allow http and https traffic to
all.broker.sophos.com

Update Servers
Allow http and https traffic to
dci.sophosupd.com
d1.sophosupd.com
d2.sophosupd.com
d3.sophosupd.com
dci.sophosupd.net
d1.sophosupd.net
d2.sophosupd.net
d3.sophosupd.net

Still this is not working, my firewall keeps blocking addresses:
12:20:25 Default DROP TCP
156.5.5.130 : 4932
→
23.62.99.57 : 80

[SYN] len=48 ttl=126 tos=0x00 srcmac=88:e0:f3:6a:64:0 dstmac=0:1a:8c:f0:35:a0

When I make a rule with network 23.62.99.0 /24 to allow 80/443 it works, but there is a chance the address is in a other network next time I update the Sophos EP client.

Mcafee uses EPO, my experience is that this works better, cliets get there update from the EPO server, maybe UTM 9 can work this way?

Exchange 2007- ActiveSync problems

May 6, 2013, 3:34 am

≫ Next: [9100-008][BUG] AP50 starts to refuse connections after a while

≪ Previous: Update is blocked

$

0

0

I am strugeling to get Exchange ActiveSync working on my mobilephone.
But somewhere in the setup I am overseeing an error. But I don't know what.

I setup IIS in the most basic setting (I don't like IIS that much) because I miss some knowledge.
The Echangeserver has a self-signed certificate (At least I did'nt create anything YET) which isn't trusted.

When I take a look into UTM and want to configure the Real and Virtual Webserver I see things that I think are not right.

When I try to connect to my network from my mobilephone I get some wierd replies from the UTM and phone.
Using the original url for my mailserver OR the IPadrees for my Router I get a "accept untrusted certificate" message in my mail-for-exchange application in my phone and afterwards the message that "Your account does not have the allowance to synchronize with the current settings".

When I take a look in the webfiltering logs I see this. (older logfile)

Code:

---

2013:05:03-22:24:17 firewall reverseproxy: [Fri May 03 22:24:17 2013] [error] [client 145.x.y.z] Hostname in HTTP request (xpost.v/h.nl) does not match the server name (firewall.v/h.nl)

2013:05:03-22:24:17 firewall reverseproxy: srcip="145.x.y.z" localip="10.x.y.z" size="197" user="-" host="145.x.y.z" method="OPTIONS" statuscode="403" reason="-" extra="-" time="2951" url="/Microsoft-Server-ActiveSync" server="firewall.v/h.nl" referer="-" cookie="-" set-cookie="-"

---

But when I try to connect to the url of the Firewall it self as mentiond in the Exchange settings for the External URL I don't see anything happen in the logs and my phone is just waiting and waiting.

See all attachments for my settings (and/or failures).

Where am I missing steps or what to do for getting it right.

Attached Images

	ActiveSync_1.PNG (15.8 KB)
	ActiveSync_3.PNG (23.0 KB)
	ActiveSync_5.PNG (14.9 KB)
	ActiveSync_6.PNG (11.6 KB)
	ActiveSync_7.PNG (34.2 KB)

---

[9100-008][BUG] AP50 starts to refuse connections after a while

May 6, 2013, 5:20 am

≫ Next: [9.100-12] WiFi Log filling up after Update

≪ Previous: Exchange 2007- ActiveSync problems

$

0

0

Since Upgrade to 9.100-008 I have the issue, that after 1-2 days the AP50 stops to accept connections of WIFI devices (and looses existing connections), until I power off the AP50 and let it reboot. Happened last time this morning short after midnight. No devices could connect until I restarted the AP50 between 0:22...0:25 o clock in the morning.

awed logfile around this timeframe:

Code:

---

2013:05:06-00:02:55 192.168.10.100 hostapd: wlan8: WPA rekeying GTK
2013:05:06-00:02:55 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: received EAPOL-Key frame (2/2 Group)
2013:05:06-00:02:55 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: group key handshake completed (RSN)
2013:05:06-00:12:55 192.168.10.100 hostapd: wlan8: WPA rekeying GTK
2013:05:06-00:12:55 192.168.10.100 hostapd: wlan10: WPA rekeying GTK
2013:05:06-00:12:55 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: received EAPOL-Key frame (2/2 Group)
2013:05:06-00:12:55 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: group key handshake completed (RSN)
2013:05:06-00:22:55 192.168.10.100 hostapd: wlan8: WPA rekeying GTK
2013:05:06-00:22:55 192.168.10.100 hostapd: wlan10: WPA rekeying GTK
2013:05:06-00:22:55 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: EAPOL-Key timeout
2013:05:06-00:22:55 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: sending 1/2 msg of Group Key Handshake
2013:05:06-00:22:56 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: EAPOL-Key timeout
2013:05:06-00:22:56 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: sending 1/2 msg of Group Key Handshake
2013:05:06-00:22:56 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: received EAPOL-Key frame (2/2 Group)
2013:05:06-00:22:56 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: group key handshake completed (RSN)
2013:05:06-00:22:56 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: received EAPOL-Key 2/2 Group with unexpected replay counter
2013:05:06-00:22:56 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: received EAPOL-Key 2/2 Group with unexpected replay counter
2013:05:06-00:25:08 asg01 awed[4865]: [MASTER] new connection from 192.168.10.100:46406
2013:05:06-00:25:08 asg01 awed[29436]: [AP50 A40002E20******x] (Re-)loaded identity and/or configuration
2012:12:31-00:00:16 192.168.10.100 kernel: [  16.100000] cfg80211: Regulatory domain changed to country: CH
2013:05:06-00:25:11 asg01 awed[7957]: [AP50 A40002E20******x] disconnected. Close socket and kill process.
2013:05:06-00:25:11 192.168.10.100 sysinit: 192.168.10.1 = 192.168.10.1
2013:05:06-00:25:11 192.168.10.100 netifd: Interface 'red101' is now up
2013:05:06-00:25:11 192.168.10.100 netifd: Interface 'red102' is now up
2013:05:06-00:25:11 192.168.10.100 kernel: [  19.100000] device red0.101 entered promiscuous mode
2013:05:06-00:25:11 192.168.10.100 kernel: [  19.100000] device red0 entered promiscuous mode
2013:05:06-00:25:11 192.168.10.100 kernel: [  19.100000] br-red101: port 1(red0.101) entered forwarding state
2013:05:06-00:25:11 192.168.10.100 kernel: [  19.100000] br-red101: port 1(red0.101) entered forwarding state
2013:05:06-00:25:11 192.168.10.100 kernel: [  19.100000] device red0.102 entered promiscuous mode
2013:05:06-00:25:11 192.168.10.100 kernel: [  19.100000] br-red102: port 1(red0.102) entered forwarding state
2013:05:06-00:25:11 192.168.10.100 kernel: [  19.100000] br-red102: port 1(red0.102) entered forwarding state
2013:05:06-00:25:11 192.168.10.100 netifd: Interface 'red103' is now up
2013:05:06-00:25:11 192.168.10.100 kernel: [  19.520000] device red0.103 entered promiscuous mode
2013:05:06-00:25:11 192.168.10.100 kernel: [  19.520000] br-red103: port 1(red0.103) entered forwarding state
2013:05:06-00:25:11 192.168.10.100 kernel: [  19.520000] br-red103: port 1(red0.103) entered forwarding state
2013:05:06-00:25:12 192.168.10.100 kernel: [  20.220000] device wlan0 entered promiscuous mode
2013:05:06-00:25:12 192.168.10.100 kernel: [  20.460000] br-lan: port 2(wlan0) entered forwarding state
2013:05:06-00:25:12 192.168.10.100 kernel: [  20.460000] br-lan: port 2(wlan0) entered forwarding state
2013:05:06-00:25:12 192.168.10.100 kernel: [  20.490000] device wlan1 entered promiscuous mode
2013:05:06-00:25:12 192.168.10.100 kernel: [  20.690000] br-red101: port 2(wlan1) entered forwarding state
2013:05:06-00:25:12 192.168.10.100 kernel: [  20.690000] br-red101: port 2(wlan1) entered forwarding state
2013:05:06-00:25:13 192.168.10.100 kernel: [  21.100000] br-red101: port 1(red0.101) entered forwarding state
2013:05:06-00:25:13 192.168.10.100 kernel: [  21.100000] br-red102: port 1(red0.102) entered forwarding state
2013:05:06-00:25:13 192.168.10.100 ifup: Enabling Router Solicitations on red (red0)
2013:05:06-00:25:13 192.168.10.100 kernel: [  21.520000] br-red103: port 1(red0.103) entered forwarding state
2013:05:06-00:25:14 192.168.10.100 ifup: Enabling Router Solicitations on red103 (br-red103)
2013:05:06-00:25:14 192.168.10.100 kernel: [  22.460000] br-lan: port 2(wlan0) entered forwarding state
2013:05:06-00:25:14 192.168.10.100 ifup: Enabling Router Solicitations on red102 (br-red102)
2013:05:06-00:25:14 192.168.10.100 kernel: [  22.690000] br-red101: port 2(wlan1) entered forwarding state
2013:05:06-00:25:16 192.168.10.100 kernel: [  24.390000] device wlan8 entered promiscuous mode
2013:05:06-00:25:16 192.168.10.100 kernel: [  24.630000] br-lan: port 3(wlan8) entered forwarding state
2013:05:06-00:25:16 192.168.10.100 kernel: [  24.630000] br-lan: port 3(wlan8) entered forwarding state
2013:05:06-00:25:16 192.168.10.100 kernel: [  24.660000] device wlan9 entered promiscuous mode
2013:05:06-00:25:17 192.168.10.100 kernel: [  24.860000] br-red101: port 3(wlan9) entered forwarding state
2013:05:06-00:25:17 192.168.10.100 kernel: [  24.860000] br-red101: port 3(wlan9) entered forwarding state
2013:05:06-00:25:17 192.168.10.100 kernel: [  24.880000] device wlan10 entered promiscuous mode
2013:05:06-00:25:17 192.168.10.100 kernel: [  25.070000] br-red103: port 2(wlan10) entered forwarding state
2013:05:06-00:25:17 192.168.10.100 kernel: [  25.070000] br-red103: port 2(wlan10) entered forwarding state
2013:05:06-00:25:17 192.168.10.100 ifup: Enabling Router Solicitations on red101 (br-red101)
2013:05:06-00:25:18 192.168.10.100 kernel: [  26.630000] br-lan: port 3(wlan8) entered forwarding state
2013:05:06-00:25:19 192.168.10.100 kernel: [  26.860000] br-red101: port 3(wlan9) entered forwarding state
2013:05:06-00:25:19 192.168.10.100 kernel: [  27.070000] br-red103: port 2(wlan10) entered forwarding state
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.11: authentication OK (open system)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab MLME: MLME-AUTHENTICATE.indication(a4:d1:d2:6f:b4:ab, OPEN_SYSTEM)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab MLME: MLME-DELETEKEYS.request(a4:d1:d2:6f:b4:ab)
2013:05:06-00:25:25 192.168.10.100 awelogger[2443]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="WLAN1" ssid_id="WLAN0.1" bssid="00:1a:8c:0b:34:18" sta="a4:d1:d2:6f:b4:ab" status_code="0"
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.11: authenticated
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.11: association OK (aid 1)
2013:05:06-00:25:25 192.168.10.100 awelogger[2443]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="WLAN1" ssid_id="WLAN0.1" bssid="00:1a:8c:0b:34:18" sta="a4:d1:d2:6f:b4:ab" status_code="0"
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.11: associated (aid 1)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab MLME: MLME-ASSOCIATE.indication(a4:d1:d2:6f:b4:ab)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab MLME: MLME-DELETEKEYS.request(a4:d1:d2:6f:b4:ab)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: event 1 notification
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: start authentication
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.1X: unauthorizing port
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: sending 1/4 msg of 4-Way Handshake
2013:05:06-00:25:25 192.168.10.100 awelogger[2443]: id="4105" severity="info" sys="System" sub="WiFi" name="STA WPA failure" ssid="WLAN1" ssid_id="WLAN0.1" bssid="00:1a:8c:0b:34:18" sta="a4:d1:d2:6f:b4:ab" reason_code="2"
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: event 3 notification
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.1X: unauthorizing port
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab MLME: MLME-DEAUTHENTICATE.indication(a4:d1:d2:6f:b4:ab, 2)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab MLME: MLME-DELETEKEYS.request(a4:d1:d2:6f:b4:ab)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.11: authentication OK (open system)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: event 0 notification
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab MLME: MLME-AUTHENTICATE.indication(a4:d1:d2:6f:b4:ab, OPEN_SYSTEM)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab MLME: MLME-DELETEKEYS.request(a4:d1:d2:6f:b4:ab)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.11: authenticated
2013:05:06-00:25:25 192.168.10.100 awelogger[2443]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="WLAN1" ssid_id="WLAN0.1" bssid="00:1a:8c:0b:34:18" sta="a4:d1:d2:6f:b4:ab" status_code="0"
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.11: association OK (aid 1)
2013:05:06-00:25:25 192.168.10.100 awelogger[2443]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="WLAN1" ssid_id="WLAN0.1" bssid="00:1a:8c:0b:34:18" sta="a4:d1:d2:6f:b4:ab" status_code="0"
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.11: associated (aid 1)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab MLME: MLME-ASSOCIATE.indication(a4:d1:d2:6f:b4:ab)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab MLME: MLME-DELETEKEYS.request(a4:d1:d2:6f:b4:ab)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: event 1 notification
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: sending 1/4 msg of 4-Way Handshake
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: received EAPOL-Key frame (2/4 Pairwise)
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: sending 3/4 msg of 4-Way Handshake
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: received EAPOL-Key frame (4/4 Pairwise)
2013:05:06-00:25:25 192.168.10.100 awelogger[2443]: id="4101" severity="info" sys="System" sub="WiFi" name="STA connected" ssid="WLAN1" ssid_id="WLAN0.1" bssid="00:1a:8c:0b:34:18" sta="a4:d1:d2:6f:b4:ab"
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab IEEE 802.1X: authorizing port
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab RADIUS: starting accounting session 5186F86C-00000000
2013:05:06-00:25:25 192.168.10.100 hostapd: wlan8: STA a4:d1:d2:6f:b4:ab WPA: pairwise key handshake completed (RSN)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 IEEE 802.11: authentication OK (open system)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 MLME: MLME-AUTHENTICATE.indication(20:64:32:54:ee:57, OPEN_SYSTEM)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 MLME: MLME-DELETEKEYS.request(20:64:32:54:ee:57)
2013:05:06-00:25:26 192.168.10.100 awelogger[2437]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="WLAN1" ssid_id="WLAN0.0" bssid="00:1a:8c:0b:34:10" sta="20:64:32:54:ee:57" status_code="0"
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 IEEE 802.11: authenticated
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 IEEE 802.11: association OK (aid 1)
2013:05:06-00:25:26 192.168.10.100 awelogger[2437]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="WLAN1" ssid_id="WLAN0.0" bssid="00:1a:8c:0b:34:10" sta="20:64:32:54:ee:57" status_code="0"
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 IEEE 802.11: associated (aid 1)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 MLME: MLME-ASSOCIATE.indication(20:64:32:54:ee:57)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 MLME: MLME-DELETEKEYS.request(20:64:32:54:ee:57)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 WPA: event 1 notification
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 WPA: start authentication
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 IEEE 802.1X: unauthorizing port
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 WPA: sending 1/4 msg of 4-Way Handshake
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 WPA: received EAPOL-Key frame (2/4 Pairwise)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 WPA: sending 3/4 msg of 4-Way Handshake
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 WPA: received EAPOL-Key frame (4/4 Pairwise)
2013:05:06-00:25:26 192.168.10.100 awelogger[2437]: id="4101" severity="info" sys="System" sub="WiFi" name="STA connected" ssid="WLAN1" ssid_id="WLAN0.0" bssid="00:1a:8c:0b:34:10" sta="20:64:32:54:ee:57"
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 IEEE 802.1X: authorizing port
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 RADIUS: starting accounting session 5186F868-00000000
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan0: STA 20:64:32:54:ee:57 WPA: pairwise key handshake completed (RSN)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 IEEE 802.11: authentication OK (open system)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 MLME: MLME-AUTHENTICATE.indication(7c:61:93:30:72:55, OPEN_SYSTEM)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 MLME: MLME-DELETEKEYS.request(7c:61:93:30:72:55)
2013:05:06-00:25:26 192.168.10.100 awelogger[2449]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="WLAN2" ssid_id="WLAN1.0" bssid="00:1a:8c:0b:34:11" sta="7c:61:93:30:72:55" status_code="0"
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 IEEE 802.11: authenticated
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 IEEE 802.11: association OK (aid 1)
2013:05:06-00:25:26 192.168.10.100 awelogger[2449]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="WLAN2" ssid_id="WLAN1.0" bssid="00:1a:8c:0b:34:11" sta="7c:61:93:30:72:55" status_code="0"
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 IEEE 802.11: associated (aid 1)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 MLME: MLME-ASSOCIATE.indication(7c:61:93:30:72:55)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 MLME: MLME-DELETEKEYS.request(7c:61:93:30:72:55)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 WPA: event 1 notification
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 WPA: start authentication
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 IEEE 802.1X: unauthorizing port
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 WPA: sending 1/4 msg of 4-Way Handshake
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 WPA: received EAPOL-Key frame (2/4 Pairwise)
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 WPA: sending 3/4 msg of 4-Way Handshake
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 WPA: received EAPOL-Key frame (4/4 Pairwise)
2013:05:06-00:25:26 192.168.10.100 awelogger[2449]: id="4101" severity="info" sys="System" sub="WiFi" name="STA connected" ssid="WLAN2" ssid_id="WLAN1.0" bssid="00:1a:8c:0b:34:11" sta="7c:61:93:30:72:55"
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 IEEE 802.1X: authorizing port
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 RADIUS: starting accounting session 5186F868-00000000
2013:05:06-00:25:26 192.168.10.100 hostapd: wlan1: STA 7c:61:93:30:72:55 WPA: pairwise key handshake completed (RSN)

---

/Sascha

[9.100-12] WiFi Log filling up after Update

May 6, 2013, 5:54 am

≫ Next: Sophos UTM9 dropping all-systems.mcast.net

≪ Previous: [9100-008][BUG] AP50 starts to refuse connections after a while

$

0

0

Hello,

after migrating my ASG from 9.0 to 9.100-12 my WiFi Log startet to fill up with thousands of these error messages:

Code:

---

...
2013:05:06-14:53:49 192.168.12.155 kernel: [235606.110000] wlan0: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:53:54 192.168.12.155 kernel: [235611.110000] wlan9: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:53:54 192.168.12.155 kernel: [235611.110000] wlan8: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:53:54 192.168.12.155 kernel: [235611.110000] wlan0: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:53:59 192.168.12.155 kernel: [235616.120000] wlan9: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:53:59 192.168.12.155 kernel: [235616.120000] wlan8: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:53:59 192.168.12.155 kernel: [235616.120000] wlan0: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:04 192.168.12.155 kernel: [235621.120000] wlan9: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:04 192.168.12.155 kernel: [235621.120000] wlan8: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:04 192.168.12.155 kernel: [235621.120000] wlan0: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:09 192.168.12.155 kernel: [235626.120000] wlan9: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:09 192.168.12.155 kernel: [235626.120000] wlan8: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:09 192.168.12.155 kernel: [235626.120000] wlan0: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:14 192.168.12.155 kernel: [235631.130000] wlan9: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:14 192.168.12.155 kernel: [235631.130000] wlan8: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:14 192.168.12.155 kernel: [235631.130000] wlan0: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:19 192.168.12.155 kernel: [235636.130000] wlan9: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:19 192.168.12.155 kernel: [235636.130000] wlan8: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
2013:05:06-14:54:19 192.168.12.155 kernel: [235636.130000] wlan0: dropped frame to 00:b0:52:00:00:01 (unauthorized port)
...

---

Any suggestions what it could be?

Thanks in advance

Sophos UTM9 dropping all-systems.mcast.net

May 6, 2013, 6:23 am

≫ Next: Snmp oid

≪ Previous: [9.100-12] WiFi Log filling up after Update

$

0

0

Hi

I am receiving lots of these every day in the Network Protection / Packet Filter / Firewall log :

/var/log/packetfilter.log:2013:05:06-15:19:22 cable-static-xx-xx-x ulogd[4546]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth7" srcmac="xx:xx:xx:xx:xx:xx" dstmac="yy:yy:yy:yy:yy:yy" srcip="192.168.100.***" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0x00" ttl="1"

The srcip is a wireless router in our network. Why is the UTM dropping these packets ? What can I do to stop it ?

Thanks in advance
Freddie

Snmp oid

May 6, 2013, 6:31 am

≫ Next: Force download through specific interface

≪ Previous: Sophos UTM9 dropping all-systems.mcast.net

$

0

0

Hallo,

ich benutze ein SNMP Überwachungstool bei dem ich über de IP-Adresse und die OID (object Identifier) den Status von Ethernetports auslesen kann.

Das funktioniert für die Switches schon so weit ganz gut. Bei den Switches ist das die 1.3.6.1.2.2.1.8.x, wobei x die Portnummer des Switches darstellt.

Ich habe mir die Sophos MIB schon durchgelesen, aber sowas in der Art leider nicht gefunden.

Weiß jemand Rat?

Besten Dank im Voraus und viele Grüße

Force download through specific interface

May 6, 2013, 8:29 am

≫ Next: Routing all client traffic (including web-traffic) through the VPN

≪ Previous: Snmp oid

$

0

0

Hello!

Is it possible to force Astaro to use only an specific Interface when downloading in a specific desktop?

I mean, when the desktop ABC starts downloading, Astaro will use that Interface.

I am using 8.309 with AD-SSO with Load Balance.

Tks

Routing all client traffic (including web-traffic) through the VPN

May 6, 2013, 2:00 pm

≫ Next: keine Verbindung via Proxy zum "Auftrags Server" von "Hitman Absolution"

≪ Previous: Force download through specific interface

$

0

0

Hello Sophos

How to configure the Sophos SSL VPN to Routing all client traffic (including web-traffic) through the VPN?

Regards

Linck Tello Flores

keine Verbindung via Proxy zum "Auftrags Server" von "Hitman Absolution"

May 6, 2013, 3:41 pm

≫ Next: Install using serial console port

≪ Previous: Routing all client traffic (including web-traffic) through the VPN

$

0

0

Hi,

ich habe mir steam installiert und danach die gekauften Spiele Counterstrike und Hitman Absolution aktiviert und installiert. Counterstrike funktioniert problemlos.

Nur Hitman kann ich online auf dem "Auftrags Server" nicht spielen. Mein Laptop bekommt keine Verbindung hergestellt. Leider finde ich im Web auch keine Hilfe.

Hat jemand schon mal versucht, Hitman Absolution auf dem Auftrags-Server hinter der Astaro ASG120 (o.ä.) über den Webproxy (transparent+hhtps) zu spielen?

---

Install using serial console port

May 6, 2013, 6:55 pm

≫ Next: Utm 9.1

≪ Previous: keine Verbindung via Proxy zum "Auftrags Server" von "Hitman Absolution"

$

0

0

I have an old linux box with no VGA/graphical interface. The only available console is a serial port - default 9600.

Previously I have installed UTM9 from CD on an old PC without any issues, but doing the same on this hardware with no VGA is a challenge. Basically, after BIOS/POST, it begins reading the CD-ROM drive and after a while stops without displaying anything to the serial port.

Has anyone done anything like this? Any help will be appreciated.

Thanks,
J

Utm 9.1

May 7, 2013, 6:04 am

≫ Next: [9.100-12] SSL VPN broken after upgrade 9.0 > 9.100-12

≪ Previous: Install using serial console port

$

0

0

Hallo zusammen,

ist die V9.1 Offiziell draussen als Software Installation (Stable)?

Gruss M

[9.100-12] SSL VPN broken after upgrade 9.0 > 9.100-12

May 7, 2013, 6:42 am

≫ Next: ESXi 5.1 NIC passtrough

≪ Previous: Utm 9.1

$

0

0

Hello,

after I've upgraded my ASG220 from 9.0 to 9.100-12, I noticed today that my SSL VPN doesn't work anymore.

In the SSL VPN Log I can see this:

Code:

---

2013:05:07-15:34:07 remote openvpn[11713]: TCP connection established with [AF_INET]80.152.165.2:64690 (via [AF_INET]91.52.128.96:1194)
2013:05:07-15:34:07 remote openvpn[11713]: 80.152.165.2:64690 TLS: Initial packet from [AF_INET]80.152.165.2:64690 (via [AF_INET]91.52.128.96:1194), sid=b29a4d52 1b52be9e
2013:05:07-15:34:09 remote openvpn[11713]: 80.152.165.2:64690 VERIFY OK: depth=0, C=de, L=City, O=N/A, CN=User Name, emailAddress=user.name@domain.tld
2013:05:07-15:34:09 remote openvpn[11713]: 80.152.165.2:64690 VERIFY OK: depth=1, C=de, L=City, O=N/A, CN=N/A VPN CA, emailAddress=user.name@domain.tld
2013:05:07-15:34:09 remote openvpn[11713]: 80.152.165.2:64690 VERIFY OK: depth=1, C=de, L=City, O=N/A, CN=N/A VPN CA, emailAddress=user.name@domain.tld
2013:05:07-15:34:09 remote openvpn[11713]: 80.152.165.2:64690 VERIFY OK: depth=0, C=de, L=City, O=N/A, CN=User Name, emailAddress=user.name@domain.tld
2013:05:07-15:34:10 remote openvpn[11713]: 80.152.165.2:64690 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
2013:05:07-15:34:10 remote openvpn[11713]: 80.152.165.2:64690 TLS: Username/Password authentication deferred for username 'user name' [CN SET]
2013:05:07-15:34:10 remote openvpn[11713]: 80.152.165.2:64690 TLS Auth Error: --client-config-dir authentication failed for common name 'user name' file='/etc/openvpn/conf.d/user name'
2013:05:07-15:34:10 remote openvpn[11713]: 80.152.165.2:64690 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
2013:05:07-15:34:10 remote openvpn[11713]: 80.152.165.2:64690 [user name] Peer Connection Initiated with [AF_INET]80.152.165.2:64690 (via [AF_INET]91.52.128.96:1194)
2013:05:07-15:34:12 remote openvpn[11713]: 80.152.165.2:64690 PUSH: Received control message: 'PUSH_REQUEST'
2013:05:07-15:34:12 remote openvpn[11713]: 80.152.165.2:64690 Delayed exit in 5 seconds
2013:05:07-15:34:12 remote openvpn[11713]: 80.152.165.2:64690 SENT CONTROL [user name]: 'AUTH_FAILED' (status=1)
2013:05:07-15:34:13 remote openvpn[11713]: 80.152.165.2:64690 Connection reset, restarting [0]
2013:05:07-15:34:13 remote openvpn[11713]: 80.152.165.2:64690 SIGUSR1[soft,connection-reset] received, client-instance restarting

---

The user is authenticated against my ActiveDirectory and in the authentication log it is successful:

Code:

---

2013:05:07-15:34:09 remote aua[9285]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.12.41 (adirectory)"
2013:05:07-15:34:10 remote aua[9285]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="80.152.165.2" user="User Name" caller="openvpn" engine="adirectory"

---

Any help would be greatly appreciated.

Dino

ESXi 5.1 NIC passtrough

May 7, 2013, 6:55 am

≫ Next: SPF Reject Faild

≪ Previous: [9.100-12] SSL VPN broken after upgrade 9.0 > 9.100-12

$

0

0

Hello,

i am currently running an UTM9 (installed from iso) inside esxi with two Intel 82574L directly attached to the VM.

This setup works without problems as long as i dont attach another virtual NIC. If i add an e1000 or vmxnet3 adapter to the vm and start it the second physical NIC is no longer recognized.
After removing the virtual NIC both physical interfaces get recognized again.
Same procedure with an CentOS 6 VM works so i dont think this problem is related to my ESXi Setup.

My Setup:
ESXi 5.1 Update 1
UTM 9.006-5
Intel 82574L -> UTM (eth0, LAN)
Intel 82574L -> UTM (eth1, WAN PPPoE)
Intel 82576 (vSwitch0, vmdq enabled)


Does anybody experienced similar problems when working with NIC passtrough in ESXi?

SPF Reject Faild

May 7, 2013, 7:32 am

≫ Next: Block all EMail TO a specified internal address

≪ Previous: ESXi 5.1 NIC passtrough

$

0

0

Servus,

hab ne Sophos UTM 9.06 mit ner Basic Guard Lizenz.

Im MailManager tauchen immer wieder SPF fehler auf, hab die die korrekt sind in die ausnahmen vom SMTP - AUSNAHMEN reingenommen leider kein erfolg!

wäre nett wenn jemand da was wüsste!

Den eintrag den ich hier gefunden habe hilft mir nicht "SMTP-PROXY" hab ich nicht!

mfg userfail60