Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

UTM9.1 software : cannot restore 8.309 config

May 16, 2013, 4:45 pm
$
0
0
Hi,
I spent several hours trying to install 9.1 from the iso. I finally manage to connect to the webadmin by connecting directly my PC to the PC hosting Astaro but I never passed to restore the config backuped from 8.309. I can upload it on UTM9.1, then I click on Finish, it start but never go through even if clicking on 'allow to continue for 30 second' or equivalent message. After several minute I got an error message. Then everything is stuck. Restarting the PC with the button do not not make the webadmin accessible anymore. The only solution is to reinstall from the CD. After several attempts I decided to reinstall 8.0, then the restore worked ok but for the NIC (the order changed and I had to reassign them guessing which is the good one for each connection:mad:).
Now I'm trying to apply updates (Astaro cannot find them itself).
Anyway, is there a way to update to 9.1 and restore the config ?

BTW, it seems not possible to update 8.001 to 8.309. then I downloaded 8.100, 8.200 and 8.300 and uploaded them in Astaro but the system is not finding them as available packages and says 8.001 firmware is up to date..
Search

Help me understand NAT in SOPHOS UTM 9

May 16, 2013, 9:14 pm
$
0
0
Hello everyone,

I'm just a student and now I want to build a system with SOPHOS UTM 9 as security gateway. My network topology as below


My willing is public services web and mail, NAT internal (10.0.0.0/8) to external, NAT DMZ (172.16.0.0/16) to external, NAT external (172.16.0.0/16) to internal (10.0.0.0/8) using only DNS service and HTTP(S) service. My configuration as below



But I can only use PING protocol and cannot use any protocol else. Please help me where am I stuck?

Many thanks

Anfragen mit Quellport 25

May 17, 2013, 12:41 am
$
0
0
Hallo Zusammen,

habe folgendes bei uns in den Logfiles entdeckt.
Seit Tagen bekommen wir Anfragen von mehreren IPs mit dem Quellport 25, mit unterschiedlichen Zielports. So wie ein Portscanner...

Hier mal ein Auszug:
Code:
"09:34:17        Standard-VERWERFEN        TCP       
xx.xx.xx.xx          :        25
→       
Externe IP UTM        :        22451
[ACK]        len=40        ttl=57        tos=0x00        srcmac=0:30:88:1:66:42        dstmac=0:18:fe:89:99:e2
Eine DNS-Abfrage der Quell-IPs zeigt, dass diese alle aus einem Netz stammen und jeweils MX-Einträge darstellen. Die dazugehörige Domain ist auf ein großes Verlagshaus registriert...

Sieht doch so aus als ob Ihre Mailserver "missbraucht" werden, oder?

Gruß envy

[9.100-16] Firewall rule with ipsec group

May 17, 2013, 1:43 am
$
0
0
I have a manual firewall rule to complement an IPSEC remote user config. (Using preshared keys, so no auto rules).

What I have found is that if the rule specifies Source=[User Group] the rule doesn't match. But if I specify Source=[VPN Pool] it matches.

The IPSEC config entry specifies [User Group] as the set of users allowed to connect remotely.

So is this a bug?

Makes it difficult to define different fw rules for different groups of users who log in remotely.

Sophos Quarantäne Report - Zerschossenes Layout

May 17, 2013, 2:46 am
$
0
0
Hi,

habe ein Problem mit den von Sophos generierten Quarantäne Reports. Das Layout der versandten Reports passt nicht wirklich (s. Anhang). Es ist egal, ob ich ein Firmenlogo oder nicht verwende. Das Template kann ich ja nicht anpassen. Kann ich hier irgendwie Abhilfe schaffen?

Als Mail-Client verwenden wir Outlook (2010), Firmware ist aktuell, 9.100-16


Gruß,
loopy

Attached Images
File Type: jpg sophos_header.jpg (4.4 KB)

SSL Site2Site

May 17, 2013, 4:30 am
$
0
0
Hallo zusammen,

wenn ich die SSL Server Seite neu starte, wird zwar der Tunnel aufgebaut, aber das Routing zum SSL Client scheint nicht zu funktionieren. Es funktioniert erst wieder wenn ich den SSL Server einmal deaktiviere und wieder aktiviere. Gibt es da eine Lösung das nach einem Neustart der Tunnel wieder einwandfrei funktioniert? Habe die neueste UTM 9.100-16 drauf. Hat jemand eine Idee?

Viele Grüße

Frank

Webadmin sometimes not reachable since V9.1

May 17, 2013, 5:20 am
$
0
0
Hello,

we are running UTM under a VMware Hypervisor 5.1 in active/passive HA mode.

Since UTM version 9.1 it happens nearly every day, that the webadmin login is not possible. The browser reports that the webpage couldn't be displayed.
Linux top shows normal cpu load. The system is working normal. No problems with all other functions.

The problem can be solved by a boot temporarily.

I have checked various logs in /var/log but I found no entries that indicate the problem.

Andreas

IP address's not in logs but shows as active

May 17, 2013, 5:33 am
$
0
0
I have been chasing this for a while and have had an open a case with the reseller; they have no idea. I have several ip address's that show as Active IP Address's (licensing) but cannot find those address's in any of the logs. I am logging all traffic in all the various firewall rules. These ip address's are from SEH Print Servers which do have a default gateway that routes to the firewall. I have gone to the length of configuring a deny rule in the firewall for those specific ip addess's. That did not rectify the issue and in addition that rule never showed any activity. Any thoughts?
Search

[9.100-16] IPSEC Tunnel half 'blocked'

May 17, 2013, 5:57 am
$
0
0
This seems to be a highly reproducible problem on my setup....and I'm sure someone else has posted a very similar experience it but I can't find their thread now.

I have a remote VPN (IPSEC) tunnel...using Shrewsoft client. When it's working it works great.

Most of the time, upon making the initial connection I cannot get any traffic through from the client. No pings, nothing. Tunnel status, SPI's etc all look normal.

If at this point I ping through the tunnel from the UTM end (either from the UTM itself or from up a machine connected to the interface, the ping gets through, and then seems to 'unblock' the traffic coming from the client end.

From that point on all is good until the next occasion.

Nothing untoward showing in ipsec or firewall logs.

Any ideas?

Reported issues in 9.1 GA release

May 17, 2013, 8:49 am
$
0
0
Hi Everyone,

we want to inform you that we got a couple of customer reports about problems after GA of 9.1 and were our developement team is currently investigating the root cause.


Basically, the following issues could already be identified:

25736: RED firmwareupdate fails if upload takes longer than 3 minutes
25787: SSL VPN autopacketfilter rules are not set for backend group objects
25742: ha: disabling virtual_mac for ha did not result in different mac addresses on master/slave


In addition, we corrected a functionality in IPSec VPN that might cause tunnels not to come up. Please have a look at In 9.1 IPSec connections could use bypass policies for a remote network without static routes. for further information.


We plan a 9.101 including those bugfixes soon.

Cheers
Dominic

Outbound mail not being delivered since update to 9.100-16

May 17, 2013, 9:35 am
$
0
0
I upgraded to 9.100-16 on May 15, 2013 at 12:21am and since then outbound emails originating from either the UTM box (home user license) or the internal network are being held up in SMTP Spool.

According the the SMTP Proxy log:

2013:05:17-11:18:02 myUTMhostname exim-out[2083]: 2013-05-17 11:18:02 1UcfXE-0001yu-4x Remote host smtp.hot.glbdns.microsoft.com [65.55.162.200] closed connection in response to AUTH PLAIN

2013:05:17-11:18:02 myUTMhostname exim-out[2082]: 2013-05-17 11:18:02 1UcfXE-0001yu-4x == myemail@gmail.com R=smarthost_route T=smarthost_smtp defer (-18): Remote host smtp.hot.glbdns.microsoft.com [65.55.162.200] closed connection in response to AUTH PLAIN

I looked at the thread by Firestorm entitled "Inbound mail not being delivered since update to 9.100-16" created yesterday at 3:06am. The post by BALfson to add a host to skip TLS negotiation hosts/nets did not help me (it was a long shot since the errors noted by Firestorm was not the same).

My email on the UTM is setup so that all SMTP traffic is intercepted (Transparent mode) defined in Email Protection: SMTP: Advanced. I defined a smarthost to use smtp.live.com on port 587 set to require authentication with my username and password filled in. I do not have the Management: Notifications: Advanced: External SMTP server status enabled.

This setup has been working in version 9.006.005 and stopped working immediately after 9.100-16 so that not even the UTM could email me letting me know the firmware was applied successfully.

Is this a bug and is there a workaround?

Thank you.

OT - Sophos tool for hosted site?

May 17, 2013, 12:27 pm
$
0
0
Hello:

Sorry if this is too far OT....

Potential customer has asked for help gettting a "virus" off their hosted site.
Google is blocking access warning that their site redirects to several others.

The hosting company says it is none of their concern and the origianal developer has moved on.

It there any Sophos product that can run on a hosted site (mananged with Plesk)?

Tom

dashboard error

May 17, 2013, 1:24 pm
$
0
0
i have a user which has AUDITOR role. when the user logs in webadmin it gets the error below. when the user has READONLY role, there are no problems.

Can't use string ("0") as a HASH ref while "strict refs" in use at /wfe/asg/modules/asg_dashboard.pm line 90.

using Release 9.100-16

SSL VPN On Mac OS

May 17, 2013, 1:58 pm
$
0
0
Hello!

I'm getting nuts trying to setup a working SSLVPN access for Mac OS 10.8.3 on a ASG120 in 9.1 .
IOS is working great with OpenVPN.
No way to get the Mac connect.

I'm using the latest version of viscosity. The process of importing .ovpn worked without a glitch. But when trying to connect, viscosity remains at connecting...

HTML 5 RDP to Mac OS, weird display...

May 17, 2013, 2:03 pm
$
0
0
Hi!

I'm trying to connect using HTML5 RDP portal to a terminal server (Aquaconnect).
I get the connection but the whole screen stay black with some color dots all around (looks like resolutions issues on old CRT screens)

Any idea?
Search

Astaro dropping packets from ctmail.com

May 17, 2013, 9:06 pm
$
0
0
I am running 9.100-16 with a home license. I do have the SMTP proxy enabled. Every hour I see 9 packets drop as shown below in Splunk:

May 17 23:15:33 192.168.1.254 2013:05:17-23:15:27 ulogd[4641]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth3" srcmac="0:90:1a:42:f4:f5" dstmac="0:c:29:9c:12:77" srcip="216.163.188.45" dstip="***.***.***.***" proto="6" length="40" tos="0x00" prec="0x00" ttl="56" srcport="80" dstport="54627" tcpflags="RST"

"dstip" is my external public facing IP.

Firewall fails to block an established UDP connection...

May 18, 2013, 3:00 am
$
0
0
Hello Guys,

I am have a weird situation here. I have a PC communicating with a server, both connected to my Sophos Firewall (Firmware: 9.100-16 - not an appliance).

I have a Rule that allows this connection, and it works. Without that Rule, the connection cannot be established. So far so good.
Once established, however, the communication continues even if I disable that rule, or add a rule above it to block that connection. :confused:
It just keeps on working and there doesnt seem to be a way to block it if I wanted to...

I tried it using a PC connected via the Internet and I can even disable the DNat Rule and the connection still continues. Only new connections are being blocked. Is this an expected behavior? Doesnt seem right to me.

Greatbyte

SSL VPN problems after upgrade to 9.100-16 (probable compression issue)

May 18, 2013, 3:25 am
$
0
0
Hi

I am using UTM9. I have some SSL VPNs established from Mikrotik routers (the UTM9 is the server). This used to work perfectly.

Last night I upgraded to 9.100-16 and the SSL VPNs have stopped working.

The SSL live log is full of messages stating "Bad LZO decompression header byte: 69". Compression is OFF in UTM9 as the clients don't support it, this setting (and the settings on the client) are unchanged from pre-upgrade, when it all worked.

The clients connect fine, so the authentication is apparently working.

There is another error in the log,
2013:05:18-11:14:46 steelblue openvpn[16411]: x.x.137.137:32830 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'

Yet the checkbox for "use compression" in the GUI is firmly disabled.


Any help will be gratefully received!

Giles.

Invalid Frame error in AP 10 and 30

May 18, 2013, 4:40 am
$
0
0
Hello All,

We have Sophos UTM 9.100-16 with AP 10 and AP30. Now adding APs to the sophos it takes configuration well but gives following error:

IEEE 802.11: handle_action - unknown action category 4 or invalid frame

It keeps on giving this error. We have only 1 interface so we have configured VLan for APs. The AP seems to be working fine as we can connect to Wi-Fi but this error still appears. We tried deleting both the APs and it reconfigured correctly still giving the error.

Please help how to resolve this error.

Thanks,
Dhyanesh

PublicKey-Authentication funktioniert nicht mehr seit Update auf Version 9.100-16

May 18, 2013, 8:00 am
$
0
0
Hallo Leute,

ich habe auf meiner UTM9 kürzlich auf Version 9.100-16 geupdatet.

Seitdem kann ich mich nicht mehr mit Putty ( SSH ) per PublicKey-Authentication auf die UTM einloggen.

Habe versucht die PublicKey-Authentication über den WebAdmin neu einzurichten, sprich den PublicKey neu hochzuladen, aber dann erscheint die Meldung, dass nichts zu importieren wäre.

Hat jemand eine Ahnung wie man die PublicKey-Authentication wieder ans Laufen bekommt?

Desweiteren kann ich mich nicht mehr mit einem selbst angelegten User per SSH einloggen ( Passwort-Authentifizierung ), obwohl das Passwort auf jeden Fall richtig ist.

Es erscheint dann immer die Meldung "Access denied".

Ich habe bereits versucht die PublicKey-Authentication in der sshd_config wieder zu aktivieren ( war deaktiviert ), aber das hat nichts gebracht.

Wie kann man den sshd eigentlich neu starten?

Früher ging das doch immer über "/etc/init.d/sshd restart", aber dieses Script finde ich seit dem Update nicht mehr.

Danke schon mal für Eure Hilfe :)!

LG, Datax
Viewing all 14361 articles
Browse latest View live
Search