Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

SITE to SITE IPSEC VPN UDP 500 dropped

July 9, 2014, 10:26 am
$
0
0
I updated to firmware version 9.113001 last night

Now the Site to Site VPN using IPSec is not working
In the logs i am seeing UDP 500 is getting dropped

I have edited the IP in the log to 137.117.***.***:
The VPN dropped at 10:55 today.



014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: initiating Main Mode
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: received Vendor ID payload [RFC 3947]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: ignoring Vendor ID payload [FRAGMENTATION]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: ignoring Vendor ID payload [IKE CGA version 1]
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: enabling possible NAT-traversal with method 3
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: NAT-Traversal: Result using RFC 3947: i am NATed
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: Peer ID is ID_IPV4_ADDR: '137.117.***.***'
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: ISAKMP SA established
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #415: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#414}
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #415: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #415: sent QI2, IPsec SA established {ESP=>0x63e2d568 <0x7d5dfdc6 NATOA=0.0.0.0}
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #415: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #415: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH)
2014:07:09-09:14:56 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #415: sending encrypted notification INVALID_PAYLOAD_TYPE to 137.117.***.***:4500
2014:07:09-09:14:56 vpn-0 pluto[6012]: packet from 137.117.***.***:4500: Informational Exchange is for an unknown (expired?) SA
2014:07:09-10:01:19 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #416: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #415 {using isakmp#414}
2014:07:09-10:01:20 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #416: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
2014:07:09-10:01:20 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #416: sent QI2, IPsec SA established {ESP=>0x2977f5ba <0x0efa2ef4 NATOA=0.0.0.0}
2014:07:09-10:01:20 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #416: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
2014:07:09-10:01:20 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #416: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH)
2014:07:09-10:01:20 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #416: sending encrypted notification INVALID_PAYLOAD_TYPE to 137.117.***.***:4500
2014:07:09-10:01:20 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: received Delete SA(0x63e2d568) payload: deleting IPSEC State #415
2014:07:09-10:43:47 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #417: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #416 {using isakmp#414}
2014:07:09-10:43:47 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #417: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
2014:07:09-10:43:47 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #417: sent QI2, IPsec SA established {ESP=>0xc2491e3a <0x48fa4030 NATOA=0.0.0.0}
2014:07:09-10:43:47 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #417: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
2014:07:09-10:43:47 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #417: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH)
2014:07:09-10:43:47 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #417: sending encrypted notification INVALID_PAYLOAD_TYPE to 137.117.***.***:4500
2014:07:09-10:43:47 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: received Delete SA(0x2977f5ba) payload: deleting IPSEC State #416
2014:07:09-10:55:04 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #414: received Delete SA payload: replace IPSEC State #417 in 10 seconds
2014:07:09-10:55:14 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #418: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #417 {using isakmp#414}
2014:07:09-10:55:15 vpn-0 pluto[6012]: ERROR: "S_REF_IpsSitAzureVpn_1" #418: sendto on eth0 to 137.117.***.***:4500 failed in quick_outI1. Errno 1: Operation not permitted
*2014:07:09-10:55:25 vpn-0 pluto[6012]: "S_REF_IpsSitAzureVpn_1" #417: IPsec SA expired (LATEST!)
2014:07:09-10:55:25 vpn-0 pluto[6012]: ERROR: "S_REF_IpsSitAzureVpn_1" #417: sendto on eth0 to 137.117.***.***:4500 failed in delete notify. Errno 1: Operation not permitted
2014:07:09-10:55:25 vpn-0 pluto[6012]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitAzureVpn" address="10.1.1.1" local_net="10.1.0.0/21" remote_net="10.1.8.0/21"
2014:07:09-10:55:25 vpn-0 pluto[6012]: ERROR: "S_REF_IpsSitAzureVpn_1" #418: sendto on eth0 to 137.117.***.***:4500 failed in EVENT_RETRANSMIT. Errno 1: Operation not permitted
2014:07:09-10:55:45 vpn-0 pluto[6012]: ERROR: "S_REF_IpsSitAzureVpn_1" #418: sendto on eth0 to 137.117.***.***:4500 failed in EVENT_RETRANSMIT. Errno 1: Operation not permitted
Search

Client SSL Certificates/Mutual SSL Authentication Possible?

July 9, 2014, 11:01 am
$
0
0
Hello,

I'm new to Sophos UTM, and I'm currently setting it up for a client in Amazon's AWS environment. I have the firewall, NAT, IPS, and Proxy server all working correctly. However, they host a web server that requires client side SSL certificates(aka mutual SSL authentication) and I'd like to be able to take advantage of the UTM's web server protection functions. Is there a way to configure Sophos UTM's web server protection to pass the client side certificate? It currently does not work, but at least responds back with the forbidden page when you don't pass a client certificate correctly, which is expected when a client does not pass a cert. Thanks for your help!

Brad

Setting up MER connection

July 9, 2014, 1:22 pm
$
0
0
Support,
I have seen previous posts around the subject, but i was wondering if the UTM 9 product will be bringing MER (MAC Encapsulated Routing) and DHCP client authentication to the UTM box?

I originally used a Cisco 1800 router to replace my ISP provided hub, but wanted to replace that with the Sophos for the addded functionality.

For reference, if it helps I have also included the commands on a Cisco router that builds a connection to my ISP.

interface FastEthernet0
mac-address [mac off isp router]
ip dhcp client client-id hex [auth details in HEX]
ip dhcp client class-id [optional details in HEX]
ip dhcp client lease 365 0 0

The above commands enable a connection to my ISP. Information in [] would be the specific details for my connection.

Internet Download Throttling affects site-to-site VPN?

July 9, 2014, 3:07 pm
$
0
0
I want to speed up my downloads from a remote site connected by IPsec site-to-site VPN. To do that, I put in a Download Throttling rule saying Internet->Any->Private_subnet on my WAN interface. The idea being to throttle everything but the VPN connection. My question is, will this also throttle the VPN connection as well since the remote gateway is an Internet address? I have "Keep classification after encapsulation" checked. There doesn't seem to be a way to put exclusions in the Traffic Selectors.

Install Freezes Detecting Hardware

July 9, 2014, 4:07 pm
$
0
0
I just built a PC to act as my home UTM. This PC has an ASRock Z97 Extreme 6 motherboard, 8GB DDR3 ram, and an Intel Core i7 4790k. The installer detects the CPU, 1TB hard drive, DVD drive, and network interfaces.

Upon starting the installer I see a message indicating that the installer was unable to open rtc device (rtc0).

Once hardware detection reaches 66% and says detecting other devices, the installer freezes. I can access the log, and bash. A picture of the log is below with the hardware MAC addresses blacked out. Any idea as to why this is happening and what I can do about it? Thanks in advance!



I have tried downloading the UTM 9.201-25.1 ISO multiple times and installing from a USB drive.

UTM Home Edition and web monitoring

July 9, 2014, 6:04 pm
$
0
0
I am new to this forum. I would like to monitor and log all web access at my home. Would like to know if UTM Home Edition can do it. And if yes:

a. does it also log the time and date of access.

b. for certain MAC address, can I set it to allow only certain web site to be accessed between two time slots daily.

Thanks
TLeroy

PTP Wireless network and WAN Connection Failover

July 9, 2014, 6:57 pm
$
0
0
Good evening everyone,

I am trying to setup a network that I feel is fairly simple, yet having issues on figuring out the best method to complete the task.

I have the following scenario:

Primary Site:
ISP --> External WAN Int (50.203.X.X)
PTP --> PTP WAN Int (10.10.10.1)
LAN --> Internal LAN Int (192.168.2.0/24)

Secondary Site:
ISP --> External WAN Int (50.204.X.X)
PTP --> PTP WAN Int (10.10.10.3)
LAN --> Internal LAN Int (192.168.1.0/24)

What I am trying to accomplish it two things, one send all traffic between the sites over the PTP Link unless the link is down. Second send Internet traffic through PTP in the event ISP is down.

I have setup the interfaces in UTM and have them both being monitored with uplink monitoring. Where I am stuck is how to route the traffic from the LAN through the PTP.

Thanks in advance.

Software UTM Appliance with on-board Wireless

July 9, 2014, 10:34 pm
$
0
0
Hi Guys,

I'm new to the Sophos domain and am migrating away from more platform based solutions e.g. Fortinet.

I am currently building a mini-ITX box that will run Sophos UTM and I'm currently looking at options for wireless.

This will primarily be used for SOHO so I am not going to too much expense and looking at the lower end AP-10 it says it will only support 10 users. If that is connected devices then I'm out because I have so many wireless devices it's not going to cut the mustard.

I'm looking at installing a mini pcie wireless card (mSata) into the build, if the wireless device is on-board will the Sophos software appliance support it???

Cheers and thank you for helping a new starter.

Willo
Search

ständige Verbindungsabbrüche mit UTM220 und RED 50

July 10, 2014, 12:48 am
$
0
0
Hallo zusammen,

wir betreiben eine UTM220 in der aktuellen Version 9.203-3 mit 2 Company Connect Internanschlüssen.
An die UTM angeschlossen sind zusätzlich 3 Standorte per RED Device.
2 davon per RED 10 und einer per RED 50

Seit einiger Zeit haben wir das Problem, dass das RED 50 Device immer wieder die Verbindung verliert.
Laut meinen Beobachtungen immer dann wenn die Leitung ziemlich ausgelastet war.

Die RED 10 hingegen haben eigentlich kaum Probleme.


Hat jemand damit Erfahrung und kann mir ein paar Tipps geben, wie ich der Ursache und Fehlerbeseitigung näher komme? Gibt es irgendwelche besonderen Einstellungen, die ich auf der UTM vornehmen muss, wenn ich hinter einem Telekom Company Connect Anschluss sitze?

Täglicher up2date-Fehler

July 10, 2014, 1:19 am
$
0
0
Hallo miteinander,

wir betreiben in unserem Netzwerk zwei Astaros (kein HA), jedoch hat eine (UTM 110) seit Wochen folgendes Problemchen:
Einmal am Tag bekomme ich folgende Meldung:

Quote:
[WARN-129] Spam Filter cannot query database servers
Quote:
The spam filter daemon is unable to reach the database servers via HTTP. Please make sure that the device is able to send HTTP (TCP port 80) requests to the Internet. You may have to allow such traffic on upstream devices.
Astaro Altstadt

--
System Uptime : 14 days 3 hours 43 minutes
System Load : 0.29
System Version : Sophos UTM 9.113-1

Please refer to the manual for detailed instructions.
Das up2date ist auf einem 15-minütigen Intervall eingestellt, jedoch kommt diese Meldung wie gesagt nur einmal am Tag und danach läuft wieder alles.
Hier noch ein Ausschnitt der Logs der letzten Tage:

Quote:
2014:07:06-20:00:03 *** audld[8461]: Starting Up2Date Package Downloader
2014:07:06-20:00:04 *** audld[8461]: patch up2date possible
2014:07:06-20:00:08 *** audld[8461]: Could not connect to Authentication Server 79.125.21.244:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:06-20:00:08 *** audld[8461]: Could not connect to Authentication Server 79.125.21.244:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:06-20:00:08 *** audld[8461]: Could not connect to Authentication Server 175.41.132.12:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:06-20:00:08 *** audld[8461]: Could not connect to Authentication Server 175.41.132.12:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:06-20:00:08 *** audld[8461]: Could not connect to Authentication Server 184.72.238.199:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:06-20:00:08 *** audld[8461]: Could not connect to Authentication Server 184.72.238.199:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:06-20:00:08 *** audld[8461]: >================================================= ========================
2014:07:06-20:00:08 *** audld[8461]: All 6 Authentication Servers failed
2014:07:06-20:00:08 *** audld[8461]: '175.41.132.12:443' Code: '500'
2014:07:06-20:00:08 *** audld[8461]: '184.72.238.199:443' Code: '500'
2014:07:06-20:00:08 *** audld[8461]: '79.125.21.244:443' Code: '500'
2014:07:06-20:00:08 *** audld[8461]:
2014:07:06-20:00:08 *** audld[8461]: 1. Modules::Trad_Get_Filelist::contact:1608() audld.pl
2014:07:06-20:00:08 *** audld[8461]: 2. main::authenticate:619() audld.pl
2014:07:06-20:00:08 *** audld[8461]: 3. main::run:413() audld.pl
2014:07:06-20:00:08 *** audld[8461]: 4. main::top-level:27() audld.pl
2014:07:06-20:00:08 *** audld[8461]: Up2Date prefetch failed
2014:07:06-20:00:08 *** audld[8461]: |================================================= ========================
2014:07:06-20:00:08 *** audld[8461]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
2014:07:06-20:00:08 *** audld[8461]:
2014:07:06-20:00:08 *** audld[8461]: 1. main::alf:886() audld.pl
2014:07:06-20:00:08 *** audld[8461]: 2. main::authenticate:623() audld.pl
2014:07:06-20:00:08 *** audld[8461]: 3. main::run:413() audld.pl
2014:07:06-20:00:08 *** audld[8461]: 4. main::top-level:27() audld.pl
2014:07:06-20:20:02 *** audld[10491]: Starting Up2Date Package Downloader
2014:07:06-20:20:02 *** audld[10491]: patch up2date possible
2014:07:06-20:20:14 *** audld[10491]: found previous authentication failure, sending INFO-310
2014:07:06-20:20:14 *** audld[10491]: Up2Date prefetch is working again
2014:07:06-20:20:14 *** audld[10491]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2014:07:06-20:35:02 *** audld[11677]: Starting Up2Date Package Downloader
2014:07:06-20:35:02 *** audld[11677]: patch up2date possible
2014:07:06-20:35:14 *** audld[11677]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"



2014:07:07-20:27:02 *** audld[27084]: Starting Up2Date Package Downloader
2014:07:07-20:27:02 *** audld[27084]: patch up2date possible
2014:07:07-20:27:05 *** audld[27084]: Could not connect to Authentication Server 79.125.21.244:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:07-20:27:05 *** audld[27084]: Could not connect to Authentication Server 79.125.21.244:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:07-20:27:05 *** audld[27084]: Could not connect to Authentication Server 175.41.132.12:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:07-20:27:05 *** audld[27084]: Could not connect to Authentication Server 175.41.132.12:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:07-20:27:05 *** audld[27084]: Could not connect to Authentication Server 184.72.238.199:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:07-20:27:05 *** audld[27084]: Could not connect to Authentication Server 184.72.238.199:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:07-20:27:05 *** audld[27084]: >================================================= ========================
2014:07:07-20:27:05 *** audld[27084]: All 6 Authentication Servers failed
2014:07:07-20:27:05 *** audld[27084]: '175.41.132.12:443' Code: '500'
2014:07:07-20:27:05 *** audld[27084]: '184.72.238.199:443' Code: '500'
2014:07:07-20:27:05 *** audld[27084]: '79.125.21.244:443' Code: '500'
2014:07:07-20:27:05 *** audld[27084]:
2014:07:07-20:27:05 *** audld[27084]: 1. Modules::Trad_Get_Filelist::contact:1608() audld.pl
2014:07:07-20:27:05 *** audld[27084]: 2. main::authenticate:619() audld.pl
2014:07:07-20:27:05 *** audld[27084]: 3. main::run:413() audld.pl
2014:07:07-20:27:05 *** audld[27084]: 4. main::top-level:27() audld.pl
2014:07:07-20:27:05 *** audld[27084]: Up2Date prefetch failed
2014:07:07-20:27:05 *** audld[27084]: |================================================= ========================
2014:07:07-20:27:05 *** audld[27084]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
2014:07:07-20:27:05 *** audld[27084]:
2014:07:07-20:27:05 *** audld[27084]: 1. main::alf:886() audld.pl
2014:07:07-20:27:05 *** audld[27084]: 2. main::authenticate:623() audld.pl
2014:07:07-20:27:05 *** audld[27084]: 3. main::run:413() audld.pl
2014:07:07-20:27:05 *** audld[27084]: 4. main::top-level:27() audld.pl
2014:07:07-20:35:02 *** audld[28216]: Starting Up2Date Package Downloader
2014:07:07-20:35:02 *** audld[28216]: patch up2date possible
2014:07:07-20:35:14 *** audld[28216]: found previous authentication failure, sending INFO-310
2014:07:07-20:35:14 *** audld[28216]: Up2Date prefetch is working again
2014:07:07-20:35:14 *** audld[28216]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2014:07:07-20:50:02 *** audld[29393]: Starting Up2Date Package Downloader
2014:07:07-20:50:02 *** audld[29393]: patch up2date possible
2014:07:07-20:50:16 *** audld[29393]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"



2014:07:08-20:43:02 *** audld[12738]: Starting Up2Date Package Downloader
2014:07:08-20:43:02 *** audld[12738]: patch up2date possible
2014:07:08-20:43:05 *** audld[12738]: Could not connect to Authentication Server 79.125.21.244:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:08-20:43:05 *** audld[12738]: Could not connect to Authentication Server 79.125.21.244:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:08-20:43:05 *** audld[12738]: Could not connect to Authentication Server 175.41.132.12:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:08-20:43:05 *** audld[12738]: Could not connect to Authentication Server 175.41.132.12:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:08-20:43:05 *** audld[12738]: Could not connect to Authentication Server 184.72.238.199:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:08-20:43:05 *** audld[12738]: Could not connect to Authentication Server 184.72.238.199:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:08-20:43:05 *** audld[12738]: >================================================= ========================
2014:07:08-20:43:05 *** audld[12738]: All 6 Authentication Servers failed
2014:07:08-20:43:05 *** audld[12738]: '175.41.132.12:443' Code: '500'
2014:07:08-20:43:05 *** audld[12738]: '184.72.238.199:443' Code: '500'
2014:07:08-20:43:05 *** audld[12738]: '79.125.21.244:443' Code: '500'
2014:07:08-20:43:05 *** audld[12738]:
2014:07:08-20:43:05 *** audld[12738]: 1. Modules::Trad_Get_Filelist::contact:1608() audld.pl
2014:07:08-20:43:05 *** audld[12738]: 2. main::authenticate:619() audld.pl
2014:07:08-20:43:05 *** audld[12738]: 3. main::run:413() audld.pl
2014:07:08-20:43:05 *** audld[12738]: 4. main::top-level:27() audld.pl
2014:07:08-20:43:06 *** audld[12738]: Up2Date prefetch failed
2014:07:08-20:43:06 *** audld[12738]: |================================================= ========================
2014:07:08-20:43:06 *** audld[12738]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
2014:07:08-20:43:06 *** audld[12738]:
2014:07:08-20:43:06 *** audld[12738]: 1. main::alf:886() audld.pl
2014:07:08-20:43:06 *** audld[12738]: 2. main::authenticate:623() audld.pl
2014:07:08-20:43:06 *** audld[12738]: 3. main::run:413() audld.pl
2014:07:08-20:43:06 *** audld[12738]: 4. main::top-level:27() audld.pl
2014:07:08-20:47:02 *** audld[13734]: Starting Up2Date Package Downloader
2014:07:08-20:47:02 *** audld[13734]: patch up2date possible
2014:07:08-20:47:14 *** audld[13734]: found previous authentication failure, sending INFO-310
2014:07:08-20:47:14 *** audld[13734]: Up2Date prefetch is working again
2014:07:08-20:47:14 *** audld[13734]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"





2014:07:09-20:57:02 *** audld[31078]: Starting Up2Date Package Downloader
2014:07:09-20:57:02 *** audld[31078]: patch up2date possible
2014:07:09-20:57:05 *** audld[31078]: Could not connect to Authentication Server 79.125.21.244:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:09-20:57:05 *** audld[31078]: Could not connect to Authentication Server 79.125.21.244:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:09-20:57:05 *** audld[31078]: Could not connect to Authentication Server 175.41.132.12:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:09-20:57:05 *** audld[31078]: Could not connect to Authentication Server 175.41.132.12:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:09-20:57:05 *** audld[31078]: Could not connect to Authentication Server 184.72.238.199:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:09-20:57:05 *** audld[31078]: Could not connect to Authentication Server 184.72.238.199:443 (code=500 500 Connect failed: connect: Network is unreachable; Network is unreachable).
2014:07:09-20:57:05 *** audld[31078]: >================================================= ========================
2014:07:09-20:57:05 *** audld[31078]: All 6 Authentication Servers failed
2014:07:09-20:57:05 *** audld[31078]: '175.41.132.12:443' Code: '500'
2014:07:09-20:57:05 *** audld[31078]: '184.72.238.199:443' Code: '500'
2014:07:09-20:57:05 *** audld[31078]: '79.125.21.244:443' Code: '500'
2014:07:09-20:57:05 *** audld[31078]:
2014:07:09-20:57:05 *** audld[31078]: 1. Modules::Trad_Get_Filelist::contact:1608() audld.pl
2014:07:09-20:57:05 *** audld[31078]: 2. main::authenticate:619() audld.pl
2014:07:09-20:57:05 *** audld[31078]: 3. main::run:413() audld.pl
2014:07:09-20:57:05 *** audld[31078]: 4. main::top-level:27() audld.pl
2014:07:09-20:57:05 *** audld[31078]: Up2Date prefetch failed
2014:07:09-20:57:05 *** audld[31078]: |================================================= ========================
2014:07:09-20:57:05 *** audld[31078]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
2014:07:09-20:57:05 *** audld[31078]:
2014:07:09-20:57:05 *** audld[31078]: 1. main::alf:886() audld.pl
2014:07:09-20:57:05 *** audld[31078]: 2. main::authenticate:623() audld.pl
2014:07:09-20:57:05 *** audld[31078]: 3. main::run:413() audld.pl
2014:07:09-20:57:05 *** audld[31078]: 4. main::top-level:27() audld.pl
2014:07:09-21:05:02 *** audld[32176]: Starting Up2Date Package Downloader
2014:07:09-21:05:02 *** audld[32176]: patch up2date possible
2014:07:09-21:05:14 *** audld[32176]: found previous authentication failure, sending INFO-310
2014:07:09-21:05:14 *** audld[32176]: Up2Date prefetch is working again
2014:07:09-21:05:14 *** audld[32176]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
Auch noch sehr mysteriös: Der Fehler kommt immer fast genau einen Tag später plus 15 Minuten.

Schon einmal vielen Dank für eure Hilfe!

Grüße,
Manuel

Fun with CA Certificates in Linux (Ubuntu)

July 10, 2014, 2:46 am
$
0
0
Hi I've successfuly set-up http(s) Web security scanning at several companies with Windows machines. All well and good. Unfortunately I've hit a hitch.

When setting up a linux machine I found difficulty getting it to accept the Astaro CA as a trusted signing source. I have copied the Asaro CA WebAdmin Certificate to /usr/share/ca-certificates/extras/ and run "sudo update-ca-certificates" but I'm still finding apps getting sniffy about the ASG signing their SSL certificates (Google's Calendar app for example). I have also imported the Certificates to Firefox's own Certificate store.

So.. ca anyone see where the hole is which is causing the machines to distrust the firewalls certificate signing?

Possibly one for you Bob?

Thanks in advance

JB

UTM9 Webfiltering

July 10, 2014, 3:02 am
$
0
0
hi

i have sophos UTM 9 and i´m trying to configure web filtering exception for some of my network users. how do i do that consider that my network is just work group network.


Thanks

Remove write protected objects

July 10, 2014, 3:09 am
$
0
0
Hi,

I configured a VPN using SUM. Now, one of the firewall doesn't exists anymore.
If i now try to remove the VPN from SUM it hangs, because it can't reach one of the firewalls. But, because of this, it doesn't removes the VPN/Objects from the accessible firewall neither.

So, two questions:

1. How can i remove the write protected objects from the accessible firewall? cc?
(Without releasing all SUM objects of course)

2. How to remove the VPN connection from SUM?


Thanks
Urs

Planetside Woes

July 10, 2014, 3:23 am
$
0
0
Planetside is a popular 1st person shooter. It is in constant development and therefore has regular very large updates sometimes north of 1.3GB. Seemingly regardless of the size my personal ASG's Web Protection is blocking the updates being downloaded. There is no error at the client end just a very, very slow download which eventually times out. Interestingly the time-out happens not at the beginning, which you would expect if it is being blocked by the UTM, but after several MB have come through.

Switching off the Web Protection module cures the problem completely.

Does anyone have a definitive list of URL's IP addresses, ports and services I can add to the exception list to get the download through without the malarky of scanning and URL filtering, size blocking etc...

Thanks.

JB

Routing of Mailprotection

July 10, 2014, 7:01 am
$
0
0
Hello together,

I have eth1 with an additional (public + static) IP.

Is it possible to bind SMTP of mailprotection on this second IP?

Thank you very much.
Search

UTM [v9.113-1] Error authentication proxy AD SSO

July 10, 2014, 7:40 am
$
0
0
Hi everyone, I need some help here...
Is the second time with that problem, first time we opened a support call and for a while has resolved but now again the same problem, we use AD SSO but when try to navigate the proxy (UTM) keeps asking for authentication but also after put the Username and password show me again the message (not one not two times, and not a user, but everyone) and if we close the tab we lost the connection...

RED10 remote site clients not resolving FQDN

July 10, 2014, 11:45 am
$
0
0
Hi

I've recently purchased an UTM 220 + 2x RED10's and setup them through the RED wizard. They connect & the clients get DHCP leases and everything seems fine. RED10's running in 'Standard/Unified mode" / DHCP Client uplink mode.

However I have a problem that clients behind the RED10's cannot resolve FQDN from the HQ-UTM220 network, such as the hostname of my DC, SQL Server, etc. However I can successful ping via ipv4.

Side note, when I use the client SSL VPN the remote clients can resolve the FQDN

Under Network & Services > DNS > Request Routing the MS based AD/DC Server is configured. Where AD/DC is 10.10.8.50.

My Main network is 10.10.8.0/22
Red #1 - 172.16.0.0/24 - interface 172.16.0.1
Red #2 - 172.16.0.1/24 - interface 172.16.1.1

DHCP Red #1
Start - End 172.160.0.100-150
DNS Server1: 172.16.0.1
DNS Server2: 0.0.0.0
DGW: 172.16.0.1

Corresponding for Red #1 but with the +1 IP.

Any idea what I should be checking for or missing out on?

My DNS Forwarder is my ISP's DNS address. Should I add my PDC/AD there as well?

Thanks

Inbound/Outbound Mail Delay

July 10, 2014, 3:18 pm
$
0
0
Morning all,

Our network admin recently left the business shortly after implementing UTM web, email and network protection. Most of what I know of UTM has been a crash course learnt via this forum in the past week, I'm hoping you can assist with a problem we have with a delay in smtp traffic.

UTM Version: 9.203-3
Exchange 2013 SP1

I have had reports of outbound email from multiple users taking up to two days to reach the recipient, this has been observed with multiple recipient addresses to different domains.

I have also noticed smaller delays of up to 45 mins for incoming emails, this is not as frequent as outgoing mail.

Reading various setup guides on this forum I'm confident UTM has been setup using some the basic guides found here:

SMTP Settings

Global - Simple Mode

Routing:
- Domains - all listed
- Host list - Exchange host
- Recipient Verification - With Callout

Antivirus:
- Reject Malware, Dual Scan, everything else default

AntiSpam:
- Recommended RBLs
- Greylisting, BATV & SPF ticked

Relaying:
- Host Based - Exchange host

I have confirmed the smarthost is pointing to UTM correctly in exchange, have also been keeping an eye on the SMTP Spool, I'm not seeing any of the delayed emails within.

We previously used SpamTitan before the switch to UTM, never experienced delays to this extent before the change over.

Any advice or assistance is greatly appreciated.

Thanks

Dave

Consultation on aps in remote offices

July 10, 2014, 3:55 pm
$
0
0
I have a Central Astaro ASG 425 and need to configure aps 50 remote office communication in these remote offices is an ISP router link data, after the data link is another router in each remote office all these networks are known for Astaro. these aps keychain connected in these offices could manage from Astaro These networks have this router dhcp handing

Black list import??

July 10, 2014, 5:44 pm
$
0
0
Hi
I was giving a list of about 1000 URLs that I need to block.
Is there an easy way to import these or must they all be done one by one?
Viewing all 14361 articles
Browse latest View live
Search