Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

Hardwarefehler?

September 3, 2014, 7:03 am
$
0
0
Hallo,

ich habe hier eine ASG220 rev.1. Sie war komplett aus. Nun möchte ich sie in Betrieb nehmen. Nach dem Anschalten geht die Power-LED an und ein kurzer Piep ist zu hören. Das LCD bleibt aus.

Jetzt habe ich mir den VGA-Adapter gebaut um zu sehen, was das BIOS macht. Leider kein Bild aufm Monitor zu sehen. Den RAM entfernt dann gibt es lange Pieptöne bis zum Abschalten.

Wie kann ich weiter vorgehen um herauszufinden, was da nicht geht?

Bin für Tipps offen.

Gruß RC
Search

Anyone Else Seeing a Huge Increase in Spam?

September 3, 2014, 7:08 am
$
0
0
During the last 24-48 hours, we have had an enormous increase in the amount of spam and infected emails coming through. I've already opened a case with support but I thought I'd see if anyone else is experiencing this.

During any given 24 hour period, our UTM blocks approximately 60% of the incoming mail. In these last 48 hours (up to and including right now) it's only blocking 1%-2% and end users are receiving a ton of infected emails and very obvious spam/phishing messages at their desktops.

The only change I've made in the last week or so with regards to the SMTP proxy is I've re-enabled "strict RDNS checks" (post 272496).

NFL fantasy football draft site partially blocked

September 3, 2014, 7:30 am
$
0
0
I'm using version 9.205-12 with a UTM320 and I'm having issues with the NFL's fantasy football live draft site. When you access the following URL:
Draft Client Test Connection - Free Fantasy Football | 2014 Fantasy Football - NFL.com

It passes the necessary Flash test but fail connectivity. Nothing appears blocked in the logs but if I'm off the network it works fine. I have exceptions entered for the URL in quite a few places as well as an application exception, but no dice. Where else could I look to see why the connectivity is being interrupted?

AP 10 schlechtes Signal

September 3, 2014, 8:22 am
$
0
0
Hallo,

ich habe mir vor ein paar Tagen eine AP 10 gekauft, in der Hoffung diese Access Point hinter meiner UTM zu benutzen.
Leider folgte die Ernüchterung schnell, als ich bemerkt habe das ich mich nicht aus dem Zimmer bewegen darf da sonst die WLAN Verbindung direkt abgebrochen wird.
Auch wenn ich mir im WebAdmin Panel die Signalstärke anschaue, kommt dort mein iPhone niemals über 20% obwohl es fast direkt neben dem Access Point liegt.
Meine Frage wäre nun, ob es an dem Access Point oder an einer falschen Konfiguration liegt. Als Konfiguration habe ich die Standart, die beim aktivieren der Wireless Protection erstellt wird, genommen und einfach nur umbenannt.
Zu meiner Umgebung ist noch zu sagen, dass ich mit meinem Handy selbst immer nur ein anderes WLAN Netz finde und dies auch nicht immer zuverlässig.
Ansonsten besitze ich noch Schnurlose Telefone von der Telekom. Ich bin mir aber nicht sicher, ob diese das Signal stören könnten.

Ich hoffe man kann mir helfen :)

Gruß JohnnyR

SoftEther VPN mit VPNAZURE hinter Sophos UTM 110

September 3, 2014, 9:05 am
$
0
0
Hallo,
wir haben in unserem Netz eine UTM 110 am Laufen. Ich probiere nun schon seit einiger Zeit mit der Software von Softether herum um einen VPN Zugang von zu Hause aus herzustellen. Der Sophos eigene Zugang über den Sophos VPN Client klappt.
Die Installation des Softether VPN Servers auf dem Server 2008 R2 klappt auch. Ich wollte die Einrichtung so einfach wie möglich halten und habe mich für diesen VPN Azure Cloud Service - Build VPN from Home to Office without Firewall Permission Weg entschieden. Leider wird mir im Installationswizzard nie der Zustand: connected angezeigt, wenn ich den Server für den Zugriff über VPNazure konfiguriere.
Ich denke, dass es an den Einstellungen der Firewall liegt. Da meine Kenntnisse, was das Einstellen von Firewalls betrifft, eher mager sind, bitte ich um Hilfe.
Danke im Voraus.

Gruß

RED 10 USB for MiFi; any USA Verizon or AT&T users?

September 3, 2014, 10:17 am
$
0
0
I have a telecommuter whose needs wired connection to 4G through AT&T or Verizon; and both those providers have USB devices which seem to work well when connected directly to a PC.

Anyone using USA-based AT&T or Verizon devices for USB WAN connectivity into a RED 10? Is there some bridge thingy I need to put upstream?

Remote Desktop > External Access

September 3, 2014, 11:23 am
$
0
0
At work I have PC which the staff simply remotes into and does their thing..

We now want to open this up to our satellite office; so I am looking for some help in achieving this through the SOPHOS UTM9.

I've tried through NAT and the firewall still can't get it to connect through port 3389....

Any help would be appreciated.

Problem WLAN Interface zieht DHCP IP Adresse nicht

September 4, 2014, 12:36 am
$
0
0
Hallo zusammen, ich habe folgendes Problem: Ich möchte 2 Wlan Bereiche einrichten.

Ein internes WLAN Netz für unsere Notebooks und ein Gäste WLAN Netz für Besucher. Das Besucher Netz soll natürlich vom Firmennetz getrennt sein.

Ich habe mich an diese Anleitung gehalten:

1. Wireless Protection -- Wireless Networks -- Add Wireless Network
It will create a wlan with a number appended so it will be wlan0, wlan1 etc remember this!
Configure the SSID and client Isolation etc
Then
2. Interface and Routing - Create a new Interface
Name 'Guest Wireless Interface'
Type 'Ethernet Static'
Hardware 'wlan1' or whatever wlan you created in step 1
IP address '192.168.1.1' or whatever works for you - essentially something different to your real LAN
3. Network Services
Create a new DHCP scope with Default Gateway of the IP you used for the interface in step 2 i.e. 192.168.1.1 in my example
Use Google DNS or OpenDNS for DNS servers so everything is properly separate;-) or go to Network Services --> Global and add you new network in here to allow it to use the UTM forwarders. I think using Google DNS is easier but to be honest I setup both just in case.
4. NAT - New Masquerading Rule
'Network' is the Network Interface you created in step 2
'Interface' is the WAN interface of the Firewall, usually called External (WAN)
5. Add your new Wireless Network from Step 1 to allowed (This is the wireless network NOT the interface)
6. Firewall Rules for the Wireless Network, Just allow what you want probably http 80 https 443 and DNS 53
7. Once all this is done and working create a Hotspot and configure and add in the name of the wireless network to force clients to the Hotspot landing page

Problem das Gästewlan zieht keine IP Adresse des DHCP Servers. Im DHCP Server ist natürlich das richtige Interface ausgewählt. Meldung aus dem DHCP LOG:

Das GästeWlan steckt auf ETH4
2014:09:04-09:21:58 mail dhcpd: Listening on LPF/eth4/00:1a:8c:50:0b:fe/10.0.0.0/8
2014:09:04-09:21:58 mail dhcpd: Sending on LPF/eth4/00:1a:8c:50:0b:fe/10.0.0.0/8
2014:09:04-09:21:58 mail dhcpd: Sending on Socket/fallback/fallback-net

Vielen Dank
Search

Handling WLAN Hotspot

September 4, 2014, 1:53 am
$
0
0
Hallo, ich habe eine Frage zur Hotspot Funktion. Wir möchten diese gerne nutzen für unser WLAN Gastnetzwerk. Bisher haben wir nur die WLAN Funktion über ein fixes Kennwort eingerichtet, Kennwort ist immer gleich geblieben.

Hotspot Einrichtung hat auch funktioniert was mich aber etwas am Ablauf stört: Ich muss bisher den Basic Auth (also mein fixes Kennwort zum Verbinden ins Wlan) eingeben und danach öffnet sich dann die Internetseite mit dem Tageskennwort.

Zwei Kennwörter an den Kunden zu geben finde ich weniger toll. Wie löst ihr die Hotspot Geschichte?

vielen Dank,

Link balancing between 2 ISPs

September 4, 2014, 2:09 am
$
0
0
Dear All,

We have one dedicated Internet line with Public IP which is currently being used for Site to Site VPN purposes for remote locations and also for Internet. Now we have subscribed to one more line which is a DSL connection as we were facing slowness in bandwidth in dedicated line and it is very costlier. Now as we have 2 Internet connections, we want to use dedicated Internet line only for Site to Site VPN purposes to access servers kept inside our data center from remote locations and we don't want to use dedicated Internet line for http traffic. We want to use DSL line for Internet traffic. Is there a way to configure 2links in a way, so that both Internet connections has to be used at the same time like load balancing? Waiting for your response. Please do the needful. Thank you.

FYI: My UTM model number is ASG 425 and FW version is 9.201-25

Scanning archived files

September 4, 2014, 3:16 am
$
0
0
Hello Everyone

I am trying to use Sophos EndPoint Security and Control, Version 10.0 in order to virus scan some archives (zip, rar, 7z, etc). However I don't understand the scan results. I am using the 'Right Click Scanning' feature to scan 'All Files' and 'Scan within archive files' for Adaware, PUA's and suspicious files. For example, I have a zip file with 4 blank text files within it. No matter how many text files I add to the zip file the results show that only two items were scanned. If I extract the zip file and then scan it, it shows that 5 items were scanned which are the 4 text files and one folder.

I don't understand what these 2 items scanned signify and whether indeed the contents of the zip file is actually being scanned.

Thanks for your help..

DNS query timeout

September 4, 2014, 4:19 am
$
0
0
Hi all,

since we installed the Sophos UTM 100 a couple of months ago, sometimes we have problems accessing websites. As we use Active Directory in our local net DNS queries should go this way:
Client (DNS Server: SBS2011) -> Small Business Server 2011 (forwarder to the UTM) -> Sophos UTM (forwarder to two DNS servers of our ISP) -> DNS server of our ISP
I added the internal network to the allowed networks of the DNS service and two DNS servers of our ISP to the DNS forwarders.

The problem in detail:
Most of the time we don't have any problems accessing the internet. But at different times a number/all of us cannot access the internet. So there seems to be neither a general problem (for example a missing entry in the firewall) nor a special "event" (for example a disconnect every 24h by our ISP) which could be responsible for this.
After this error occurs, you have to wait one or two minutes and then everything works fine again.
The typical entry in the webfilter log looks like this:
Quote:
2014:09:03-09:28:24 SophosUTM httpproxy[18246]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="dns_expire" file="dns.c" line="187" message="dns query c7ef (Google) timed out, retransmitting (retry 1)"
2014:09:03-09:28:24 SophosUTM httpproxy[18246]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x15aa0368" function="sc_categorize_url_remote" file="scr_scanner.c" line="993" message="no categorization received for url: https://www.google.de/"
2014:09:03-09:28:25 SophosUTM httpproxy[18246]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.10.103" dstip="" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (L&L Standard)" size="2465" request="0x16e306e8" url="https://www.google.de/" exceptions="" error="Host not found" authtime="0" dnstime="10001064" cattime="10896533" avscantime="0" fullreqtime="20937909" device="0" auth="0" category="9999" reputation="neutral" categoryname="Categorization failed"
There are no entries in the log of the firewall or of the intrusion prevention system for this specific time.

Before the UTM was installed, we didn't have problems like this. So the DNS server of our provider seem to work fine (or at least they did ;)).

If there's already a solution somewhere in this forum, please post the link as I didn't find it. Otherwise do you have any ideas how to fix this problem?

Best regards
Thilo

VyprVPN or Equiv URL/Service Routing

September 4, 2014, 4:22 am
$
0
0
Hi Guys

Some advise and/or suggestions would be appreciated.

I have 1 WAN and 1 LAN

I would like to build a site to site tunnel with an IPSEC provider like Vypr VPN or similar.

If anyone LAN side requests a url for eg Google or a particular service.

I would like to route all traffic for the requests via the VPN tunnel.

Is it possible ?
If so, how ?
If not, what would you suggest ?


Many Thanks

Chris

DHCP Lease expiration only minutes after lease start

September 4, 2014, 4:48 am
$
0
0
I'm using a Sophos UTM425 with firmware version 9.205-12.

My DHCP servers are set with lease length of 86400 but in the IPv4 lease table I'm seeing the expiry just minutes or even seconds after the lease start, in some cases the same time as the lease start.

I haven't had anyone complain about being kicked off and I don't see lots of new leases for each client, but I was wondering if anyone could explain why the expiry time/date is so soon after the lease start time/date.

Thanks,

Steve

VoIP auf separatem Uplink

September 4, 2014, 5:09 am
$
0
0
Hallo zusammen,

eine eigentlich einfache Anforderung stellt mich gerade vor Konfigurationsprobleme und ich hoffe, jemand kann helfen :-)

Folgende Konfiguration ist im Einsatz:
Version: 9.205-12
eth0: Standleitung 10MBit/s
eth1: Internal (192.168.98.21/24) im Netz mit Hosts von 192.168.98.1-192.168.98.254
eth2: ADSL 3MBit/s
eth3: DMZ (192.168.99.21/24) in physisch separatem Netz mit Hosts von 192.168.99.1-192.168.99.254

eth0 und eth2 sind bei der Interfaces-Konfiguration jeweils mit Default GW hinterlegt, sodass ich gezwungen wurde, das Uplink-Balancing zu aktivieren. eth0 ist nun aktives Interface während eth2 Standby-Interface ist. Das Masquerading zeigt auf "Uplink Interfaces" - klar, beim Uplink-Balancing.

Sobald ich Upload-Balancing deaktiviere, verliert eth2 automatisch das Default GW (was soweit auch logisch erscheint).

Im internen Netz befindet sich eine Telefonanlage sowie eine Anzahl an Servern und Clients, die jeweils freien Zugriff aufs Internet haben sollen (sowie untereinander kommunizieren). Da die Telefonanlage via SIP auch mit einem VoIP-Provider kommuniziert und Gespräche abwickelt, ist nun die Anforderung, dass dieser Client (was die Anlage ja letztlich auch nur ist) nicht über eth0 nach außen hin kommuniziert, sondern über eth2 und damit eth2 exklusiv der Telefonanlage zur Verfügung steht.

Die optimale Konfiguration wäre dann noch, dass eth2 als Backup-Uplink fungiert (so wie es jetzt auch eingerichtet ist), sodass bei einem Ausfall von eth0 sämtlicher Verkehr ins Internet über eth2 geleitet wird. Falls das nicht geht, ist das kein must-have - könnte man im Fall der Fälle dann auch manuell scharf schalten.

Wie richte ich das ein? Ich habs beim besten Willen nicht hinbekommen. Wie gesagt, es wäre auch okay, hierfür das Uplink-Balancing wieder zu deaktivieren, aber selbst bei deaktiviertem Uplink-Balancing habe ich es nicht geschafft, dass ein einzelner Client eth2 nach außen hin nutzt, während die anderen weiterhin mit eth0 unterwegs sind.

Vielen Dank schon einmal für Eure Hilfe!

jaym
Search

Problem with AP30

September 4, 2014, 6:18 am
$
0
0
Hello.
We have an ASG320 (9.205-12) and different AP30 in different vlans.

There's one AP30 which doesn't work correct. It gets an IP from our windows dhcp server, but the Power LED Display stays only on for a few seconds (during this time the AP is shown as active in the admin interface of the utm and the AP answers pings to the IP). Then the Power LED changes to off (AP to inactive and no response to ping). This goes on and on. Another AP at the same cables works without problems. So it looks like the AP is broken.

When I take this AP to my office, which is in another vlan but also not the same as the utm, it works without a problem. So it looks like the AP isn’t broken.

While searching in the forum, I found that it could be a problem with the vlans (although it shouldn’t be, because another AP at the same connection works without a problem). So I distributed DHCP Option 234 (Verbindung zwischen Sophos Accesspoints und Sophos UTM | ictschule – sorry in German), but still the same result.

Thanks for any help.

AWS VPC Tunnel UTM

September 4, 2014, 8:09 am
$
0
0
Hello,
We created a site to site tunnel via AWS VPC. We are going from AWS East to West using the UTM which lives in East and connects to AWS West end points. We are seeing that at times sync ack packets do not go back though the UTM or dies at the UTM prior to getting encapsulated. This happens randomly about 2/5 times. Any help would be appreciated

10.159 = East
ws1.s.ae1b= East
10.160 = West
ws1.aw2a = West

East:

09:52:46.959089 IP ws1.s.ae1b.X.X.55799 > ip-10-169-X-X.ec2.internal.ssh: Flags [S], seq 2184742932, win 17922, options [mss 8961,sackOK,TS val 1208571489 ecr 0,nop,wscale 7], length 0
09:52:47.958331 IP ws1.s.ae1b.X.X.55799 > ip-10-169-X-X.ec2.internal.ssh: Flags [S], seq 2184742932, win 17922, options [mss 8961,sackOK,TS val 1208572489 ecr 0,nop,wscale 7], length 0
09:52:49.958327 IP ws1.s.ae1b.aarp.net.55799 > ip-10-169-X-X.ec2.internal.ssh: Flags [S], seq 2184742932, win 17922, options [mss 8961,sackOK,TS val 1208574489 ecr 0,nop,wscale 7], length 0


UTM:
13:52:46.959329 IP ip-10-159-X-X.ec2.internal.55799 > ip-10-169-X-X.ec2.internal.ssh: Flags [S], seq 2184742932, win 17922, options [mss 8961,sackOK,TS val 1208571489 ecr 0,nop,wscale 7], length 0
13:52:47.958574 IP ip-10-159-X-X.ec2.internal.55799 > ip-10-169-X-X.ec2.internal.ssh: Flags [S], seq 2184742932, win 17922, options [mss 8961,sackOK,TS val 1208572489 ecr 0,nop,wscale 7], length 0
13:52:49.958620 IP ip-10-159-X-X.ec2.internal.55799 > ip-10-169-X-X.ec2.internal.ssh: Flags [S], seq 2184742932, win 17922, options [mss 8961,sackOK,TS val 1208574489 ecr 0,nop,wscale 7], length 0

West:
09:52:46.988312 IP ip-10-159-X-X.us-west-2.compute.internal.55799 > ws1.aw2a.X.X.ssh: Flags [S], seq 2184742932, win 17922, options [mss 1387,sackOK,TS val 1208571489 ecr 0,nop,wscale 7], length 0
09:52:46.988330 IP ws1.aw2a.X.X.ssh > ip-10-159-X-X.us-west-2.compute.internal.55799: Flags [S.], seq 1154965046, ack 2184742933, win 17898, options [mss 8961,sackOK,TS val 454782197 ecr 1208571489,nop,wscale 7], length 0
09:52:47.987487 IP ip-10-159-X-X.us-west-2.compute.internal.55799 > ws1.aw2a.X.X.ssh: Flags [S], seq 2184742932, win 17922, options [mss 1387,sackOK,TS val 1208572489 ecr 0,nop,wscale 7], length 0
09:52:47.987497 IP ws1.aw2a.X.X.ssh > ip-10-159-X-X.us-west-2.compute.internal.55799: Flags [S.], seq 1154965046, ack 2184742933, win 17898, options [mss 8961,sackOK,TS val 454783196 ecr 1208571489,nop,wscale 7], length 0

RED Tunnel und OSPF

September 4, 2014, 10:26 am

[9.205] HTTP proxy - restarted

September 4, 2014, 11:03 am
$
0
0
Every now and then I notice that my users are getting increasingly annoyed by "The proxy server is not responding" message from IE. So I did some logging, and it seems that the HTTP proxy is shutting down and restarting by itself.
Code:
2014:09:04-19:55:24 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="epoll_loop" file="epoll.c" line="859" message="starting exit cleanup"
2014:09:04-19:55:24 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scan_exit" file="scanner.c" line="577" message="scanner subsystem shutting down"
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scan_exit" file="scanner.c" line="583" message="scanner subsystem shut down"
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="epoll_exit" file="epoll.c" line="680" message="epoll subsystem shutting down"
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="epoll_exit" file="epoll.c" line="695" message="epoll subsystem shut down"
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="disk_cache_exit" file="diskcache.c" line="44" message="writing cache index"
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="disk_cache_exit" file="diskcache.c" line="46" message="writing cache index done"
2014:09:04-19:55:25 UTM httpproxy[14440]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="378" message="shutdown finished, exiting"
2014:09:04-19:55:27 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="271" message="reading configuration"
2014:09:04-19:55:27 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="583" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2014:09:04-19:55:27 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3308" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2014:09:04-19:55:28 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="292" message="reading profiles"
2014:09:04-19:55:28 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scanner_init" file="aptpscanner.c" line="171" message="ATP loaded"
2014:09:04-19:55:28 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_load_list" file="scr_scanner.c" line="1305" message="failed to load list"
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs01.astaro.com' access time: 55ms"
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs02.astaro.com' access time: 71ms"
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs03.astaro.com' access time: 271ms"
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs04.astaro.com' access time: 52ms"
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs05.astaro.com' access time: 52ms"
2014:09:04-19:55:29 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs06.astaro.com' access time: 340ms"
2014:09:04-19:55:30 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs07.astaro.com' access time: 254ms"
2014:09:04-19:55:30 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs08.astaro.com' access time: 533ms"
2014:09:04-19:55:30 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs09.astaro.com' access time: 134ms"
2014:09:04-19:55:31 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs10.astaro.com' access time: 644ms"
2014:09:04-19:55:31 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs11.astaro.com' access time: 40ms"
2014:09:04-19:55:31 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs12.astaro.com' access time: 39ms"
2014:09:04-19:55:31 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs13.astaro.com' access time: 188ms"
2014:09:04-19:55:31 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs14.astaro.com' access time: 336ms"
2014:09:04-19:55:32 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs15.astaro.com' access time: 387ms"
2014:09:04-19:55:32 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs16.astaro.com' access time: 538ms"
2014:09:04-19:55:33 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs17.astaro.com' access time: 572ms"
2014:09:04-19:55:33 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs18.astaro.com' access time: 366ms"
2014:09:04-19:55:33 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs19.astaro.com' access time: 44ms"
2014:09:04-19:55:33 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs20.astaro.com' access time: 57ms"
2014:09:04-19:55:33 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="129" message="reloading ATP pattern"
2014:09:04-19:55:34 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs21.astaro.com' access time: 51ms"
2014:09:04-19:55:34 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs22.astaro.com' access time: 43ms"
2014:09:04-19:55:34 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="147" message="reloading ATP pattern finished"
2014:09:04-19:55:34 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs23.astaro.com' access time: 181ms"
2014:09:04-19:55:35 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs24.astaro.com' access time: 971ms"
2014:09:04-19:55:37 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs26.astaro.com' access time: 535ms"
2014:09:04-19:55:37 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs27.astaro.com' access time: 49ms"
2014:09:04-19:55:38 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="820" message="server 'cffs28.astaro.com' access time: 196ms"
2014:09:04-19:55:40 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="avirascanner_log" file="avirascanner.c" line="89" message="Successfully initialized Avira SAVAPI library 1.5.1, expires 20150331, AVE 8.3.24.20, VDF 7.11.170.170 (7213450 signatures)"
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scanner_init" file="saviscanner.c" line="256" message="Successfully loaded SAVI threat data, engine 3.53.1, threat data 5.03 from 9/7/2014 (7252355 detected threats)"
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="342" message="finished startup"
2014:09:04-19:55:46 UTM httpproxy[15574]: Integrated HTTP-Proxy (c) 2007-2014 Sophos Ltd, Release 144.g33f1438
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="711" message="reloading config"
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="583" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3308" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="752" message="Releasing unused memory"
2014:09:04-19:55:46 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="755" message="reloading config done, new version 69" 
2014:09:04-19:55:48 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="711" message="reloading config"
2014:09:04-19:55:49 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="583" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2014:09:04-19:55:49 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3308" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2014:09:04-19:55:51 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="752" message="Releasing unused memory"
2014:09:04-19:55:51 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="755" message="reloading config done, new version 70"
2014:09:04-19:55:54 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="129" message="reloading ATP pattern"
2014:09:04-19:55:54 UTM httpproxy[15574]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="147" message="reloading ATP pattern finished"
This is what I can see in the log besides normal web browsing.
Does anybody know why this is happening?

Thanks.

[9.206] Intel E1000E adapter hung

September 4, 2014, 11:40 am
$
0
0
Just upgraded to 9.206 without any problems BUT...

I still have nic's hang's on my Intel E1000E adapter :mad:
After set
PHP Code:
/sbin/ethtool -K eth1 gso off gro off 
normal traffic worked again, until next reboot...

Code:
2014:09:04-20:32:59 fw kernel: [ 505.279629] e1000e 0000:00:19.0 eth1: Detected Hardware Unit Hang:
2014:09:04-20:32:59 fw kernel: [ 505.279629] TDH <a2>
2014:09:04-20:32:59 fw kernel: [ 505.279629] TDT <eb>
2014:09:04-20:32:59 fw kernel: [ 505.279629] next_to_use <eb>
2014:09:04-20:32:59 fw kernel: [ 505.279629] next_to_clean <a1>
2014:09:04-20:32:59 fw kernel: [ 505.279629] buffer_info[next_to_clean]:
2014:09:04-20:32:59 fw kernel: [ 505.279629] time_stamp <10000c4d6>
2014:09:04-20:32:59 fw kernel: [ 505.279629] next_to_watch <b3>
2014:09:04-20:32:59 fw kernel: [ 505.279629] jiffies <10000c8fc>
2014:09:04-20:32:59 fw kernel: [ 505.279629] next_to_watch.status <0>
2014:09:04-20:32:59 fw kernel: [ 505.279629] MAC Status <80083>
2014:09:04-20:32:59 fw kernel: [ 505.279629] PHY Status <796d>
2014:09:04-20:32:59 fw kernel: [ 505.279629] PHY 1000BASE-T Status <3800>
2014:09:04-20:32:59 fw kernel: [ 505.279629] PHY Extended Status <3000>
2014:09:04-20:32:59 fw kernel: [ 505.279629] PCI Status <10>
2014:09:04-20:33:00 fw kernel: [ 506.285760] e1000e 0000:00:19.0 eth1: Reset adapter unexpectedly
2014:09:04-20:33:01 fw kernel: [ 506.778527] e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
Viewing all 14361 articles
Browse latest View live
Search