How to: Fix UTM Up2Date 9.702 RED disconnect issue, UTM XG RED disconnect/lost connection issue

In this guide we will use UTM9 as example, you should be able to find similar menu items if you are using Sophos XG.

The Error

Sometimes after updating UTM, Sophos RED (Remote Ethernet Devices) will lost connection with some errors in the RED Live Log

Sophos UTM 9 - RED Management - Open RED Live Log
Sophos UTM 9 – RED Management – Open RED Live Log

2020:03...... sophos-utm red_server[15424]: SELF: New connection from xxx.xxx.xxx.xxx with ID Axxxxxxxxxxxxxx (cipher AES256-GCM-SHA384), rev1<30>Mar 6 09:25:11 red_server[15424]: Axxxxxxxxxxxxxx: connected OK, pushing config
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: Initializing connection running protocol version 0
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: Sending json message {"data":{},"type":"WELCOME"}
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: command '{"data":{},"type":"CONFIG_REQ"}'
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"192.168.0.0/24 1.2.3.4 192.168.100.0/24","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":1,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"xxx...","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"xxx...","manual_netmask":24,"lan3_vids":"","version_r2":"2005R2","mac_filter_type":"none","mac":"xx:xx:xx...","dial_string":"xx..","manual2_address":"0.0.0.0","version_ng_red50":"1-442-bdae8a94a-0000000","manual_dns":"0.0.0.0","lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","version_red50":"1-442-bdae8a94a-0000000","fullbr_domains":"","htp_server":"contoso.com","uplink_balancing":"failover","asg_key":"[removed]","type":"red50","deployment_mode":"online","uplink2_mode":"dhcp","version_red15"...xx...
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: command '{"data":{"message":"Firmware update required. Trying provisioning service ..."},"type":"DISCONNECT"}'
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: Disconnecting: Firmware update required. Trying provisioning service ...
2020:03...... sophos-utm red_server[15424]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="Axxxxxxxxxxxxxx" forced="1"
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx is disconnected.
2020:03...... sophos-utm red_server[15424]: SELF: New connection from xxx.xxx.xxx.xxx with ID Axxxxxxxxxxxxxx (cipher AES256-GCM-SHA384), rev1<30>Mar 6 09:25:11 red_server[15424]: Axxxxxxxxxxxxxx: connected OK, pushing config
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: Initializing connection running protocol version 0
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: Sending json message {"data":{},"type":"WELCOME"}
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: command '{"data":{},"type":"CONFIG_REQ"}'
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"192.168.0.0/24 1.2.3.4 192.168.100.0/24","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":1,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"xxx...","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"xxx...","manual_netmask":24,"lan3_vids":"","version_r2":"2005R2","mac_filter_type":"none","mac":"xx:xx:xx...","dial_string":"xx..","manual2_address":"0.0.0.0","version_ng_red50":"1-442-bdae8a94a-0000000","manual_dns":"0.0.0.0","lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","version_red50":"1-442-bdae8a94a-0000000","fullbr_domains":"","htp_server":"contoso.com","uplink_balancing":"failover","asg_key":"[removed]","type":"red50","deployment_mode":"online","uplink2_mode":"dhcp","version_red15"...xx...
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: command '{"data":{"message":"Firmware update required. Trying provisioning service ..."},"type":"DISCONNECT"}'
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: Disconnecting: Firmware update required. Trying provisioning service ...
2020:03...... sophos-utm red_server[15424]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="Axxxxxxxxxxxxxx" forced="1"
2020:03...... sophos-utm red_server[15424]: Axxxxxxxxxxxxxx is disconnected.
2020:03...... sophos-utm red_server[15753]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems SSL wants a read first
2020:03...... sophos-utm red_server[15765]: SELF: New connection from xxx.xxx.xxx.xxx with ID Axxxxxxxxxxxxxx (cipher AES256-GCM-SHA384), rev1<30>Mar 6 09:26:30 red_server[15765]: Axxxxxxxxxxxxxx: connected OK, pushing config
2020:03...... sophos-utm red_server[15765]: Axxxxxxxxxxxxxx: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2020:03...... sophos-utm red_server[15765]: Axxxxxxxxxxxxxx: Initializing connection running protocol version 0
2020:03...... sophos-utm red_server[15765]: Axxxxxxxxxxxxxx: Sending json message {"data":{},"type":"WELCOME"}
2020:03...... sophos-utm red_server[15765]: Axxxxxxxxxxxxxx: command '{"data":{},"type":"CONFIG_REQ"}'
2020:03...... sophos-utm red_server[15765]: Axxxxxxxxxxxxxx: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"192.168.0.0/24 1.2.3.4 192.168.100.0/24","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":1,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"xxx...","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"xxx...","manual_netmask":24,"lan3_vids":"","version_r2":"2005R2","mac_filter_type":"none","mac":"xx:xx:xx...","dial_string":"xx..","manual2_address":"0.0.0.0","version_ng_red50":"1-442-bdae8a94a-0000000","manual_dns":"0.0.0.0","lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","version_red50":"1-442-bdae8a94a-0000000","fullbr_domains":"","htp_server":"contoso.com","uplink_balancing":"failover","asg_key":"[removed]","type":"red50","deployment_mode":"online","uplink2_mode":"dhcp","version_red15"...xx...
2020:03...... sophos-utm red_server[15765]: Axxxxxxxxxxxxxx: command '{"data":{"message":"Firmware update required. Trying provisioning service ..."},"type":"DISCONNECT"}'
2020:03...... sophos-utm red_server[15765]: Axxxxxxxxxxxxxx: Disconnecting: Firmware update required. Trying provisioning service ...
2020:03...... sophos-utm red_server[15765]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="Axxxxxxxxxxxxxx" forced="1"
2020:03...... sophos-utm red_server[15765]: Axxxxxxxxxxxxxx is disconnected.
2020:03...... sophos-utm red_server[16828]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems
2020:03...... sophos-utm red_server[16830]: SELF: New connection from xxx.xxx.xxx.xxx with ID Axxxxxxxxxxxxxx (cipher AES256-GCM-SHA384), rev1<30>Mar 6 09:27:48 red_server[16830]: Axxxxxxxxxxxxxx: connected OK, pushing config
2020:03...... sophos-utm red_server[16830]: Axxxxxxxxxxxxxx: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2020:03...... sophos-utm red_server[16830]: Axxxxxxxxxxxxxx: Initializing connection running protocol version 0
2020:03...... sophos-utm red_server[16830]: Axxxxxxxxxxxxxx: Sending json message {"data":{},"type":"WELCOME"}
2020:03...... sophos-utm red_server[16830]: Axxxxxxxxxxxxxx: command '{"data":{},"type":"CONFIG_REQ"}'
2020:03...... sophos-utm red_server[16830]: Axxxxxxxxxxxxxx: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"192.168.0.0/24 1.2.3.4 192.168.100.0/24","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":1,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"xxx...","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"xxx...","manual_netmask":24,"lan3_vids":"","version_r2":"2005R2","mac_filter_type":"none","mac":"xx:xx:xx...","dial_string":"xx..","manual2_address":"0.0.0.0","version_ng_red50":"1-442-bdae8a94a-0000000","manual_dns":"0.0.0.0","lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","version_red50":"1-442-bdae8a94a-0000000","fullbr_domains":"","htp_server":"contoso.com","uplink_balancing":"failover","asg_key":"[removed]","type":"red50","deployment_mode":"online","uplink2_mode":"dhcp","version_red15"...xx...
2020:03...... sophos-utm red_server[16830]: Axxxxxxxxxxxxxx: command '{"data":{"message":"Firmware update required. Trying provisioning service ..."},"type":"DISCONNECT"}'
2020:03...... sophos-utm red_server[16830]: Axxxxxxxxxxxxxx: Disconnecting: Firmware update required. Trying provisioning service ...
2020:03...... sophos-utm red_server[16830]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="Axxxxxxxxxxxxxx" forced="1"
2020:03...... sophos-utm red_server[16830]: Axxxxxxxxxxxxxx is disconnected.
2020:03...... sophos-utm red_server[17312]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems SSL wants a read first
2020:03...... sophos-utm red_server[17317]: SELF: New connection from xxx.xxx.xxx.xxx with ID Axxxxxxxxxxxxxx (cipher AES256-GCM-SHA384), rev1<30>Mar 6 09:29:06 red_server[17317]: Axxxxxxxxxxxxxx: connected OK, pushing config
2020:03...... sophos-utm red_server[17317]: Axxxxxxxxxxxxxx: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2020:03...... sophos-utm red_server[17317]: Axxxxxxxxxxxxxx: Initializing connection running protocol version 0
2020:03...... sophos-utm red_server[17317]: Axxxxxxxxxxxxxx: Sending json message {"data":{},"type":"WELCOME"}
2020:03...... sophos-utm red_server[17317]: Axxxxxxxxxxxxxx: command '{"data":{},"type":"CONFIG_REQ"}'
2020:03...... sophos-utm red_server[17317]: Axxxxxxxxxxxxxx: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"192.168.0.0/24 1.2.3.4 192.168.100.0/24","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":1,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"xxx...","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"xxx...","manual_netmask":24,"lan3_vids":"","version_r2":"2005R2","mac_filter_type":"none","mac":"xx:xx:xx...","dial_string":"xx..","manual2_address":"0.0.0.0","version_ng_red50":"1-442-bdae8a94a-0000000","manual_dns":"0.0.0.0","lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","version_red50":"1-442-bdae8a94a-0000000","fullbr_domains":"","htp_server":"contoso.com","uplink_balancing":"failover","asg_key":"[removed]","type":"red50","deployment_mode":"online","uplink2_mode":"dhcp","version_red15"...xx...
2020:03...... sophos-utm red_server[17317]: Axxxxxxxxxxxxxx: command '{"data":{"message":"Firmware update required. Trying provisioning service ..."},"type":"DISCONNECT"}'
2020:03...... sophos-utm red_server[17317]: Axxxxxxxxxxxxxx: Disconnecting: Firmware update required. Trying provisioning service ...
2020:03...... sophos-utm red_server[17317]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="Axxxxxxxxxxxxxx" forced="1"
2020:03...... sophos-utm red_server[17317]: Axxxxxxxxxxxxxx is disconnected.
2020:03...... sophos-utm red_server[17691]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems
2020:03...... sophos-utm red_server[17692]: SELF: New connection from xxx.xxx.xxx.xxx with ID Axxxxxxxxxxxxxx (cipher AES256-GCM-SHA384), rev1<30>Mar 6 09:30:28 red_server[17692]: Axxxxxxxxxxxxxx: connected OK, pushing config
2020:03...... sophos-utm red_server[17692]: Axxxxxxxxxxxxxx: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2020:03...... sophos-utm red_server[17692]: Axxxxxxxxxxxxxx: Initializing connection running protocol version 0
2020:03...... sophos-utm red_server[17692]: Axxxxxxxxxxxxxx: Sending json message {"data":{},"type":"WELCOME"}
2020:03...... sophos-utm red_server[17692]: Axxxxxxxxxxxxxx: command '{"data":{},"type":"CONFIG_REQ"}'
2020:03...... sophos-utm red_server[17692]: Axxxxxxxxxxxxxx: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"192.168.0.0/24 1.2.3.4 192.168.100.0/24","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":1,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"xxx...","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"xxx...","manual_netmask":24,"lan3_vids":"","version_r2":"2005R2","mac_filter_type":"none","mac":"xx:xx:xx...","dial_string":"xx..","manual2_address":"0.0.0.0","version_ng_red50":"1-442-bdae8a94a-0000000","manual_dns":"0.0.0.0","lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","version_red50":"1-442-bdae8a94a-0000000","fullbr_domains":"","htp_server":"contoso.com","uplink_balancing":"failover","asg_key":"[removed]","type":"red50","deployment_mode":"online","uplink2_mode":"dhcp","version_red15"...xx...
2020:03...... sophos-utm red_server[17692]: Axxxxxxxxxxxxxx: command '{"data":{"message":"Firmware update required. Trying provisioning service ..."},"type":"DISCONNECT"}'
2020:03...... sophos-utm red_server[17692]: Axxxxxxxxxxxxxx: Disconnecting: Firmware update required. Trying provisioning service ...
2020:03...... sophos-utm red_server[17692]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="Axxxxxxxxxxxxxx" forced="1"
2020:03...... sophos-utm red_server[17692]: Axxxxxxxxxxxxxx is disconnected.
2020:03...... sophos-utm red_server[4625]: SELF: (Re-)loading device configurations
2020:03...... sophos-utm red_server[4625]: SELF: (Re-)loading device configurations
2020:03...... sophos-utm red_server[18827]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems
2020:03...... sophos-utm red_server[18830]: SELF: New connection from xxx.xxx.xxx.xxx with ID Axxxxxxxxxxxxxx (cipher AES256-GCM-SHA384), rev1<30>Mar 6 09:31:46 red_server[18830]: Axxxxxxxxxxxxxx: connected OK, pushing config
2020:03...... sophos-utm red_server[18830]: Axxxxxxxxxxxxxx: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2020:03...... sophos-utm red_server[18830]: Axxxxxxxxxxxxxx: Initializing connection running protocol version 0
2020:03...... sophos-utm red_server[18830]: Axxxxxxxxxxxxxx: Sending json message {"data":{},"type":"WELCOME"}
2020:03...... sophos-utm red_server[18830]: Axxxxxxxxxxxxxx: command '{"data":{},"type":"CONFIG_REQ"}'
2020:03...... sophos-utm red_server[18830]: Axxxxxxxxxxxxxx: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"192.168.0.0/24 1.2.3.4 192.168.100.0/24","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":1,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"xxx...","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"xxx...","manual_netmask":24,"lan3_vids":"","version_r2":"2005R2","mac_filter_type":"none","mac":"xx:xx:xx...","dial_string":"xx..","manual2_address":"0.0.0.0","version_ng_red50":"1-442-bdae8a94a-0000000","manual_dns":"0.0.0.0","lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","version_red50":"1-442-bdae8a94a-0000000","fullbr_domains":"","htp_server":"contoso.com","uplink_balancing":"failover","asg_key":"[removed]","type":"red50","deployment_mode":"online","uplink2_mode":"dhcp","version_red15"...xx...
2020:03...... sophos-utm red_server[18830]: Axxxxxxxxxxxxxx: command '{"data":{"message":"Firmware update required. Trying provisioning service ..."},"type":"DISCONNECT"}'
2020:03...... sophos-utm red_server[18830]: Axxxxxxxxxxxxxx: Disconnecting: Firmware update required. Trying provisioning service ...
2020:03...... sophos-utm red_server[18830]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="Axxxxxxxxxxxxxx" forced="1"
2020:03...... sophos-utm red_server[18830]: Axxxxxxxxxxxxxx is disconnected.

2020:03…… sophos-utm red_server[15753]: SELF: Cannot do SSL handshake on socket accept from ‘xxx.xxx.xxx.xxx’: SSL connect accept failed because of handshake problems SSL wants a read first

2020:03…… sophos-utm red_server[15424]: Axxxxxxxxxxxxxx: Disconnecting: Firmware update required. Trying provisioning service …

2020:03…… sophos-utm red_server[15424]: id=”4202″ severity=”info” sys=”System” sub=”RED” name=”RED Tunnel Down” red_id=”Axxxxxxxxxxxxxx” forced=”1″

2020:03…… sophos-utm red_server[15424]: Axxxxxxxxxxxxxx is disconnected.

etc.

The Fix

We can try to delete the current RED settings then re-create it again, sometimes we might want to try twice or even three times. Eventually, we should he our RED back online.

Before starting remove the current RED configurations, make sure we backup the configuration files of the Sophos firewall. It is always a good idead.

To be safe and quicker, for recreating the RED we can also not down the current settings by Click on Edit button then note down all important information

1 Backup Sophos firewall

2 Note down current RED settings (“RED Management – [Server] Client Management) – Click on “Edit” for current RED”)

RED Settings
RED Settings

3 Not down current related Interface settings (“Interfaces & Routing – Interfaces”) (There should be one with “Auto-created by RED”)

Interface settings
Interface settings

4 Now let’s go back to RED Management and delete the existing RED

Delete RED
Delete RED

5 Wait 2 minutes, then recreate the RED again

6 If still can’t connect, try to repeat the process again

7 If after repeating the process, still can’t connect, try navigate to (“RED Management – Global Settings”) then disable RED status by click on the switch in the red rectangle, hit OK button, till it’s asking for confirming if you want to remove certificates as well, hit Cancel button, then toggle back the switch to enable RED status again

Disable RED Status
Disable RED Status

8 Make sure the RED settings in “[Server] Client Management” is there, if not, recreate again

9 Now wait, while waiting, we can monitor the RED Live Log. After a while, the RED should come back alive.

RED Up
RED Up

10 Now, we need to make sure the Interface is enabled, otherwise users behind RED clients won’t be able to connect back to our Local Area Network (LAN). Navigate to “Interface & Routing – Interfaces, Edit the one created by RED”, Make sure the in the hardware field, we select the correct interface, which is the RED interface not eth0 etc. etc.

Enable Interface for RED
Enable Interface for RED

11 Save the configuration, continue to monitor the RED Live Log, after 2 – 10 minutes, users behind the RED should be able to connect back to our LAN now

Note: For Sophos XG, if the above methods doesn’t work, try to Disable and Enable “Force TLS 1.2 for RED Configuration

Disable then Enable Force TLS 1.2 for RED Configuration
Disable then Enable Force TLS 1.2 for RED Configuration [1]

Eventually we should be able to see the RED is connected successfully

2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: command '{"data":{"seq":21},"type":"PING"}'
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":21},"type":"PONG"}
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: command '{"data":{"seq":22},"type":"PING"}'
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":22},"type":"PONG"}
2020:03... sophos-utm red_server[26887]: SELF: (Re-)loading device configurations
2020:03... sophos-utm red_server[26887]: Axxxxxxxxxxxxxx: Device config value 'split_networks' changed from '192.168.1.0/24 1.2.3.4' to '192.168.0.0/24 1.2.3.4 192.168.100.0/24'
2020:03... sophos-utm red_server[26887]: Axxxxxxxxxxxxxx: Staging config for upload
2020:03... sophos-utm red_server[26887]: Axxxxxxxxxxxxxx: device config changed, kicking to force reconfiguration
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[27069]: [Axxxxxxxxxxxxxx] Uploaded config to registry service
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: command '{"data":{"seq":23},"type":"PING"}'
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: Sending json message {"data":{"action":"new_config"},"type":"SERVER_REQ"}
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":23},"type":"PONG"}
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: command '{"data":{},"type":"CONFIG_REQ"}'
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"192.168.0.0/24 1.2.3.4 192.168.100.0/24","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":1,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"xxx...","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"xxx...","manual_netmask":24,"lan3_vids":"","version_r2":"2005R2","mac_filter_type":"none","mac":"xx:xx:xx...","dial_string":"xx..","manual2_address":"0.0.0.0","version_ng_red50":"1-442-bdae8a94a-0000000","manual_dns":"0.0.0.0","lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","version_red50":"1-442-bdae8a94a-0000000","fullbr_domains":"","htp_server":"contoso.com","uplink_balancing":"failover","asg_key":"[removed]","type":"red50","deployment_mode":"online","uplink2_mode":"dhcp","version_red15"...xx...
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: command '{"data":{"message":"Device configuration has changed, reconnecting ..."},"type":"DISCONNECT"}'
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx: Disconnecting: Device configuration has changed, reconnecting ...
2020:03... sophos-utm red_server[31693]: id="4202" severity="info" sys="System" sub="RED" name="RED Tunnel Down" red_id="Axxxxxxxxxxxxxx" forced="1"
2020:03... sophos-utm red_server[31693]: Axxxxxxxxxxxxxx is disconnected.
2020:03... sophos-utm red_server[26887]: SELF: (Re-)loading device configurations
2020:03... sophos-utm red_server[2579]: SELF: Cannot do SSL handshake on socket accept from 'xxx.xxx.xxx.xxx': SSL connect accept failed because of handshake problems
2020:03... sophos-utm red_server[2592]: SELF: New connection from xxx.xxx.xxx.xxx with ID Axxxxxxxxxxxxxx (cipher AES256-GCM-SHA384), rev1
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: connected OK, pushing config
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Initializing connection running protocol version 0
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{},"type":"WELCOME"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{},"type":"CONFIG_REQ"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"192.168.0.0/24 1.2.3.4 192.168.100.0/24","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":1,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"xxx...","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"xxx...","manual_netmask":24,"lan3_vids":"","version_r2":"2005R2","mac_filter_type":"none","mac":"xx:xx:xx...","dial_string":"xx..","manual2_address":"0.0.0.0","version_ng_red50":"1-442-bdae8a94a-0000000","manual_dns":"0.0.0.0","lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","version_red50":"1-442-bdae8a94a-0000000","fullbr_domains":"","htp_server":"contoso.com","uplink_balancing":"failover","asg_key":"[removed]","type":"red50","deployment_mode":"online","uplink2_mode":"dhcp","version_red15"...xx...
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"key1":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","key0":"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy","key_active":0},"type":"SET_KEY_REQ"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{},"type":"SET_KEY_REP"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":0},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="Axxxxxxxxxxxxxx" forced="0"
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":0},"type":"PONG"}
2020:03... sophos-utm red2ctl[26897]: Overflow happened on my_red:0
2020:03... sophos-utm red2ctl[26897]: Missing keepalive from my_red:0, disabling peer xxx.xxx.xxx.xxx
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN","WAN_ip":"192.168.200.200","uplink_state":"0"},"type":"STATUS"}'
2020:03... sophos-utm red2ctl[26897]: Received keepalive from my_red:0, enabling peer xxx.xxx.xxx.xxx
2020:03... sophos-utm red_server[26887]: SELF: (Re-)loading device configurations
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":1},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":1},"type":"PONG"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":2},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":2},"type":"PONG"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":3},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":3},"type":"PONG"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":4},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":4},"type":"PONG"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":5},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":5},"type":"PONG"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":6},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":6},"type":"PONG"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":7},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":7},"type":"PONG"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":8},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":8},"type":"PONG"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":9},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":9},"type":"PONG"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":10},"type":"PING"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: Sending json message {"data":{"seq":10},"type":"PONG"}
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"uplink":"WAN"},"type":"STATUS"}'
2020:03... sophos-utm red_server[2592]: Axxxxxxxxxxxxxx: command '{"data":{"seq":11},"type":"PING"}'

Resource

Last picture


ntopng error on pfSense – ntopng requires redis server to be up and running

The Error

ntopng        [Redis.cpp:113] ERROR: to specify a redis server other than the default
ntopng        [Redis.cpp:112] ERROR: Please start it and try again or use -r
ntopng        [Redis.cpp:111] ERROR: ntopng requires redis server to be up and running
ntopng error on pfSense
ntopng error on pfSense

The Fix

1 Login to pfSense via SSH or console or web GUI

1.1 If using web GUI, navigate to “Diagnostics -> Command Prompt” type following command

rm -rf /var/db/ntopng
pfSense -> Command Prompt
pfSense -> Command Prompt

2 Now try to start ntopng from Services Status widget

3 The ntopng service should be able to started successfully

pfSense - Services Status - ntopng
pfSense – Services Status – ntopng

TPG NBN modem with pfSense

How to use pfSense with TPG NBN modem


Create an VLAN, Interface -> Assignments -> VLANs -> Add.

Parent Interface: Use your WAN interface (mine is igb0)

VLAN Tag: 2

VLAN Priority: 0 (Make sure it’s 0, or connection will fail)

pfSense VLAN editing page screenshot

Create a PPP, Interface -> Assignment -> PPPs -> Add.

Link Type: PPPoE

Link Interface: The VLAN you set up before.

Username: TPG Username

Password: TPG Password

pfSense PPPs/PPPoE editing page screenshot

Configure the WAN port.

Description: WAN

IPv4 Configuration Type: PPPoE

MTU: 1500

MSS: 1492

Username: TPG Username

Password: TPG Password

pfSense WAN interface editing page screenshot

Now you can connect to internet through pfSense -> NBN Modem/NBN HFC connection box (Usually a small black box) -> HFC cable connected to wall

[Originally it should be TPG supplied WiFi router -> NBN Modem/NBN HFC connection box (Usually a small black box) -> HFC cable connected to wall]