FW3045 20.0v2 Troubleshooting Remote Ethernet Devices On Sophos Firewall
FW3045 20.0v2 Troubleshooting Remote Ethernet Devices On Sophos Firewall
Troubleshooting Remote
Ethernet Devices on
Sophos Firewall
Sophos Firewall
Version: 20.0v2
[Additional Information]
Sophos Firewall
FW3045: Troubleshooting Remote Ethernet Devices on Sophos Firewall
May 2024
Version: 20.0v2
© 2024 Sophos Limited. All rights reserved. No part of this document may be used or reproduced in any form or by any means without the prior written
consent of Sophos.
Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and marks mentioned in this document may be the
trademarks or registered trademarks of Sophos Limited or their respective owners.
While reasonable care has been taken in the preparation of this document, Sophos makes no warranties, conditions or representations (whether express
or implied) as to its completeness or accuracy. This document is subject to change at any time without notice.
Sophos Limited is a company registered in England number 2096520, whose registered office is at The Pentagon, Abingdon Science Park, Abingdon,
Oxfordshire, OX14 3YP.
DURATION 5 minutes
In this chapter you will learn how to troubleshoot common issues with Remote Ethernet Devices on
Sophos Firewall.
Log Files
/log/csc.log /log/red.log
There are two log files on the Sophos Firewall that should be checked when troubleshooting issues
with RED: /log/csc.log and /log/red.log.
In this example RED cannot be enabled on the Sophos Firewall. The error indicates a problem
accessing the provisioning service on port 3400.
To troubleshoot this issue, you need to test the connectivity from the Sophos Firewall to the
provisioning server, red.astaro.com. This can be done from the Advanced Shell using telnet.
If you see a ‘Connection timed out’ error, this indicates that something is blocking access to port 3400,
most likely an upstream router or gateway.
If you see a ‘Name or service not known’ error, this indicates there may be an issue with the DNS
configuration on the Sophos Firewall.
In this example the Sophos Firewall DNS had been misconfigured. Once corrected RED could be
enabled.
Here you can see a RED that is disconnected from the Sophos Firewall. Troubleshooting a RED that
cannot connect may require someone at the remote location, but we will start with the steps that can
be completed on the Sophos Firewall.
On the Advanced Shell, check that the RED services are running. If they are not, try to start them.
If the services are running, verify that the red_server process is running with the command ps | grep
red_server.
The next step is to perform a packet capture for traffic on port 3400 to see if the RED has been able to
reach the Sophos Firewall.
The next steps should be completed at the remote location of the RED.
Test that there is access to the provisioning server, red.astaro.com, and the Sophos Firewall on port
3400. If the RED configuration uses the hostname of the Sophos Firewall, be sure to use that in your
test to check that it can be resolved at the remote site.
https://docs.sophos.com/nsg/sophos-
red/quickstart/en-us/sophos-operating-
instructions-sd-red-20-60.pdf
There is information in the operating guide for SD-RED 20 and 60 devices that covers the startup
process of the RED and what the lights and messages shown mean. This can be used to further
identify possible causes for being unable to connect.
[Additional Information]
https://docs.sophos.com/nsg/sophos-red/quickstart/en-us/sophos-operating-instructions-sd-red-20-
60.pdf
In this example the issues was caused by port 3400 being blocked by the firewall at that site.
Chapter Review
When troubleshooting RED issues, you should check the csc.log and red.log on Sophos Firewall.
Remote Ethernet Devices contact the provisioning server red.astaro.com using TCP port 3400.
The lights on the front of the RED can indicate where the connection is failing. These can be looked up on
the Sophos website.
Here are the three main things you learned in this chapter.
When troubleshooting RED issues, you should check the csc.log and red.log on Sophos Firewall.
Remote Ethernet Devices contact the provisioning server red.astaro.com using TCP port 3400.
The lights on the front of the RED can indicate where the connection is failing. These can be looked up
on the Sophos website.