Skip to main content

Sophos XG firewall once again kills backup with Crashplan Central (Cloud)

It seems such a long time ago I battled with Sophos XG firewall (v15.x) to get Crashplan Central (Cloud Backup) to work through it (#1). Last month I upgraded to v16.x and hey, what do you know? A new problem with connection to Crashplan Central.

To make a long story short (read the forum posts), there's a bug (what else is new when it comes to Crashplan and XG) in v16 (including v16.0.1.1) that blocks the crashplan traffic. It's confirmed by Sophos KB (#2) and they say:
In certain situations traffic being passed through the XG firewall may appear be passed through the proxy even when no Web Policy is enabled within the relevant firewall rule and HTTP/HTTPS scanning is disabled."
Both the KB and forumpost (#3) gives a workaround:


    1. Connect to the XG firewall via SSH and select option 4 (Device Console) from the menu
    2. run the below to disable this:
      system application_classification microapp-discovery off
    3. Restart Crashplan

    Links:
    1. https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/32111/anyone-successfully-running-crashplan-backups-through-an-xg/314571#pi2132219853=1
    2. https://community.sophos.com/kb/en-us/125458
    3. https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/81482/crashplan-connectivity-issues-with-xg-16/310556?pi2132219853=2&pi2132219849=84
    PS! I have not checked, nor installed, v16.0.1.2 to confirm it's still there or not. Might do that soon, and update this post.
    Labels:

    Comments

    Post a Comment

    Popular posts from this blog

    Force Dell BIOS Upgrade

    I just experienced a problem upgrading a Huawei N8300 OceanStor NAS Engine node (OEM'ed Dell PowerEdge R710 server). Running the linux binary update file looked good and it asked me to reboot. After reboot the same old v2.1.15 BIOS was there, not the latest v6.4.0 (as of writing this small post). Next up was creating a FreeDOS Bootable ISO with the bios update program included (see this page for how to do that in Windows). Running the BIOS upgrade program from FreeDOS (virtual media and DRAC) I got this error: Cannot use a "Dell System PowerEdge R710" BIOS in a " -  " Pres any key to exit. ROM update not performed. After some googleing I found the solution on Dell Community Forum - use the /FORCETYPE option. So to force the update, I just ran the update package with that option (I had renamed the file for 8.3 DOS filename): R710-640.exe /FORCETYPE And thats it. v6.4.0 BIOS up and running :)
    1 comment
    Read more

    How to configure multiple VLANs on QNAP TS-869U

    It's unbelievable that QNAP still doesn't support multiple VLANs on a single bond0 interface via GUI when they now just released the QTS v4.1.0 NAS Operation System for QNAP. The underlying Linux OS (QTS) does support it, and there should at least not be any problems with Intel chipsets. Some are reporting problems with Marvell.. but I haven't tried. I wanted to use the QNAP as a iSCSI storage for my LAB using a second interface while having full redundancy and get max bandwith (2x1GbE) for my ESXi hosts, and I didn't want that interface routed. At the same time I of course need the possibility to manage the QNAP system via the main interface, which is routed. This CLI "hack" will at configure the QNAP for a second VLAN interface that will be persistent during reboots. It's not been verified that it works after an upgrade of the firmware, but I presumed it will. To get this to work I presume you already have the following working: Network onfigured
    5 comments
    Read more