5ain7 ga11 . CH || i7-l3ak5. CH || g07r007.CH

Archive for March, 2015

Sonicwall NAT Loopback Policy

by on Mar.30, 2015, under Firewalls, Knowledgebase, Kommunikation, Networking




Original Source: LAN Subnets
Translated Source: WAN Primary IP
Original Destination: (WAN server object)
Translated Destination: (LAN server object)
Original Service: Any
Translated Service: Original
Inbound Interface: LAN Interface
Outbound Interface: Any

Leave a Comment more...

Sophos UTM – 9.2xx to 9.304 up2date fails

by on Mar.30, 2015, under Firewalls, Knowledgebase, Networking, Security

gefunden auf:





Updating between minor UTM version releases is failing

First seen in

Sophos UTM


All updates on the UTM are applied sequentially, for example 9.200 updates to 9.201 before updating to 9.202. Upgrading issues can arise when an upgrade path between two minor versions is offered for example 9.2 to 9.3. Dependant on the speed in which the updates are installed to your UTM, you may be left with two upgrade routes, one of which will be invalid. An example of this would be if your UTM has downloaded the upgrade file between 9.209 and 9.300 but never applied this update, the files would remain on your system. After a few weeks 9.209 to 9.210 may have been released creating a second path based on revision version rather than minor version. If you install this update the scripts will also try to install 9.209 – 9.300 which is no longer valid because you are already running on a more recent version.
(note – Since 9.211 was released, the upgrade package from 9.210 to 9.304 was removed.  You now need to upgrade from 9.210 to 9.211, and then to 9.304)

What To Do

  1. Log into the WebAdmin of your UTM and temporarily disable automatic updating
  2. Log into the UTM shell of the UTM and escalate your user rights to root
  3. Using the following commands remove the redundant packages from these locations.
    • # rm -rf /var/up2date/sys-install/*
    • # rm /var/up2date/sys/*
    • # rm /var/up2date/.queue/*
  4. Change your location to the /var/up2date/sys location
    • # cd /var/up2date/sys
  5. Download the correct update file available from the download server.  The example below works for 9.211 to 9.304
    • # wget http://download.astaro.com/UTM/v9/up2date/u2d-sys-9.211003-304009.tgz.gpg
  6. Run the installation using the command:
    • # auisys.plx
  7. Re-enable automatic updating on the UTM

If your UTM is using High Availability, you may also need to remove these same files from the slave node as well.  When remotely accessing an HA cluster you can move to the slave node through the command # ha_utils ssh and when prompted enter the passwords.  The same procedure as above can then be used to resolve the updating issues but with the difference that the update files need to be downloaded on the master, and then copied to the slave using SCP.  From the master, after you have run a wget of the up2date files,  run the command ‘hs’ to identify the ‘cluster IP’ of the Slave node which will either end with a 1 or 2 depending on which node is the Master.  The output will look similar to this:

<M> fw1:/root # hs
Current mode: CLUSTER MASTER with id 1 in state ACTIVE
— Nodes ———————————————————————–
MASTER: 1 node1 9.210020 ACTIVE since Sat Jan 24 17:40:43 2015
SLAVE: 2 Node2 9.210020 UP2DATE since Thu Jan 29 13:03:58 2015

Taking the slave’s IP run the SCP command below from the directory in which the up2date files you wish to copy to the slave are located.

scp u2d-sys-9.210020-304009.tgz.gpg loginuser@

Then enter the password for ‘Loginuser’ – Note that whilst the slave is in status ‘up2date’ no config changes are sync’d across, so if the shell passwords were changed after the problem happened, the slave will still be using the old password.

After the files are copied across, use the command ‘ha_utils ssh‘ to switch to the slave, then move the files copied from the master, to the up2date location as follows:

mv /home/login/u2d-sys-9.210020-304009.tgz.gpg /var/up2date/sys

Now you can run auisys.plx on the slave.

If you need more information or guidance, then please contact technical support.
Leave a Comment more...

Problem mit Windows Updates auf frisch installierten Server 2012 R2 (8024402C)

by on Mar.06, 2015, under Knowledgebase, Server-Plattformen, Windows Server 2012, Windows Server 2012 R2

Ich habe immer wieder bemerkt, dass bei einer frischen Installationen eines Server 2012 R2 die Windows Updates nicht ordnungsgemäß funktionieren.

Es kommt immer folgende Meldung:




Folgendes schafft Abhilfe:
<netsh winhttp reset proxy> im CMD eingeben und dann ging es wieder.

Komische Sache..habe ich weder WSUS noch einen Proxy im Einsatz.

Leave a Comment more...


A few highly recommended websites...