I have a UMS and an ICG running just fine on their own and have connected just fine, but as soon as I enable UFW on the ICG running on Ubuntu the UMS cannot connect to it or is on and off. i have allowed port 8443 for the connection but find that it will only connect if I completely disable the ufw on the ICG. Anyone know what I am missing?
8443 in and out allowed?
Hello Brian, just to be clear are you talking about IGEL’s Universal Firmware Update, the Ubuntu Uncomplicated Firewall service, or something else?
Correct Chris. I am trying to connect IGEL’s Universal Firmware Update in the UMS to my Ubuntu respository for firmware.
Universal Firmware Update is not supported via ICG
If Fimrware Update is meant: yyou would have to setup a separate public Web / FTP Server to achieve that task.
You would have to setup another repository ((S)FTP, Webdav, etc.) and create a profile to point your devices to that for firmware updates
Udo – are you saying to check 8443 out and in on the ufw?
I mounted a volume on my ICG for the repository. Can this not be done?
Ah, fw-upgrade, sorry I thought you talk about the firewall in ubuntu
You mean use the ICG Server as repo server for the Igel Firmware Updates?
ah, that isn’t recomended as well. It would be best to do your repo on a non-ICG server. The ICG should be running on a dedicated devices
SO best practice is to stand up a separate server for the Firmware Repo correct?
Does anyone have a link to the step by steps for this process?
Right. here is step by step guide which should cover your request: files.igelcommunity.com/igel/IGEL-OS-Firmware-Updates-Guide.zip
Just to clarify, it doesn’t need to be a separate Server, an existing Web / FTP Server would work either.
Thanks for the link.
Any thoughts on why my UMS and ICG disconnect when I enable tICG?
Can you describe what you mean by enabling ICG?
I run the following commadn “sudo ufw enable” which makes the firewall on my ICG (In this case it is running on Ubuntu 18.04) and when that happens the UMS cannot connect to the ICG.
So you want now to enable the firewall on the ICG, first idea: did you enabled the communication ports like Incoming TCP 8443 in your rukeset?
Should be something like this if I’m not mistaken: sudo ufw allow from [IP of UMS Server] to any port 8443
And offcourse the other direction: sudo ufw allow out 8443
so at the end we’re talking about two cases here – Firmware update and firewall. hard to figure out 🙂
Sorry Udo. This thread should be fore the Firewall
Hold on, I think I made a mistake there, 8443 needs to reachable from external too, right? @member
8443 mut be incoming from WAN and LAN, right.
So I have the following allowed on the ufw: 8443 allowed anywhere. does this not accomplish that purpose? Again just to note. They were connected this morning but right now the to are not connected and all I did is enable ufw
Well, then its sudo ufw allow in 8443 , since you’ll have your igels most probably on many and changing IPs
Yes, @member that should do it, 8443 should be open in any direction on any source/destination
Which UMS / ICG Version are you using @member ?
UMS 6.04.100 (Build 45217)
IGEL Cloud Gateway v2.01.110
Please try to update both servers to the latest versions, since we addressed a few bugs in both applications
ICG: igel-technology.sharefile.com/d-s4d0487bca6145198
UMS: 6.04.110 www.igel.com/software-downloads/workspace-edition/#lightbox-form
Just confirm. I can update the UMS from within the Console correct?
Ums no, close it and start the installer.
You mean the UMS or ICG? UMS no, you have to download the Exe file and execute it again on the UMS Server. On ICG: yes.
kb.igel.com/endpointmgmt-6.04/en/updating-ums-servers-26036129.html kb.igel.com/endpointmgmt-6.04/en/updating-ums-servers-26036129.html
kb.igel.com/igelicg-2.01/en/updating-the-icg-19181712.html kb.igel.com/igelicg-2.01/en/updating-the-icg-19181712.html
Will the configurations I have on the UMS be lost?
No, everything gets migrated.
So, I just rebooted the ICG and enabled the ufw at start up. to check status. The two server connected fine. but after awhile I went back to the UMS and it showed the ICG disconnected. With mention of the update to both, Is there mention of this as a fix in the latest versions?
Yes, on ICG at least:
[ICG Server]
Fixed: Optimized cleanup tasks to reduce disk space for large installations
Fixed: Timing problems in UMS <-> ICG communication
So potentially the Timing problems in UMS <-> ICG communication is what I might be fighting here possibly?
It might.
From the link above you posted to update the ICG, Am correct in saying I cannot run it from the UMS? I have to run it from the Ubuntu server that the ICG is running on in order to update the ICG. Is this correct?
Did you had a look on the second link I posted?
kb.igel.com/igelicg-2.01/en/updating-the-icg-19181712.html kb.igel.com/igelicg-2.01/en/updating-the-icg-19181712.html
It works from the UMS Console. You could update on the server itself, but it isn‘t mandatory.
Does it work from the console when the ICG is disconnected from the UMS?
Yes, it goes through SSH, assuming your UFW / Firewall allows TCP 22. If not, you can update on the server itself… kb.igel.com/igelicg-2.01/en/updating-icg-manually-19181711.html
Continue reading and comment on the thread ‘IGEL ICG is running just fine, but as soon as I enable UFW the UMS cannot connect?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!