efa-project.org

Hi,

It's been a while since I was here, as my appliances just work. However with the impending demise of Centos 7 I have looked at upgrading my appliances.
Just in case anyone else has encountered this and it is straightforward and I have missed something obvious:
I am getting an "error Configuring Razor"
Fresh install of Centos Stream 9
updated successfully after install (So it has Internet Access)
Install using curl..... | bash
All downloads OK
After a Reboot go to the Web page
Run through all the questions and off it goes
Up comes the error. It doesn't give a lot away (I'm sure I have had this same error on EFA 4 setup previously)

I logged into the CLI and tried again.
Ran through - the only question I answered differently was DNS (after reading some posts on here)
Same issue, but the error is a little more descriptive this time:

[eFA] - Configuring Razor
nextserver: discover1: Timed out (15 sec) while reading from discovery.razor.cloudmark.com
nextserver: discover1: Timed out (15 sec) while reading from discovery.razor.cloudmark.com
chmod: cannot access '/var/spool/postfix/.razor/identity-*': No such file or directory
[eFa] - Error initializing system! Please try again...

So - I am just building a 2nd box on my lab, which is a lot less of a complicated network, to see if I encounter the same error.
If not - it must be some weird connectivity issue that escapes me on my work network.

I will report back with my findings for test 2 shortly....

Thanks for any input in advance

elfranko

So my lab EFA set up with no apparent issue.
Next is try and work out why the production test failed.

TIA
elfranko

Interestingly it is getting stopped at the firewall.
It is in a rule "IP to Any service and any destination allow" towards the top of the ruleset
Yet it is hitting the deny all last rule - with a layer 7 deny rule for the application cloudmark-desktop using port 2703

so I will investigate further!

Cheers
Frank

To set up razor the appliance needs to access the internet using port TCP 2703
The only way you know it hasn't worked is the error message in the original post.

Once I enabled outbound access for TCP/2703 on the firewall it was a happy machine.

The only other thing I would add is that for many the system would be to collect mail to be passed on to a mail server.
Out of the box it try's to do recipient checks, this gives a Relay Access Denied error.
To switch it off log on vis SSH and its 7 - Mail Settings then 5- Automated Recipient verification. Setting it to N

Hope this helps

elfranko