This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Kein Internet via Wifi an RED15W(standard/split) nach 9.500-9 Upgrade auf SG310

Hallo, wir haben seit dem Upgrade auf 9.500-9 letzten Freitag folgendes Problem:

- Im Einsatz ist eine SG310 mit UTM 9.500-9. Angeschlossen daran sind verschiedene Branches in Europa und den USA mit je RED15W im Standard/Split Modus.

Seit Freitag funktioniert in den Außenstellen das Internet über die dort von den RED's bereitgestellten WLAN's nicht mehr. Die Leute können sich einloggen und erreichen auch über den VPN Tunnel unsere Ressourcen in der Hauptstelle, Internet welches ja lokal bereitgestellt wird allerdings nicht. Interessant ist, dass bei direkter Verbindung per Kabel an die RED alles so funktioniert wie es soll.

Hängt das evtl. mit einem der durchgeführten Bugfixes zusammen:

NUTM-6749 [Access & Identity] RED15w does not send split DNS traffic over RED tunnel
NUTM-5638 [WiFi] RED15w - integrated AP isn't shown as pending in transparent / split mode
NUTM-5786 [WiFi] RED15w - if more then one SSID is configured only one is working correctly?

 

Würde mich über Hilfe oder Ratschläge freuen.



This thread was automatically locked due to age.
Parents
  • Hallo Guido,

    wir haben die identische Konfiguration/Situation bei uns:

     

    SG310-Cluster + 6x RED15w + Standard/Split

    Direkt nach dem Update auf 9.500-9 ging die Internetverbindung via WLAN an den Außenstandorten nicht mehr. Verbindung via Tunnel zur SG310 lief via LAN  und WLAN optimal...

     

    Wir nutzen übrigens "Bridge to AP LAN" - Ihr auch?

    Hast du evtl. schon eine Lösung gefunden? - Bzw. hast du dich bereits beim Sophos-Support gemeldet?

    Viele Grüße

    Sebastian Berg

  • Hallo Sebastian,

    es klingt wirklich genau gleich. Wir haben auch den Standard/Split Modus und Bridge to AP LAN eingerichtet.

    Ich habe den Case beim Sophos Support aufgemacht und auch schon Rückmeldung bekommen, dass der BUG bekannt ist und dran gearbeitet wird. Habe auch gerade mit dem Support telefoniert. Es gibt ohne weiteres keinen Workarround um das mit Bordmitteln zu fixen. Alternativ schlug er vor, in den Standard/Unified Modus zu wechseln, bei dem dann allerdings der komplette Traffic über die UTM geroutet wird, was man ja auch nicht unbedingt haben will, zwecks Performanceproblemen. Eine etwas aufwändigere Variante wäre und das hat bei ihm scheinbar funktioniert, in die RED15W per Kabel einen externen Access Point zu stecken, welcher dann ein WLAN aufmacht. Laut seiner Aussage soll das funktionieren. Ich habs noch nicht probiert, bringt mir aber auch nicht so viel weil ich nicht auf die Schnelle in die Außenstandorte komme.

    Infos zur Ursache, da meinte er, dass es den Wifi-Adpater in der RED15W beim Update getroffen hat, was genau kann niemand sagen, aber sie sind dran. Zeiträume wollte er nicht nennen :(

     

    Hab das ganze auch noch im englischsprachigen Ableger hier gepostet:

    https://community.sophos.com/products/unified-threat-management/f/remote-ethernet-device-red/92447/no-local-internet-connection-via-wifi-on-red15w-standard-split-after-utm-9-500-9-upgrade-on-sg310

     

    Viele Grüße und schönes WE

    Guido

  • Hallo Guido,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment.  )

    As you said in your thread in the Wireless Security forum, this is a known bug, NUTM-7962, and I got confirmation 8 hours after your post above of what they told you about not yet even understanding what the cause might be.  To my knowledge, there's no solution other than to roll back to 9.411/2/3.  If you try with another AP connected to an Ethernet port, please let us know your result.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Ich habe gerade auf das neue Soft Release geupdatet. Läuft nun wieder alles so wie es soll.

    Letzte Zeile!

    Up2Date 9.502004 package description:

    Remarks:
    System will be rebooted
    Configuration will be upgraded
    Connected REDs will perform firmware upgrade
    Connected Wifi APs will perform firmware upgrade

    News:
    Maintenance Release

    Bugfixes:
    Fix [NUTM-8127]: [AWS] Link to CloudFormation console during cloudupdate is not working
    Fix [NUTM-3213]: [Access & Identity] Inconsistent behaviour/state when deleting a user cert
    Fix [NUTM-3283]: [Access & Identity] IPSec: VPN ID shall not include blanks
    Fix [NUTM-3294]: [Access & Identity] Menu option (keyboard layout) background not rendered properly in IE (version 11.0.9600.17728)
    Fix [NUTM-6972]: [Access & Identity] SSLVPN disconnection: backend AD sync
    Fix [NUTM-7897]: [Access & Identity] Argos doesn't start in HA setup without IP address
    Fix [NUTM-7940]: [Access & Identity] Client Authentication daemon crashes in HA scenario
    Fix [NUTM-7982]: [Access & Identity] SSL VPN connection not possible since v9.5 if organisation name contains umlauts
    Fix [NUTM-7996]: [Access & Identity] Devices authenticated via SAA are no longer associated with multiple user network objects in UTM 9.5
    Fix [NUTM-8122]: [Access & Identity] L2TP connections with separate DHCP server does not work
    Fix [NUTM-8146]: [Access & Identity] PPTP fails to connect when Assign IP addresses by is set to DHCP Server
    Fix [NUTM-8147]: [Access & Identity] OpenVPN vulnerabilities
    Fix [NUTM-8161]: [Access & Identity] OpenVPN vulnerabilities (client part)
    Fix [NUTM-8280]: [Access & Identity] High confd load through UMA
    Fix [NUTM-8130]: [Basesystem] Linux vulnerability 'The Stack Clash'
    Fix [NUTM-8156]: [Basesystem] Apache httpd vulnerability (CVE-2017-3169)
    Fix [NUTM-7235]: [Confd] READONLY user can download support package
    Fix [NUTM-7425]: [Email] Emailenc causing high load - permanently 100% CPU usage
    Fix [NUTM-7790]: [Email] Restrict long regular expression in WebAdmin
    Fix [NUTM-7876]: [Email] POP3 Proxy stops working after some time
    Fix [NUTM-7889]: [Email] Sandbox scan doesn't work - worker_do_get_file req content parsing error or missing parameters
    Fix [NUTM-6116]: [Network] Service_monitor sets wrong IP address for availability group
    Fix [NUTM-7647]: [Network] WAN random disconnects
    Fix [NUTM-7735]: [Network] ATP doesn't work with "Send anonymous application accuracy telemetry data" disabled.
    Fix [NUTM-7950]: [Network] Dhcp client not running - restarted
    Fix [NUTM-8015]: [Network] Main interface IP address swapped by additional address for DHCP setup
    Fix [NUTM-7543]: [Reporting] Calculate correct malware count for ExecReport
    Fix [NUTM-7609]: [Reporting] Websec-reporter is constantly restarting
    Fix [NUTM-7725]: [Reporting] High latency while navigating through WebAdmin after trying to display Web Reports
    Fix [NUTM-7878]: [WAF] Segfault for HTTP 1.0 requests when cookie rewriting is enabled
    Fix [NUTM-6845]: [Web] https://sslvpn.goodix.com does not loads through UTM PROXY
    Fix [NUTM-7467]: [Web] Sandstorm communication issues in some configurations
    Fix [NUTM-7697]: [Web] httpproxy.ConfdReload - core dump generated during configuration reload
    Fix [NUTM-7895]: [Web] Enable SMB2 in Samba
    Fix [NUTM-7939]: [Web] Chrome v58 and higher fail verification with HTTPS scanning enabled
    Fix [NUTM-7967]: [Web] httpproxy coredump
    Fix [NUTM-6950]: [WiFi] APs displayed as inactive in WebAdmin while clients connect to SSIDs which are still being broadcasted
    Fix [NUTM-7495]: [WiFi] Wireless client IP in Webadmin not updated after changing the SSID
    Fix [NUTM-7962]: [WiFi] Split traffic not working for wireless clients on RED15w after upgrade to v9.5

Reply
  • Ich habe gerade auf das neue Soft Release geupdatet. Läuft nun wieder alles so wie es soll.

    Letzte Zeile!

    Up2Date 9.502004 package description:

    Remarks:
    System will be rebooted
    Configuration will be upgraded
    Connected REDs will perform firmware upgrade
    Connected Wifi APs will perform firmware upgrade

    News:
    Maintenance Release

    Bugfixes:
    Fix [NUTM-8127]: [AWS] Link to CloudFormation console during cloudupdate is not working
    Fix [NUTM-3213]: [Access & Identity] Inconsistent behaviour/state when deleting a user cert
    Fix [NUTM-3283]: [Access & Identity] IPSec: VPN ID shall not include blanks
    Fix [NUTM-3294]: [Access & Identity] Menu option (keyboard layout) background not rendered properly in IE (version 11.0.9600.17728)
    Fix [NUTM-6972]: [Access & Identity] SSLVPN disconnection: backend AD sync
    Fix [NUTM-7897]: [Access & Identity] Argos doesn't start in HA setup without IP address
    Fix [NUTM-7940]: [Access & Identity] Client Authentication daemon crashes in HA scenario
    Fix [NUTM-7982]: [Access & Identity] SSL VPN connection not possible since v9.5 if organisation name contains umlauts
    Fix [NUTM-7996]: [Access & Identity] Devices authenticated via SAA are no longer associated with multiple user network objects in UTM 9.5
    Fix [NUTM-8122]: [Access & Identity] L2TP connections with separate DHCP server does not work
    Fix [NUTM-8146]: [Access & Identity] PPTP fails to connect when Assign IP addresses by is set to DHCP Server
    Fix [NUTM-8147]: [Access & Identity] OpenVPN vulnerabilities
    Fix [NUTM-8161]: [Access & Identity] OpenVPN vulnerabilities (client part)
    Fix [NUTM-8280]: [Access & Identity] High confd load through UMA
    Fix [NUTM-8130]: [Basesystem] Linux vulnerability 'The Stack Clash'
    Fix [NUTM-8156]: [Basesystem] Apache httpd vulnerability (CVE-2017-3169)
    Fix [NUTM-7235]: [Confd] READONLY user can download support package
    Fix [NUTM-7425]: [Email] Emailenc causing high load - permanently 100% CPU usage
    Fix [NUTM-7790]: [Email] Restrict long regular expression in WebAdmin
    Fix [NUTM-7876]: [Email] POP3 Proxy stops working after some time
    Fix [NUTM-7889]: [Email] Sandbox scan doesn't work - worker_do_get_file req content parsing error or missing parameters
    Fix [NUTM-6116]: [Network] Service_monitor sets wrong IP address for availability group
    Fix [NUTM-7647]: [Network] WAN random disconnects
    Fix [NUTM-7735]: [Network] ATP doesn't work with "Send anonymous application accuracy telemetry data" disabled.
    Fix [NUTM-7950]: [Network] Dhcp client not running - restarted
    Fix [NUTM-8015]: [Network] Main interface IP address swapped by additional address for DHCP setup
    Fix [NUTM-7543]: [Reporting] Calculate correct malware count for ExecReport
    Fix [NUTM-7609]: [Reporting] Websec-reporter is constantly restarting
    Fix [NUTM-7725]: [Reporting] High latency while navigating through WebAdmin after trying to display Web Reports
    Fix [NUTM-7878]: [WAF] Segfault for HTTP 1.0 requests when cookie rewriting is enabled
    Fix [NUTM-6845]: [Web] https://sslvpn.goodix.com does not loads through UTM PROXY
    Fix [NUTM-7467]: [Web] Sandstorm communication issues in some configurations
    Fix [NUTM-7697]: [Web] httpproxy.ConfdReload - core dump generated during configuration reload
    Fix [NUTM-7895]: [Web] Enable SMB2 in Samba
    Fix [NUTM-7939]: [Web] Chrome v58 and higher fail verification with HTTPS scanning enabled
    Fix [NUTM-7967]: [Web] httpproxy coredump
    Fix [NUTM-6950]: [WiFi] APs displayed as inactive in WebAdmin while clients connect to SSIDs which are still being broadcasted
    Fix [NUTM-7495]: [WiFi] Wireless client IP in Webadmin not updated after changing the SSID
    Fix [NUTM-7962]: [WiFi] Split traffic not working for wireless clients on RED15w after upgrade to v9.5

Children
No Data