Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mobile control sync over an internal wifi

Ross86

Hi All,

I have a Sophos UTM with a SMC server behind it published through web application firewall,  this works fine all IOS and Android devices from external can sync.

I also have a BYOD network wifi on the firewall that users connect to with their phones when in the office,  this was working fine until recently,  Androids connect to this fine.  IOS devices connected to this BYOD network fail to sync,  I can't see anything in the firewall logs that would prevent this and the fact it did work is frustrating,  on the BYOD check the APNS works fine as well, it's just syncing the mobile control app that fails,  and activating new ones.

Any advice would be appreciated.

Thanks

Ross

:57801


This thread was automatically locked due to age.
  • 0

    Hi Ross,

    are the devices able to connect via https to the SMC server? Are you able to access the SMC Self Service Portal on the device and start the enrollment from there?

    That's the only explanation I have that the devices cannot connect to the SMC server via HTTPS when connected to the BYOD network if everything else you described works.

    Best regards

    Stefan

    :57810
    • 0

      Hi Stefan,

      Thanks for the reply,  yes the phone is able to connect to the SMC server via the web on https,  at first it said it was not trusted so I trusted it and it works fine.  Possibly linked to that but I installed the cert on the device to make sure.

      So seems to be just the app sync... narrowed it down to firewall but it's strange Androids work.

      Thanks

      Ross

      :57814
      • 0

        Hi Ross,

        hard to figure out what the issue might be this way.

        Maybe there is a differnet routing when connected internally and therefore a different SSL certificate is presented.

        This may cause the SSL / HTTPS connection to fail and therefore maybe also the SMC enrollment process.

        But these are just guesses. If you need further assistance, I suggest to raise a support call and perhaps recreate the issue and provide an iOS device log. How to get this is described in this article.

        Best regards

        Stefan

        :57833
        • 0

          Hi Stefan,

          Thanks,  I will raise a ticket with Sophos.   I can't get the logs off the iphone thanks to Apple no longer supporting the config utility on Windows.

          Thanks for the help.

          Ross

          :57857
          • 0

            I think that I have the same problem described here. Internal wifi, no sync between ipad and smc.

            Cheers

            /Detlef

            :57878
            • 0

              I do have some logs now created with my macbook. Where can I send it to?

              Cheers

              /Detlef

              :57879
              • 0

                Ross, a question concerning your wifi-network: Do you use NAT or do you use proxy without NAT? Or is it an internal network without internet access? I try to understand what's going wrong.

                Cheers

                /Detlef

                :57884
                • 0
                  Hi Detlef,

                  Sorry for the late response I didn't receive a notification and only just checked this forum now!

                  In answer to your question we use proxy without NAT. The SMC server is on the internal network and also published externally via WAF. Any user on a separate wifi network that has the interface on the Sophos UTM cannot sync an IOS device (android is fine), when connected to any of these wifi networks I open the SMC app on an iphone or ipad and the app opens and just crashes.

                  I have tried firewall rules to allow any service between my phone and the internal SMC server with no luck, and bypassed the web proxy.

                  Thanks
                  Ross
                  • 0
                    Well what do you know... after you mentioning about proxy and NAT I removed this network from proxy and added just a firewall rule for web surfing, the app then stayed open longer without crashing but would still crash, APN worked.

                    Checked FW logs and it wasn't able to access the SMC server, so I created a firewall rule for this, opened the app and it closed straight away!

                    So I figure this could be a cert issue when it's going direct to the server on 443, I created a DNAT from the Wifi Network going to SMC change to external SMC IP and 443...it WORKS!

                    Thanks for your help, Is this how yours is setup or does yours work direct from WiFi network to the SMC server?
                    Unfiltered HTML