Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wireless Devices stay connected but internet stops working

Hello,

I have a Sophos XG home setup with the Sophos AP 55C configured for wireless. I have a strange issue where the devices at home which are wireless, will be working fine, but then the internet just stops working, but the wireless stays connected.

For example: my iMac which is setup wirelessly will be working fine when I am working on a VPN connection to another site, but then the RDP will become completely unresponsive. I check the wireless and it shows connected. When I try to launch a web page, It sits forever and then says cannot access site. However, everything SEEMS to be working okay. The only way for me to fix this, is to turn off the wireless, then back on and it resumes working perfectly.

This occurs with our phones as well as any wireless connected devices after awhile. It tends to last about a week per device, sometimes devices (like my iMac), require the wireless to cycle once every few days. This is especially the case if I have not used the device for a couple days.

I am not sure where to start looking, I figured this could be the AP, but another device, such as my phone will work fine when the iMac goes out. I am thinking this could be a network issue or possible DHCP? I am not.

Wired devices seem to work just fine.

Thanks.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi Dfoolio,

    Could you please check below steps when this issue occurs: 

    1. Are you able to ping IP address of the AP?

    2. Are you able to ping gateway IP address? 

    3. Are you able to ping 8.8.8.8? 

    4. Have you notice this issue across all the devices in your home network?

    5. Does it recovers without any changes within 5 to 10 minuets? 

    6. Is there any other wireless access point in your home network? 

    Thanks,

  • Hi Patel, Please see my additional updates below

    1. Are you able to ping IP address of the AP?

    The AP is Pingable from devices that still have network, the AP is not pinging when the device falls off the network

    2. Are you able to ping gateway IP address?

    I did the ping test when my iMac fell off, and I had 89.8% packet loss pinging the gateway, all other devices are fine when they are connected

    3. Are you able to ping 8.8.8.8?

    No it doesn’t ping from the device with internet issues

    4. Have you notice this issue across all the devices in your home network?

    Yes but it’s not at the same time. It’s intermittent, sometimes it’s a phone and sometimes it’s a laptop, phone, appletv or a desktop.

    5. Does it recovers without any changes within 5 to 10 minuets?

    It doesn’t recover

    6. Is there any other wireless access point in your home network?

    No, we have the one AP

Reply
  • Hi Patel, Please see my additional updates below

    1. Are you able to ping IP address of the AP?

    The AP is Pingable from devices that still have network, the AP is not pinging when the device falls off the network

    2. Are you able to ping gateway IP address?

    I did the ping test when my iMac fell off, and I had 89.8% packet loss pinging the gateway, all other devices are fine when they are connected

    3. Are you able to ping 8.8.8.8?

    No it doesn’t ping from the device with internet issues

    4. Have you notice this issue across all the devices in your home network?

    Yes but it’s not at the same time. It’s intermittent, sometimes it’s a phone and sometimes it’s a laptop, phone, appletv or a desktop.

    5. Does it recovers without any changes within 5 to 10 minuets?

    It doesn’t recover

    6. Is there any other wireless access point in your home network?

    No, we have the one AP

Children
  • FormerMember
    0 FormerMember in reply to dfoolio

    Hi dfoolio,

    Can you check what is the AP firmware version? If it is not updated please update it by navigating to Backup & Firmware > Pattern updates > If there is new pattern update available click on install. 

    Thanks,

  • H_Patel said:
    Hi dfoolio,

    Can you check what is the AP firmware version? If it is not updated please update it by navigating to Backup & Firmware > Pattern updates > If there is new pattern update available click on install. 

    Thanks,

    Hi Patel, I have the latest version installed.

  • Hi,

    please provide a simple network diagram showing how your AP is connected eg is it using PoE via an injector or via PoE capable switch?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hello,

    The WAP is connected via power injector to port 3 of the firewall.

    I have a managed switch connected to port 1 of the firewall. Port 2 is the WAN.

    Here's a screenshot of the interfaces:

    rfcat_vk said:

    Hi,

    please provide a simple network diagram showing how your AP is connected eg is it using PoE via an injector or via PoE capable switch?

    Ian

     

  • Hi,

    I haven't given up. I am thinking about your wifi setup and your use of wifi networks rather than wifi of a LAN.

    What happens when you force th iPhone onto a 2.4ghz channel

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Haven't had a chance to try again per the request, but in the past, it's the same results.

    Additionally, I did the WiFi to LAN because of an earlier problem:

    We have a Lutron Casseta smart lighting system which is plugged into the LAN. So whenever we used wireless siri devices to control the lighting (everything on the wifi), it would only work 25% of the time and couldn't communicate with Apple's protocol. I even tried configuring a Raspberri Pi to be a repeater but it just started causing the devices to replicate host names.

    rfcat_vk said:

    Hi,

    I haven't given up. I am thinking about your wifi setup and your use of wifi networks rather than wifi of a LAN.

    What happens when you force th iPhone onto a 2.4ghz channel

    Ian

     

  • It would help to have a physical and logical drawing of the network.

    So 172.16.10.0/24 and 172.16.12.0/24 is your LAN and 172.16.11.0/24 and 172.16.14.0/24 are your WiFis. Devices on the LAN Network are working as expected.

    Does this happen on devices in WiFi and WiFi5g? If not - which one is not working?

    If it is happening - do you see DHCP lease entries for your WiFi devices on your DHCP server? What is their expiry date and time?

    Could it be that the WiFi devices stop working when the lease expires? Does the behaviour change when you configure a longer leasetime (e.g. one month).

    Are there enough free IPs in the DHCP lease table?

    Is DHCP still working for the devices on the LAN if the issue occurs (do an ipconfig /release and ipconfig /renew) and see wether erverything is working afterwards.


    Check the logs of the Switch.

     

    Advanced troubleshooting:

    Set up a mirror port on the switch for the port the AP is connected. Check the traffic on the port. Is anything (e.g. ping, DHCP requests) coming trough from the client that is not working?

    Check the logs of the firewall for IP entries or MAC entries of the client that is not working.

     

    Possible workaround:

    Create a bridge. Use one LAN subnet and connect Wifi, Wifi5G and Port 1 and Port 5 to the bridge.

    Note: My colleage tells me that his happening in our HP APs / Sophos environment as well also on one Site with Sophos APs and Sophos Firewall. However I never have seen this personally and for this reason I was not able to do any troubleshooting. 


    Lately we had severe issues on one site where DHCP, DNS and internet access was not working. We did a reboot and everything worked fine again.

    We also saw situations where old connections wer still working but no one was able to create new connections.

  • Sorry for the late response and thank you all so much for your time and questions, also happy holidays. Please see my answers below.

    Questions/answers

    So 172.16.10.0/24 and 172.16.12.0/24 is your LAN and 172.16.11.0/24 and 172.16.14.0/24 are your WiFis. Devices on the LAN Network are working as expected. Actually, 172.16.10.x is the LAN. 172.16.11.x is just an IP for the wireless AP. 172.16.12.x is the wireless network which all the wireless devices are using. 172.16.14.x is old and I should remove it.

    Does this happen on devices in WiFi and WiFi5g? If not - which one is not working? I've experienced it mostly on the N now that I think about it

    Could it be that the WiFi devices stop working when the lease expires? Does the behaviour change when you configure a longer leasetime (e.g. one month). This is a possibility, however with the iMac it seems to be near a daily occurrence (after waking up, like a few minutes after of browsing) while with other devices it's more in line with the weekly DHCP lease

    Are there enough free IPs in the DHCP lease table? More than enough, I have assigned most statically via MAC address as well

    Is DHCP still working for the devices on the LAN if the issue occurs (do an ipconfig /release and ipconfig /renew) and see wether erverything is working afterwards. The LAN devices work fine consistently with no issues

    Check the logs of the Switch. The switch isn't that in depth, it's a TP Link I got for LAG mostly

    Set up a mirror port on the switch for the port the AP is connected. Check the traffic on the port. Is anything (e.g. ping, DHCP requests) coming trough from the client that is not working? I'd need some direction to do this

    Check the logs of the firewall for IP entries or MAC entries of the client that is not working. I do see some: Could not associate packet to any connection. errors when I sort by Source IP although the time stamp doesn't seem to coincide correctly

    Create a bridge. Use one LAN subnet and connect Wifi, Wifi5G and Port 1 and Port 5 to the bridge. So, step by step, I would use one LAN subnet (172.16.10.x) to Port 1, connected the managed switch, then create a bridged port 5 which all the wireless devices would go to? That's how my setup was before I think. I was having the following issue with my Lutron Casseta lighting system when I was setup this way: See here the post with the issue

    One of my clients (managed by a support service) had the exact same issue you are describing with wireless client through DHCP and DNS The fix for them was to separate the bridged LAN and WiFi to it's own subnet. After that, it was one AP with the issue, which they deleted and re-added to the firewall and it fixed the issue. This would affect all the laptop clients (Wireless G and N) which were authenticated to the Access Point. I tried to replicate what they did on my home device, but it seems to be a different issue as not all devices are affected (to my knowledge) in this way.

    BeEf said:

    It would help to have a physical and logical drawing of the network.

    So 172.16.10.0/24 and 172.16.12.0/24 is your LAN and 172.16.11.0/24 and 172.16.14.0/24 are your WiFis. Devices on the LAN Network are working as expected.

    Does this happen on devices in WiFi and WiFi5g? If not - which one is not working?

    If it is happening - do you see DHCP lease entries for your WiFi devices on your DHCP server? What is their expiry date and time?

    Could it be that the WiFi devices stop working when the lease expires? Does the behaviour change when you configure a longer leasetime (e.g. one month).

    Are there enough free IPs in the DHCP lease table?

    Is DHCP still working for the devices on the LAN if the issue occurs (do an ipconfig /release and ipconfig /renew) and see wether erverything is working afterwards.


    Check the logs of the Switch.

     

    Advanced troubleshooting:

    Set up a mirror port on the switch for the port the AP is connected. Check the traffic on the port. Is anything (e.g. ping, DHCP requests) coming trough from the client that is not working?

    Check the logs of the firewall for IP entries or MAC entries of the client that is not working.

     

    Possible workaround:

    Create a bridge. Use one LAN subnet and connect Wifi, Wifi5G and Port 1 and Port 5 to the bridge.

    Note: My colleage tells me that his happening in our HP APs / Sophos environment as well also on one Site with Sophos APs and Sophos Firewall. However I never have seen this personally and for this reason I was not able to do any troubleshooting. 


    Lately we had severe issues on one site where DHCP, DNS and internet access was not working. We did a reboot and everything worked fine again.

    We also saw situations where old connections wer still working but no one was able to create new connections.

     

  • rfcat_vk said:

    Hi,

    I haven't given up. I am thinking about your wifi setup and your use of wifi networks rather than wifi of a LAN.

    What happens when you force th iPhone onto a 2.4ghz channel

    Ian

     

     

    Going to add, last night we were watching our Apple TV (LAN) and 5 minutes into a show on netflix, the connection stopped. The entire Apple TV worked, but no internet to and from. I had to eventually reboot the apple TV to get it to work again. This has happened before now that I think about it. Could be a separate issue? DHCP?

  • Hi,

    check your WEB settings that you have do not scan audio and video streaming set.

    Restarting your device sounds like it is failing to keep the connections alive. If the issue was DHCP and you have very short lease time then you might have issues otherwise once a lease is assigned then unless the device interface goes to sleep the IP address should remain the same and active.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.