APX AP after RED device

hello ,

The APX receive a IP addres so that's OK , i can register the AP in Central

The Red is in Standard/Unified mode

tcpdump 'host 1.2.3.4 give me this

13:51:51.618298 reds1, IN: IP 10.10.0.158.47743 > 1.2.3.4.2712: Flags [S], seq 3561524411, win 29200, options [mss 1300,sackOK,TS val 4294943223 ecr 0,nop,wscale 6], length 0

can someone tell me simple how to route

Hi helmut willems 

Thanks for the sharing the packet details.

As per the packet request, the AP is getting leased IP 10.10.0.158 and it is communicating with 1.2.3.4.2712 ( awed service - Service for wireless protection).So it should come under "Pending Access Point".If it is not coming under pending list then create a plain rule for APX IP 10.10.0.158 or what ever IP getting leased on XG to allow Internet or firmware download request. If any packets going towards WAN from APX IP then it is trying to get firmware and wait for few minutes till firmware of APX get updated.

Later on you may check again "Pending Access Point" and if still not coming then try by rebooting APX once and confirm.

i don't understand this.

What do you mean with create a plain rule ??

When i register with central i can see the APX , so there is traffic to WAN.

do you have example for a plain rule ?? mean this if i have multiple APX i need always create a pain rule

Hi helmut willems 

Plain rule mean the rule with no scanning and no policy for APX leased IP and just to confirm the APX is not having any issue to download the firmware due to scanning or policy present on rule( this will not required all the time for all APX).

APX wireless access points Integration with APX firmware revision 2.1.1-3 and higher will be supported by the Sophos XG Firewall.Due to this reason if any APX not running with the above version [2.1.1-3 ] then first it will go for the version upgrade once it will get Internet and then that APX will come under pending list.

 All details briefly mentioned on below official KBA with FAQ:

 https://community.sophos.com/kb/en-us/133505

If still you are not getting APX under pending list and not getting any logs for the same APX under awed.log then you may log a support case to investigate the issue further. 

Hi helmut willems 

Plain rule mean the rule with no scanning and no policy for APX leased IP and just to confirm the APX is not having any issue to download the firmware due to scanning or policy present on rule( this will not required all the time for all APX).

APX wireless access points Integration with APX firmware revision 2.1.1-3 and higher will be supported by the Sophos XG Firewall.Due to this reason if any APX not running with the above version [2.1.1-3 ] then first it will go for the version upgrade once it will get Internet and then that APX will come under pending list.

 All details briefly mentioned on below official KBA with FAQ:

 https://community.sophos.com/kb/en-us/133505

If still you are not getting APX under pending list and not getting any logs for the same APX under awed.log then you may log a support case to investigate the issue further. 

Ok , 

will try monday when i am on my work

But please don't forgert the APX is after a RED device

the Firmware of the connected AP is : v2.2.0-19

but it don't show up in the XG

the AP is behind a RED device.

Hi Willems,

When APX is connected to Central, Is it via RED?

Do you delete or deregister APX from Central before trying to connect to XG?

Regards,

Kaushal

APX  to central was via RED

Deleted the APX from central to retry