We put a APX AP after a RED device , but is doesn't show up at the XG managment tool.
LED is solid green.
Can someone point me in the good direction ???
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
We put a APX AP after a RED device , but is doesn't show up at the XG managment tool.
LED is solid green.
Can someone point me in the good direction ???
Hi helmut willems
APX/APs send the registration request to their default gateway using the Magic IP – 1.2.3.4, on port 2712. The gateway must route traffic from APs sent to 1.2.3.4 to Sophos Firewall.
You may refer below KBA to get more information on AP/APX troubleshooting:
https://community.sophos.com/kb/en-us/124397
Can you please share what is the RED current deployment mode?
Can you please also confirm packet request on XG CLI , are you getting any packet request on 1.2.3.4 from APX to XG ?
Command:
console> tcpdump 'host 1.2.3.4
OR to Capture packet on APX MAC address you may use below command:
# tcpdump -i redsx ether host AA:BB:CC:DD:EE:FF
Where redsx is the red Interface. ( reds1, reds2 based on your setup)
Please also check the awed.log & wc_remote.log for APX logs entry there or not.
Sophos XG Firewall: Where to find log files?
https://community.sophos.com/kb/en-us/123185
Sophos XG Firewall: Logfile guide:
https://community.sophos.com/kb/en-us/132211
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'Verify Answer' link.
As well as check the basics: Does the APX get any IP address?
There are "old" APX boxes getting delivered to customers with old Firmware, so the APX does not know, he can talk to a XG.
So maybe you have to "update" the firmware first.
__________________________________________________________________________________________________________________
hello ,
The APX receive a IP addres so that's OK , i can register the AP in Central
The Red is in Standard/Unified mode
tcpdump 'host 1.2.3.4 give me this
13:51:51.618298 reds1, IN: IP 10.10.0.158.47743 > 1.2.3.4.2712: Flags [S], seq 3561524411, win 29200, options [mss 1300,sackOK,TS val 4294943223 ecr 0,nop,wscale 6], length 0
can someone tell me simple how to route
Hi helmut willems
Thanks for the sharing the packet details.
As per the packet request, the AP is getting leased IP 10.10.0.158 and it is communicating with 1.2.3.4.2712 ( awed service - Service for wireless protection).So it should come under "Pending Access Point".If it is not coming under pending list then create a plain rule for APX IP 10.10.0.158 or what ever IP getting leased on XG to allow Internet or firmware download request. If any packets going towards WAN from APX IP then it is trying to get firmware and wait for few minutes till firmware of APX get updated.
Later on you may check again "Pending Access Point" and if still not coming then try by rebooting APX once and confirm.
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'Verify Answer' link.
i don't understand this.
What do you mean with create a plain rule ??
When i register with central i can see the APX , so there is traffic to WAN.
do you have example for a plain rule ?? mean this if i have multiple APX i need always create a pain rule
Hi helmut willems
Plain rule mean the rule with no scanning and no policy for APX leased IP and just to confirm the APX is not having any issue to download the firmware due to scanning or policy present on rule( this will not required all the time for all APX).
APX wireless access points Integration with APX firmware revision 2.1.1-3 and higher will be supported by the Sophos XG Firewall.Due to this reason if any APX not running with the above version [2.1.1-3 ] then first it will go for the version upgrade once it will get Internet and then that APX will come under pending list.
All details briefly mentioned on below official KBA with FAQ:
https://community.sophos.com/kb/en-us/133505
If still you are not getting APX under pending list and not getting any logs for the same APX under awed.log then you may log a support case to investigate the issue further.
Regards,
Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'Verify Answer' link.
Hi Willems,
When APX is connected to Central, Is it via RED?
Do you delete or deregister APX from Central before trying to connect to XG?
Regards,
Kaushal
APX to central was via RED
Deleted the APX from central to retry