Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 20 replies
  • Subscribers 42 subscribers
  • Views 4867 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to setup an Awair Glow device

shred

I have an Awair Glow device I purchased a few years ago that monitors the air quality in a room. It connects to the network via WiFi and it's worked great until a few months ago. I noticed it was having issues with staying connected to the WiFi access point, so I performed a factory reset to see if maybe that would resolve it. I've done factory resets in the past without any issues. However, I think this was the first time I tried since running Sophos v18 (EAP at the time). It connects to the WiFi network just fine, but when I try to continue the setup process where it communicates with the Awair server, it basically says the connection could not be established. I've tried:

  • Disabling ATP
  • Setting all policies to None and unchecking all scanning (basically a "clean" firewall rule)
  • Connecting to both my primary and guest network
  • Factory reseting the device several times
  • Disabling my ad-blocker (PiHole)

It still does not work. If I pair it to my phone as a hotspot, it works just fine. Anyone else out there with an Awair device on Sophos v18? I'm at a loss with this one.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Shred,

    have you setup the modified default firewall block 0 so you can see what is being dropped?

    Required WiFi Specifications

    Glow is only compatible with 2.4GHz B/G/N WiFi networks. Glow can operate on dual band routers (2.4GHz and 5GHz), but we recommend giving each band a separate SSID before connecting to the 2.4GHz network. We also recommend turning off the load balancing feature for dual routers, as this can occasionally move Glow to the 5GHz network. Your firewall must also allow access to TCP ports 8883, 123, and 443.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Yeah, it’s on a separate VLAN and I turned on logging for that firewall rule. I don’t see anything being dropped.

    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/

  • 0 in reply to shred

    Hi  

    Is there a way you can check the IP of the Glow device?

    Could you please try to capture packets on the ports used in communication?

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Hi,

    what I found wasn't the device but the application required access to a lot of unpublished ports which the camera support people only acknowledged after I sent a support request with the limited range I had discovered. The actual range was port UDP 0-65535.

    Also found that the application was trying to talk to countries I had blocked, the web logviewer showed a connection, but the firewall rule logviewer should blocked.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Keyur

    Yes, I see the IP address being registered by the DHCP server. The only thing I see in the firewall logs is an attempt to connect to a destination IP of 8.8.8.8 on UDP Port 53 (DNS) and both 52.26.177.117 and 52.40.15.135 on TCP 443. I did a packet capture from the Diagnostics page and this is what I'm seeing:

     


    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/

  • 0 in reply to shred

    I've tried everything I can possible think of with this one. It works perfectly fine when I pair it to my phone as hot spot, so I'm fairly confident the device is fine. It never had any issues on Sophos XG v17, so something under the hood with v18 it does not like.

    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/

  • 0 in reply to shred

    Did you try to disable the DPI Engine? (Disable and / or the Off Switch - Try both).

    Do you see something in the TLS Logviewer? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hm, I did try all that before but I just gave it a shot again and it seems after disabling SSL/TLS inspection by turning the entire thing off, it's now able to connect. I'm confused as to why this is though. This device is on a separate VLAN and separate firewall rule that does not have SSL/TLS scanning enabled, so why is this setting affecting that firewall rule? This separate VLAN is for my guest network and only has one firewall rule, which has no scanning at all.

    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/

  • 0 in reply to shred

    Hi Shred,

    SSL/TLS scanning happens on all none proxy rules according to the experts.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data
Unfiltered HTML