Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Subscribers 44 subscribers
  • Views 6879 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

APX320 remains inactive in Wireless protection

LHerzog

Today I added a new APX320, it showed up as unconfigured and I configured it, put it to a AP group.

Since then it is pingable but remains inactive in XG Wireless.

Sounds a bit like this but it did not upgrade firmware.

I removed it from the AP group but it keeps showing as inactive.

awed.log only showing this error repetedly:

2022-10-25 10:24:28Z WARN -------------------------------------------------------
2022-10-25 10:24:28Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1766.
2022-10-25 10:24:29Z [MASTER] AP P52008RT2M8J30A: Local metadata updated
2022-10-25 10:24:36Z [MASTER] end processing configuration change
2022-10-25 10:26:47Z [MASTER] new connection from 172.16.xxx.58:57160
2022-10-25 10:26:47Z [P52008RT2M8J30A] APX320 from 172.16.xxx.58:57160 identified as P52008RT2M8J30A
2022-10-25 10:26:47Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 10:26:47Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration
2022-10-25 10:26:48Z [P52008RT2M8J30A] ll_read: short read or connection error:
2022-10-25 10:26:48Z [P52008RT2M8J30A] disconnected. Close socket and kill process.

XG430_WP02_SFOS 18.5.4 MR-4-Build418# ls -lh | grep J30A
-rw-r--r--    1 root     0            645 Oct 25 17:58 P52008RT2M8J30A.ap
-rw-r--r--    1 root     0           4.4K Oct 25 17:57 P52008RT2M8J30A.apcfg
XG430_WP02_SFOS 18.5.4 MR-4-Build418#

We can only patch firmware at the next regular patch interval in November.

That is most of the interesting parts of awed.log

2022-10-25 09:00:06Z 1 WP_connected_clients::update_clients
2022-10-25 09:16:06Z [MASTER] new connection from 172.16.xxx.12:37685
2022-10-25 09:16:07Z [Unknown] new AP detected, adding to system. ID:P52008RT2M8J30A Model:APX320 Version:2.0.2.1-11 LAN_MAC:7c:5a:1c:2b:6c:80 WIFI_MAC:7c:5a:1c:2b:6c:83 Max SSIDS:8 TX Power Control:1 DFS:1
2022-10-25 09:16:07Z [MASTER] new AP with ID P52008RT2M8J30A
2022-10-25 09:16:07Z WARN -------------------------------------------------------
2022-10-25 09:16:07Z Use of uninitialized value $forced_country in concatenation (.) or string at /_conf/csc/wireless/awed line 2309.
2022-10-25 09:16:07Z [MASTER] AP P52008RT2M8J30A added / updateed in DB successfully.
2022-10-25 09:16:07Z [MASTER] start processing configuration change
2022-10-25 09:16:12Z WARN -------------------------------------------------------
2022-10-25 09:16:12Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1741.
2022-10-25 09:16:12Z WARN -------------------------------------------------------
2022-10-25 09:16:12Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1741.
2022-10-25 09:16:12Z WARN -------------------------------------------------------
2022-10-25 09:16:12Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1754.
2022-10-25 09:16:12Z WARN -------------------------------------------------------
2022-10-25 09:16:12Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1754.
2022-10-25 09:16:12Z WARN -------------------------------------------------------
2022-10-25 09:16:12Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1741.
2022-10-25 09:16:12Z WARN -------------------------------------------------------
2022-10-25 09:16:12Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1741.
2022-10-25 09:16:12Z WARN -------------------------------------------------------
2022-10-25 09:16:12Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1766.
2022-10-25 09:16:12Z WARN -------------------------------------------------------
2022-10-25 09:16:12Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1766.
2022-10-25 09:16:13Z [MASTER] AP P52008RT2M8J30A: Local metadata updated
2022-10-25 09:16:13Z [MASTER] AP P52008RT2M8J30A: Configuration change detected
2022-10-25 09:16:20Z [MASTER] end processing configuration change
2022-10-25 09:16:20Z [MASTER] new connection from 172.16.xxx.12:37686
2022-10-25 09:16:20Z [P52008RT2M8J30A] APX320 from 172.16.xxx.12:37686 identified as P52008RT2M8J30A
2022-10-25 09:16:20Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 09:16:20Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration
2022-10-25 09:16:20Z [P52008RT2M8J30A] device not authorized yet, dropping.
2022-10-25 09:16:32Z [MASTER] new connection from 172.16.xxx.12:37688
2022-10-25 09:16:32Z [P52008RT2M8J30A] APX320 from 172.16.xxx.12:37688 identified as P52008RT2M8J30A

IP has changed due to reservation on DHCP server here

2022-10-25 10:13:58Z [MASTER] AP A40023AA0CF5932: Local metadata updated
2022-10-25 10:14:01Z [MASTER] end processing configuration change
2022-10-25 10:14:12Z [A40023AA0CF5932] (Re-)loaded identity and/or configuration
2022-10-25 10:21:56Z [MASTER] new connection from 172.16.xxx.58:57158
2022-10-25 10:21:56Z [P52008RT2M8J30A] APX320 from 172.16.xxx.58:57158 identified as P52008RT2M8J30A
2022-10-25 10:21:56Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 10:21:56Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration
2022-10-25 10:21:57Z [P52008RT2M8J30A] ll_read: short read or connection error:
2022-10-25 10:21:57Z [P52008RT2M8J30A] disconnected. Close socket and kill process.
2022-10-25 10:24:21Z [MASTER] new connection from 172.16.xxx.58:57159
2022-10-25 10:24:21Z [P52008RT2M8J30A] APX320 from 172.16.xxx.58:57159 identified as P52008RT2M8J30A
2022-10-25 10:24:21Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 10:24:21Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration
2022-10-25 10:24:22Z [P52008RT2M8J30A] ll_read: short read or connection error:
2022-10-25 10:24:22Z [P52008RT2M8J30A] disconnected. Close socket and kill process.
2022-10-25 10:24:23Z [MASTER] Updated AP P52008RT2M8J30A in DB successfully.
2022-10-25 10:24:23Z [MASTER] start processing configuration change
2022-10-25 10:24:28Z WARN -------------------------------------------------------
2022-10-25 10:24:28Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1741.
2022-10-25 10:24:28Z WARN -------------------------------------------------------
2022-10-25 10:24:28Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1741.
2022-10-25 10:24:28Z WARN -------------------------------------------------------
2022-10-25 10:24:28Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1754.
2022-10-25 10:24:28Z WARN -------------------------------------------------------
2022-10-25 10:24:28Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1754.
2022-10-25 10:24:28Z WARN -------------------------------------------------------
2022-10-25 10:24:28Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1741.
2022-10-25 10:24:28Z WARN -------------------------------------------------------
2022-10-25 10:24:28Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1741.
2022-10-25 10:24:28Z WARN -------------------------------------------------------
2022-10-25 10:24:28Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1766.
2022-10-25 10:24:28Z WARN -------------------------------------------------------
2022-10-25 10:24:28Z Use of uninitialized value in string ne at /_conf/csc/wireless/awed line 1766.
2022-10-25 10:24:29Z [MASTER] AP P52008RT2M8J30A: Local metadata updated
2022-10-25 10:24:36Z [MASTER] end processing configuration change
2022-10-25 10:26:47Z [MASTER] new connection from 172.16.xxx.58:57160
2022-10-25 10:26:47Z [P52008RT2M8J30A] APX320 from 172.16.xxx.58:57160 identified as P52008RT2M8J30A
2022-10-25 10:26:47Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 10:26:47Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration
2022-10-25 10:26:48Z [P52008RT2M8J30A] ll_read: short read or connection error:
2022-10-25 10:26:48Z [P52008RT2M8J30A] disconnected. Close socket and kill process.
2022-10-25 10:29:12Z [MASTER] new connection from 172.16.xxx.58:57161
2022-10-25 10:29:12Z [P52008RT2M8J30A] APX320 from 172.16.xxx.58:57161 identified as P52008RT2M8J30A
2022-10-25 10:29:12Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 10:29:12Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration
2022-10-25 10:29:13Z [P52008RT2M8J30A] ll_read: short read or connection error:
2022-10-25 10:29:13Z [P52008RT2M8J30A] disconnected. Close socket and kill process.
2022-10-25 10:31:38Z [MASTER] new connection from 172.16.xxx.58:57162
2022-10-25 10:31:38Z [P52008RT2M8J30A] APX320 from 172.16.xxx.58:57162 identified as P52008RT2M8J30A
2022-10-25 10:31:38Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 10:31:38Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration
2022-10-25 10:31:39Z [P52008RT2M8J30A] ll_read: short read or connection error:
2022-10-25 10:31:39Z [P52008RT2M8J30A] disconnected. Close socket and kill process.
2022-10-25 10:34:03Z [MASTER] new connection from 172.16.xxx.58:57163
2022-10-25 10:34:04Z [P52008RT2M8J30A] APX320 from 172.16.xxx.58:57163 identified as P52008RT2M8J30A
2022-10-25 10:34:04Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 10:34:04Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration
2022-10-25 10:34:05Z [P52008RT2M8J30A] ll_read: short read or connection error:
2022-10-25 10:34:05Z [P52008RT2M8J30A] disconnected. Close socket and kill process.
2022-10-25 10:36:29Z [MASTER] new connection from 172.16.xxx.58:57164
2022-10-25 10:36:29Z [P52008RT2M8J30A] APX320 from 172.16.xxx.58:57164 identified as P52008RT2M8J30A
2022-10-25 10:36:29Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 10:36:29Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration
2022-10-25 10:36:30Z [P52008RT2M8J30A] ll_read: short read or connection error:
2022-10-25 10:36:30Z [P52008RT2M8J30A] disconnected. Close socket and kill process.
2022-10-25 10:38:55Z [MASTER] new connection from 172.16.xxx.58:57165
2022-10-25 10:38:55Z [P52008RT2M8J30A] APX320 from 172.16.xxx.58:57165 identified as P52008RT2M8J30A
2022-10-25 10:38:55Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 10:38:55Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration
2022-10-25 10:38:56Z [P52008RT2M8J30A] ll_read: short read or connection error:
2022-10-25 10:38:56Z [P52008RT2M8J30A] disconnected. Close socket and kill process.
2022-10-25 10:41:20Z [MASTER] new connection from 172.16.xxx.58:57166
2022-10-25 10:41:20Z [P52008RT2M8J30A] APX320 from 172.16.xxx.58:57166 identified as P52008RT2M8J30A
2022-10-25 10:41:20Z Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory
2022-10-25 10:41:20Z [P52008RT2M8J30A] (Re-)loaded identity and/or configuration

Any idea whats wrong here?



This thread was automatically locked due to age.
  • 0

    that sounds faulty some how.

    2022-10-25 16:22:36Z [P52008RT2M8J30A] disconnected. Close socket and kill process.
    2022-10-25 16:22:51Z WARN -------------------------------------------------------
    2022-10-25 16:22:51Z Use of uninitialized value in pattern match (m//) at /lib32/perl/site_perl/5.20.1/WP_connected_clients.pm line 513.
    2022-10-25 16:22:51Z 1 WP_connected_clients::update_clients
    2022-10-25 16:25:00Z [MASTER] new connection from 172.16.xxx.58:38432

  • 0 in reply to LHerzog

    any Idea from Sophos about the issue? The AP is still in this state.

    I deleted it and recreated it with new name, deleted and re-added the Zone in which the AP is from the general wireless settings on XG.

    No luck.

    I can ping the AP but it's inactive.

    awed shows Could not read from file '/tmp/awed/P52008RT2M8J30A.pid': No such file or directory all the time

    ...

    ...

    ...

  • 0 in reply to LHerzog

    Do you have another XG to connect it to?
    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    unfortunately not nearby. I could let it go central or setup a software XG on old firewall hardware. but that is some extra work I don't have time for,

    We'll try other AP from the same shipping. Hope they work.

  • 0 in reply to LHerzog

    new AP connected. I did not authorize it yet. It just starts reporting the same about the missing pid file.

    XG430_WP02_SFOS 18.5.4 MR-4-Build418# cat /log/awed.log | grep P52008RBMHTR805 |more
    2022-10-27 07:34:59Z [Unknown] new AP detected, adding to system. ID:P52008RBMHTR805 Model:APX320 Version:2.0.2.1-11 LAN_MAC:7c:5a:1c:2b:66:04 WIFI_MAC:7c:5a:1c:2b:66:07 Max SSIDS:8 TX Power Control:1 DFS:1
    2022-10-27 07:34:59Z [MASTER] new AP with ID P52008RBMHTR805
    2022-10-27 07:34:59Z [MASTER] AP P52008RBMHTR805 added / updateed in DB successfully.
    2022-10-27 07:35:08Z [MASTER] AP P52008RBMHTR805: Local metadata updated
    2022-10-27 07:35:08Z [MASTER] AP P52008RBMHTR805: Configuration change detected
    2022-10-27 07:35:12Z [P52008RBMHTR805] APX320 from 172.16.xxx.11:45743 identified as P52008RBMHTR805
    2022-10-27 07:35:12Z Could not read from file '/tmp/awed/P52008RBMHTR805.pid': No such file or directory
    2022-10-27 07:35:12Z [P52008RBMHTR805] (Re-)loaded identity and/or configuration
    2022-10-27 07:35:12Z [P52008RBMHTR805] device not authorized yet, dropping.
    2022-10-27 07:35:24Z [P52008RBMHTR805] APX320 from 172.16.xxx.11:45745 identified as P52008RBMHTR805
    2022-10-27 07:35:24Z Could not read from file '/tmp/awed/P52008RBMHTR805.pid': No such file or directory
    2022-10-27 07:35:24Z [P52008RBMHTR805] (Re-)loaded identity and/or configuration
    2022-10-27 07:35:24Z [P52008RBMHTR805] device not authorized yet, dropping.
    2022-10-27 07:35:39Z [P52008RBMHTR805] APX320 from 172.16.xxx.11:45747 identified as P52008RBMHTR805
    2022-10-27 07:35:39Z Could not read from file '/tmp/awed/P52008RBMHTR805.pid': No such file or directory
    2022-10-27 07:35:39Z [P52008RBMHTR805] (Re-)loaded identity and/or configuration
    2022-10-27 07:35:39Z [P52008RBMHTR805] device not authorized yet, dropping.

  • 0 in reply to LHerzog

    Hello,

    Greetings,

    We have observed couple of issue of the same from the field. I suggest raising the support ticket to investigate it further.

    Mayur Makvana
    Technical Account Manager | Global Customer Experience
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Mayur Makvana

    accepted the new AP and it does not come up too.

    The screenshot shows both  machines. As you can see, I set some manual settings on the AP I used yesterday but also no luck.

    Log:

    accepted the AP here, then follows:

    Admin 2022-10-27 09:57:55 (CEST) messageid="17502" log_type="Event" log_component="GUI" log_subtype="Admin" status="Successful" user="myuser" src_ip="172.16.xxx.19" additional_information="ACCESS_POINT_NAME='P52008RBMHTR805'" message="Access Point 'P52008RBMHTR805' settings were changed by 'myuser' from '172.16.xxx.19' using 'GUI'"

    SYSTEM 2022-10-27 09:58:24 (CEST) messageid="18007" log_type="Event" log_component="Wireless Protection" log_subtype="System" additional_information="" message="Successfully sent config to AP [P52008RBMHTR805]."

    2022-10-27 07:57:55Z [MASTER] start processing configuration change
    2022-10-27 07:58:24Z [MASTER] new connection from 172.16.xxx.11:35635
    2022-10-27 07:58:24Z [P52008RBMHTR805] APX320 from 172.16.xxx.11:35635 identified as P52008RBMHTR805
    2022-10-27 07:58:24Z Could not read from file '/tmp/awed/P52008RBMHTR805.pid': No such file or directory
    2022-10-27 07:58:24Z [P52008RBMHTR805] (Re-)loaded identity and/or configuration
    2022-10-27 07:58:26Z [MASTER] new connection from 172.16.xxx.11:35638
    2022-10-27 07:58:26Z [P52008RBMHTR805] ll_read: short read or connection error: Connection reset by peer
    2022-10-27 07:58:26Z [P52008RBMHTR805] disconnected. Close socket and kill process.
    2022-10-27 07:58:26Z [P52008RBMHTR805] APX320 from 172.16.xxx.11:35638 identified as P52008RBMHTR805
    2022-10-27 07:58:26Z Could not read from file '/tmp/awed/P52008RBMHTR805.pid': No such file or directory
    2022-10-27 07:58:26Z [P52008RBMHTR805] (Re-)loaded identity and/or configuration
    2022-10-27 07:58:27Z [P52008RBMHTR805] ll_read: short read or connection error:
    2022-10-27 07:58:27Z [P52008RBMHTR805] disconnected. Close socket and kill process.
    2022-10-27 08:00:52Z [MASTER] new connection from 172.16.xxx.11:35639
    2022-10-27 08:00:52Z [P52008RBMHTR805] APX320 from 172.16.xxx.11:35639 identified as P52008RBMHTR805
    2022-10-27 08:00:52Z Could not read from file '/tmp/awed/P52008RBMHTR805.pid': No such file or directory
    2022-10-27 08:00:52Z [P52008RBMHTR805] (Re-)loaded identity and/or configuration
    2022-10-27 08:00:53Z [P52008RBMHTR805] ll_read: short read or connection error:
    2022-10-27 08:00:53Z [P52008RBMHTR805] disconnected. Close socket and kill process.
    2022-10-27 08:03:08Z [MASTER] new connection from 172.16.xxx.11:35640
    2022-10-27 08:03:08Z [P52008RBMHTR805] APX320 from 172.16.xxx.11:35640 identified as P52008RBMHTR805
    2022-10-27 08:03:08Z Could not read from file '/tmp/awed/P52008RBMHTR805.pid': No such file or directory
    2022-10-27 08:03:08Z [P52008RBMHTR805] (Re-)loaded identity and/or configuration
    2022-10-27 08:03:09Z [P52008RBMHTR805] ll_read: short read or connection error:
    2022-10-27 08:03:09Z [P52008RBMHTR805] disconnected. Close socket and kill process.
    2022-10-27 08:03:59Z WARN -------------------------------------------------------
    2022-10-27 08:03:59Z Use of uninitialized value in pattern match (m//) at /lib32/perl/site_perl/5.20.1/WP_connected_clients.pm line 513.
    2022-10-27 08:03:59Z 1 WP_connected_clients::update_clients
    2022-10-27 08:03:59Z WARN -------------------------------------------------------
    2022-10-27 08:03:59Z Use of uninitialized value in pattern match (m//) at /lib32/perl/site_perl/5.20.1/WP_connected_clients.pm line 513.
    2022-10-27 08:03:59Z 1 WP_connected_clients::update_clients
    2022-10-27 08:05:33Z [MASTER] new connection from 172.16.xxx.11:35654
    2022-10-27 08:05:34Z [P52008RBMHTR805] APX320 from 172.16.xxx.11:35654 identified as P52008RBMHTR805
    2022-10-27 08:05:34Z Could not read from file '/tmp/awed/P52008RBMHTR805.pid': No such file or directory
    2022-10-27 08:05:34Z [P52008RBMHTR805] (Re-)loaded identity and/or configuration
    2022-10-27 08:05:35Z [P52008RBMHTR805] ll_read: short read or connection error:
    2022-10-27 08:05:35Z [P52008RBMHTR805] disconnected. Close socket and kill process.

  • 0 in reply to Mayur Makvana
    Mayur Makvana said:
    We have observed couple of issue of the same from the field. I suggest raising the support ticket to investigate it further.

    we'll do that. sounds not good.

    just played with the missing pid file and created an empty one. as expected no luck.

    touch /tmp/awed/P52008RBMHTR805.pid

    2022-10-27 08:15:52Z WARN -------------------------------------------------------
    2022-10-27 08:15:52Z Argument "" isn't numeric in numeric eq (==) at /_conf/csc/wireless/awed line 2345.
    2022-10-27 08:15:52Z [MASTER] we have a *.pid file and no corresponding temporary PID.
    2022-10-27 08:15:56Z WARN -------------------------------------------------------
    2022-10-27 08:15:56Z Argument "" isn't numeric in numeric eq (==) at /_conf/csc/wireless/awed line 2345.
    2022-10-27 08:15:56Z [MASTER] we have a *.pid file and no corresponding temporary PID.
    2022-10-27 08:15:56Z [MASTER] new connection from 172.16.xxx.11:35674
    2022-10-27 08:15:56Z WARN -------------------------------------------------------
    2022-10-27 08:15:56Z Argument "" isn't numeric in numeric eq (==) at /_conf/csc/wireless/awed line 2345.
    2022-10-27 08:15:56Z [MASTER] we have a *.pid file and no corresponding temporary PID.
    2022-10-27 08:15:56Z [P52008RBMHTR805] APX320 from 172.16.xxx.11:35674 identified as P52008RBMHTR805
    2022-10-27 08:15:56Z [P52008RBMHTR805] (Re-)loaded identity and/or configuration
    2022-10-27 08:15:57Z [P52008RBMHTR805] ll_read: short read or connection error:
    2022-10-27 08:15:57Z [P52008RBMHTR805] disconnected. Close socket and kill process.

    XG does not spawn a new process for the new APX. Existing (only active) APs have a running process.


    XG430_WP02_SFOS 18.5.4 MR-4-Build418# ps -l |grep "P52008RBMHTR805"
    S     0 15841   908 23420  2788 pts1  10:18 00:00:00 grep P52008RBMHTR805
    XG430_WP02_SFOS 18.5.4 MR-4-Build418# ps -l |grep "P52008RT2M8J30A"
    R     0 17545   908 23420  2780 pts1  10:18 00:00:00 grep P52008RT2M8J30A

  • 0 in reply to LHerzog

    What I can see is that the AP tries to connect to 1.2.3.4 (local XG) and also to wifi.cloud.sophos.com (hub-wifi-spinnaker-1194699162.eu-west-1.elb.amazonaws.com with 108.129.21.170)

    And the AP quits the TLS Session as response to Server Hello with "bad certificate"

    TLSv1.2    59125    443    79    Alert (Level: Fatal, Description: Bad Certificate)

    wifi.cloud.sophos.com has a valid certificate from 14. October 2022 and has been issued by amazon.

    Valid Not Before 2022-10-14 00:00

    Common Name (CN)
        central.sophos.com
    Common Name w/o SNI
        central.sophos.com
    Subject Alternative Name (SAN)   

        central.sophos.com
        cloud.sophos.com
        www.central.sophos.com
        www.cloud.sophos.com
        wifi.cloud.sophos.com
        utm.cloud.sophos.com

    CA Issuers
        Amazon (Amazon from US) .

    I guess it is hardcoded into the AP firmware that the AP only accept the previous certificate? 

    No.	Time	Source	Destination	Protocol	SrcPort	DstPort	Length	Info
112	2022-10-27 10:44:05,679933	172.16.xxx.11	108.129.21.170	TCP	59125	443	80	59125 → 443 [SYN] Seq=0 Win=29xxx Len=0 MSS=1460 SACK_PERM=1 TSval=346934 TSecr=0 WS=64
113	2022-10-27 10:44:05,679933	172.16.xxx.11	108.129.21.170	TCP	59125	443	80	[TCP Out-Of-Order] 59125 → 443 [SYN] Seq=0 Win=29xxx Len=0 MSS=1460 SACK_PERM=1 TSval=346934 TSecr=0 WS=64
114	2022-10-27 10:44:05,679933	172.16.xxx.11	108.129.21.170	TCP	59125	443	76	[TCP Out-Of-Order] 59125 → 443 [SYN] Seq=0 Win=29xxx Len=0 MSS=1460 SACK_PERM=1 TSval=346934 TSecr=0 WS=64
115	2022-10-27 10:44:05,680301	172.16.xxx.11	108.129.21.170	TCP	59125	443	76	[TCP Out-Of-Order] 59125 → 443 [SYN] Seq=0 Win=29xxx Len=0 MSS=1460 SACK_PERM=1 TSval=346934 TSecr=0 WS=64
116	2022-10-27 10:44:05,680302	172.16.xxx.11	108.129.21.170	TCP	59125	443	80	[TCP Out-Of-Order] 59125 → 443 [SYN] Seq=0 Win=29xxx Len=0 MSS=1460 SACK_PERM=1 TSval=346934 TSecr=0 WS=64
117	2022-10-27 10:44:05,680302	172.16.xxx.11	108.129.21.170	TCP	59125	443	80	[TCP Out-Of-Order] 59125 → 443 [SYN] Seq=0 Win=29xxx Len=0 MSS=1460 SACK_PERM=1 TSval=346934 TSecr=0 WS=64
118	2022-10-27 10:44:05,706211	108.129.21.170	172.16.xxx.11	TCP	443	59125	76	443 → 59125 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=1460 SACK_PERM=1 TSval=1080659023 TSecr=346934 WS=256
119	2022-10-27 10:44:05,706211	108.129.21.170	172.16.xxx.11	TCP	443	59125	76	[TCP Out-Of-Order] 443 → 59125 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=1460 SACK_PERM=1 TSval=1080659023 TSecr=346934 WS=256
120	2022-10-27 10:44:05,706447	108.129.21.170	172.16.xxx.11	TCP	443	59125	76	[TCP Out-Of-Order] 443 → 59125 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=1460 SACK_PERM=1 TSval=1080659023 TSecr=346934 WS=256
121	2022-10-27 10:44:05,706448	108.129.21.170	172.16.xxx.11	TCP	443	59125	80	[TCP Out-Of-Order] 443 → 59125 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=1460 SACK_PERM=1 TSval=1080659023 TSecr=346934 WS=256
122	2022-10-27 10:44:05,706449	108.129.21.170	172.16.xxx.11	TCP	443	59125	80	[TCP Out-Of-Order] 443 → 59125 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=1460 SACK_PERM=1 TSval=1080659023 TSecr=346934 WS=256
123	2022-10-27 10:44:05,706871	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	59125 → 443 [ACK] Seq=1 Ack=1 Win=29248 Len=0 TSval=346937 TSecr=1080659023
124	2022-10-27 10:44:05,706871	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	[TCP Dup ACK 123#1] 59125 → 443 [ACK] Seq=1 Ack=1 Win=29248 Len=0 TSval=346937 TSecr=1080659023
125	2022-10-27 10:44:05,706871	172.16.xxx.11	108.129.21.170	TCP	59125	443	68	[TCP Dup ACK 123#2] 59125 → 443 [ACK] Seq=1 Ack=1 Win=29248 Len=0 TSval=346937 TSecr=1080659023
126	2022-10-27 10:44:05,706975	172.16.xxx.11	108.129.21.170	TCP	59125	443	68	[TCP Dup ACK 123#3] 59125 → 443 [ACK] Seq=1 Ack=1 Win=29248 Len=0 TSval=346937 TSecr=1080659023
127	2022-10-27 10:44:05,706976	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	[TCP Dup ACK 123#4] 59125 → 443 [ACK] Seq=1 Ack=1 Win=29248 Len=0 TSval=346937 TSecr=1080659023
128	2022-10-27 10:44:05,706977	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	[TCP Dup ACK 123#5] 59125 → 443 [ACK] Seq=1 Ack=1 Win=29248 Len=0 TSval=346937 TSecr=1080659023
129	2022-10-27 10:44:05,708297	172.16.xxx.11	108.129.21.170	TLSv1.2	59125	443	589	Client Hello
130	2022-10-27 10:44:05,708297	172.16.xxx.11	108.129.21.170	TCP	59125	443	589	[TCP Retransmission] 59125 → 443 [PSH, ACK] Seq=1 Ack=1 Win=29248 Len=517 TSval=346937 TSecr=1080659023
131	2022-10-27 10:44:05,708297	172.16.xxx.11	108.129.21.170	TCP	59125	443	585	[TCP Retransmission] 59125 → 443 [PSH, ACK] Seq=1 Ack=1 Win=29248 Len=517 TSval=346937 TSecr=1080659023
132	2022-10-27 10:44:05,708362	108.129.21.170	172.16.xxx.11	TCP	443	59125	68	443 → 59125 [ACK] Seq=1 Ack=518 Win=66560 Len=0 TSval=1080659023 TSecr=346937
133	2022-10-27 10:44:05,708363	108.129.21.170	172.16.xxx.11	TCP	443	59125	72	[TCP Dup ACK 132#1] 443 → 59125 [ACK] Seq=1 Ack=518 Win=66560 Len=0 TSval=1080659023 TSecr=346937
No.	Time	Source	Destination	Protocol	SrcPort	DstPort	Length	Info
7	2022-10-27 10:43:50,603847	172.16.xxx.11	172.16.xxx.xxx	DNS	36904	53	87	Standard query 0x0002 A wifi.cloud.sophos.com
8	2022-10-27 10:43:50,603847	172.16.xxx.11	172.16.xxx.xxx	DNS	36904	53	87	Standard query 0x0002 A wifi.cloud.sophos.com
9	2022-10-27 10:43:50,603847	172.16.xxx.11	172.16.xxx.xxx	DNS	36904	53	83	Standard query 0x0002 A wifi.cloud.sophos.com
10	2022-10-27 10:43:50,604089	172.16.xxx.11	172.16.xxx.xxx	DNS	36904	53	83	Standard query 0x0002 A wifi.cloud.sophos.com
11	2022-10-27 10:43:50,604092	172.16.xxx.11	172.16.xxx.xxx	DNS	36904	53	83	Standard query 0x0002 A wifi.cloud.sophos.com
12	2022-10-27 10:43:50,605190	172.16.xxx.xxx	172.16.xxx.11	DNS	53	36904	199	Standard query response 0x0002 A wifi.cloud.sophos.com CNAME hub-wifi-spinnaker-1194699162.eu-west-1.elb.amazonaws.com A 108.129.21.170 A 54.76.119.40 A 46.51.153.248
13	2022-10-27 10:43:50,605190	172.16.xxx.xxx	172.16.xxx.11	DNS	53	36904	199	Standard query response 0x0002 A wifi.cloud.sophos.com CNAME hub-wifi-spinnaker-1194699162.eu-west-1.elb.amazonaws.com A 108.129.21.170 A 54.76.119.40 A 46.51.153.248
14	2022-10-27 10:43:50,605255	172.16.xxx.xxx	172.16.xxx.11	DNS	53	36904	199	Standard query response 0x0002 A wifi.cloud.sophos.com CNAME hub-wifi-spinnaker-1194699162.eu-west-1.elb.amazonaws.com A 108.129.21.170 A 54.76.119.40 A 46.51.153.248
15	2022-10-27 10:43:50,605256	172.16.xxx.xxx	172.16.xxx.11	DNS	53	36904	203	Standard query response 0x0002 A wifi.cloud.sophos.com CNAME hub-wifi-spinnaker-1194699162.eu-west-1.elb.amazonaws.com A 108.129.21.170 A 54.76.119.40 A 46.51.153.248
16	2022-10-27 10:43:50,605257	172.16.xxx.xxx	172.16.xxx.11	DNS	53	36904	203	Standard query response 0x0002 A wifi.cloud.sophos.com CNAME hub-wifi-spinnaker-1194699162.eu-west-1.elb.amazonaws.com A 108.129.21.170 A 54.76.119.40 A 46.51.153.248

134	2022-10-27 10:44:05,708363	108.129.21.170	172.16.xxx.11	TCP	443	59125	72	[TCP Dup ACK 132#2] 443 → 59125 [ACK] Seq=1 Ack=518 Win=66560 Len=0 TSval=1080659023 TSecr=346937
135	2022-10-27 10:44:05,754939	172.16.xxx.11	108.129.21.170	TLSv1.2	59125	443	585	[TCP Spurious Retransmission] , Client Hello
136	2022-10-27 10:44:05,754941	172.16.xxx.11	108.129.21.170	TLSv1.2	59125	443	589	[TCP Spurious Retransmission] , Client Hello
137	2022-10-27 10:44:05,754941	172.16.xxx.11	108.129.21.170	TLSv1.2	59125	443	589	[TCP Spurious Retransmission] , Client Hello
138	2022-10-27 10:44:05,780953	108.129.21.170	172.16.xxx.11	TCP	443	59125	68	[TCP Window Update] 443 → 59125 [ACK] Seq=1 Ack=518 Win=28160 Len=0 TSval=1080659098 TSecr=346937
139	2022-10-27 10:44:05,780953	108.129.21.170	172.16.xxx.11	TCP	443	59125	68	[TCP Dup ACK 132#3] 443 → 59125 [ACK] Seq=1 Ack=518 Win=28160 Len=0 TSval=1080659098 TSecr=346937
140	2022-10-27 10:44:05,781968	108.129.21.170	172.16.xxx.11	TLSv1.2	443	59125	1516	Server Hello
141	2022-10-27 10:44:05,781968	108.129.21.170	172.16.xxx.11	TCP	443	59125	1516	[TCP Retransmission] 443 → 59125 [ACK] Seq=1 Ack=518 Win=28160 Len=1448 TSval=1080659099 TSecr=346937
142	2022-10-27 10:44:05,782045	108.129.21.170	172.16.xxx.11	TCP	443	59125	1516	443 → 59125 [ACK] Seq=1449 Ack=518 Win=28160 Len=1448 TSval=1080659099 TSecr=346937 [TCP segment of a reassembled PDU]
143	2022-10-27 10:44:05,782045	108.129.21.170	172.16.xxx.11	TCP	443	59125	1516	[TCP Retransmission] 443 → 59125 [ACK] Seq=1449 Ack=518 Win=28160 Len=1448 TSval=1080659099 TSecr=346937
144	2022-10-27 10:44:05,782051	108.129.21.170	172.16.xxx.11	TCP	443	59125	1516	443 → 59125 [ACK] Seq=2897 Ack=518 Win=28160 Len=1448 TSval=1080659099 TSecr=346937 [TCP segment of a reassembled PDU]
145	2022-10-27 10:44:05,782051	108.129.21.170	172.16.xxx.11	TCP	443	59125	1516	[TCP Retransmission] 443 → 59125 [ACK] Seq=2897 Ack=518 Win=28160 Len=1448 TSval=1080659099 TSecr=346937
146	2022-10-27 10:44:05,782055	108.129.21.170	172.16.xxx.11	TLSv1.2	443	59125	1227	Certificate, Server Key Exchange, Server Hello Done
147	2022-10-27 10:44:05,782055	108.129.21.170	172.16.xxx.11	TCP	443	59125	1227	[TCP Retransmission] 443 → 59125 [PSH, ACK] Seq=4345 Ack=518 Win=28160 Len=1159 TSval=1080659099 TSecr=346937
148	2022-10-27 10:44:05,782073	172.16.xxx.11	108.129.21.170	TCP	59125	443	68	59125 → 443 [ACK] Seq=518 Ack=2897 Win=29248 Len=0 TSval=346937 TSecr=1080659099
149	2022-10-27 10:44:05,782074	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	[TCP Dup ACK 148#1] 59125 → 443 [ACK] Seq=518 Ack=2897 Win=29248 Len=0 TSval=346937 TSecr=1080659099
150	2022-10-27 10:44:05,782075	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	[TCP Dup ACK 148#2] 59125 → 443 [ACK] Seq=518 Ack=2897 Win=29248 Len=0 TSval=346937 TSecr=1080659099
151	2022-10-27 10:44:05,782465	108.129.21.170	172.16.xxx.11	TCP	443	59125	1516	[TCP Out-Of-Order] 443 → 59125 [ACK] Seq=1 Ack=518 Win=28160 Len=1448 TSval=1080659023 TSecr=346937
152	2022-10-27 10:44:05,782467	108.129.21.170	172.16.xxx.11	TCP	443	59125	1520	[TCP Out-Of-Order] 443 → 59125 [ACK] Seq=1 Ack=518 Win=28160 Len=1448 TSval=1080659023 TSecr=346937
153	2022-10-27 10:44:05,782468	108.129.21.170	172.16.xxx.11	TCP	443	59125	1520	[TCP Out-Of-Order] 443 → 59125 [ACK] Seq=1 Ack=518 Win=28160 Len=1448 TSval=1080659023 TSecr=346937
154	2022-10-27 10:44:05,782478	108.129.21.170	172.16.xxx.11	TCP	443	59125	1516	[TCP Out-Of-Order] 443 → 59125 [ACK] Seq=1449 Ack=518 Win=28160 Len=1448 TSval=1080659023 TSecr=346937[Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)]
155	2022-10-27 10:44:05,782479	108.129.21.170	172.16.xxx.11	TCP	443	59125	1520	[TCP Out-Of-Order] 443 → 59125 [ACK] Seq=1449 Ack=518 Win=28160 Len=1448 TSval=1080659023 TSecr=346937[Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)]
156	2022-10-27 10:44:05,782480	108.129.21.170	172.16.xxx.11	TCP	443	59125	1520	[TCP Out-Of-Order] 443 → 59125 [ACK] Seq=1449 Ack=518 Win=28160 Len=1448 TSval=1080659023 TSecr=346937[Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)]
157	2022-10-27 10:44:05,782485	108.129.21.170	172.16.xxx.11	TCP	443	59125	1516	[TCP Fast Retransmission] 443 → 59125 [ACK] Seq=2897 Ack=518 Win=28160 Len=1448 TSval=1080659023 TSecr=346937[Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)]
158	2022-10-27 10:44:05,782485	108.129.21.170	172.16.xxx.11	TCP	443	59125	1520	[TCP Fast Retransmission] 443 → 59125 [ACK] Seq=2897 Ack=518 Win=28160 Len=1448 TSval=1080659023 TSecr=346937[Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)]
159	2022-10-27 10:44:05,782486	108.129.21.170	172.16.xxx.11	TCP	443	59125	1520	[TCP Fast Retransmission] 443 → 59125 [ACK] Seq=2897 Ack=518 Win=28160 Len=1448 TSval=1080659023 TSecr=346937[Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)]
160	2022-10-27 10:44:05,782491	108.129.21.170	172.16.xxx.11	TCP	443	59125	1227	[TCP Retransmission] 443 → 59125 [PSH, ACK] Seq=4345 Ack=518 Win=28160 Len=1159 TSval=1080659023 TSecr=346937
161	2022-10-27 10:44:05,782491	108.129.21.170	172.16.xxx.11	TCP	443	59125	1231	[TCP Retransmission] 443 → 59125 [PSH, ACK] Seq=4345 Ack=518 Win=28160 Len=1159 TSval=1080659023 TSecr=346937
162	2022-10-27 10:44:05,782492	108.129.21.170	172.16.xxx.11	TCP	443	59125	1231	[TCP Retransmission] 443 → 59125 [PSH, ACK] Seq=4345 Ack=518 Win=28160 Len=1159 TSval=1080659023 TSecr=346937
163	2022-10-27 10:44:05,782498	172.16.xxx.11	108.129.21.170	TCP	59125	443	68	59125 → 443 [ACK] Seq=518 Ack=5504 Win=29248 Len=0 TSval=346937 TSecr=1080659099
164	2022-10-27 10:44:05,782498	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	[TCP Dup ACK 163#1] 59125 → 443 [ACK] Seq=518 Ack=5504 Win=29248 Len=0 TSval=346937 TSecr=1080659099
165	2022-10-27 10:44:05,782499	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	[TCP Dup ACK 163#2] 59125 → 443 [ACK] Seq=518 Ack=5504 Win=29248 Len=0 TSval=346937 TSecr=1080659099
166	2022-10-27 10:44:05,782900	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	[TCP Window Update] 59125 → 443 [ACK] Seq=518 Ack=5504 Win=40256 Len=0 TSval=346945 TSecr=1080659023
167	2022-10-27 10:44:05,782900	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	[TCP Dup ACK 163#3] 59125 → 443 [ACK] Seq=518 Ack=5504 Win=40256 Len=0 TSval=346945 TSecr=1080659023
168	2022-10-27 10:44:05,782900	172.16.xxx.11	108.129.21.170	TCP	59125	443	68	[TCP Dup ACK 163#4] 59125 → 443 [ACK] Seq=518 Ack=5504 Win=40256 Len=0 TSval=346945 TSecr=1080659023
169	2022-10-27 10:44:05,796452	172.16.xxx.11	108.129.21.170	TLSv1.2	59125	443	79	Alert (Level: Fatal, Description: Bad Certificate)
170	2022-10-27 10:44:05,796452	172.16.xxx.11	108.129.21.170	TLSv1.2	59125	443	79	[TCP Fast Retransmission] , Alert (Level: Fatal, Description: Bad Certificate)
171	2022-10-27 10:44:05,796452	172.16.xxx.11	108.129.21.170	TLSv1.2	59125	443	75	[TCP Fast Retransmission] , Alert (Level: Fatal, Description: Bad Certificate)
172	2022-10-27 10:44:05,796496	172.16.xxx.11	108.129.21.170	TLSv1.2	59125	443	75	[TCP Fast Retransmission] , Alert (Level: Fatal, Description: Bad Certificate)
173	2022-10-27 10:44:05,796497	172.16.xxx.11	108.129.21.170	TLSv1.2	59125	443	79	[TCP Fast Retransmission] , Alert (Level: Fatal, Description: Bad Certificate)
174	2022-10-27 10:44:05,796498	172.16.xxx.11	108.129.21.170	TLSv1.2	59125	443	79	[TCP Fast Retransmission] , Alert (Level: Fatal, Description: Bad Certificate)
175	2022-10-27 10:44:05,797614	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	59125 → 443 [RST, ACK] Seq=525 Ack=5504 Win=40256 Len=0 TSval=346946 TSecr=1080659023
176	2022-10-27 10:44:05,797614	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	59125 → 443 [RST, ACK] Seq=525 Ack=5504 Win=40256 Len=0 TSval=346946 TSecr=1080659023
177	2022-10-27 10:44:05,797614	172.16.xxx.11	108.129.21.170	TCP	59125	443	68	59125 → 443 [RST, ACK] Seq=525 Ack=5504 Win=40256 Len=0 TSval=346946 TSecr=1080659023
178	2022-10-27 10:44:05,797645	172.16.xxx.11	108.129.21.170	TCP	59125	443	68	59125 → 443 [RST, ACK] Seq=525 Ack=5504 Win=40256 Len=0 TSval=346937 TSecr=1080659099
179	2022-10-27 10:44:05,797645	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	59125 → 443 [RST, ACK] Seq=525 Ack=5504 Win=40256 Len=0 TSval=346937 TSecr=1080659099
180	2022-10-27 10:44:05,797646	172.16.xxx.11	108.129.21.170	TCP	59125	443	72	59125 → 443 [RST, ACK] Seq=525 Ack=5504 Win=40256 Len=0 TSval=346937 TSecr=1080659099
181	2022-10-27 10:44:05,822493	108.129.21.170	172.16.xxx.11	TCP	443	59125	68	443 → 59125 [FIN, ACK] Seq=5504 Ack=525 Win=28160 Len=0 TSval=1080659140 TSecr=346937
182	2022-10-27 10:44:05,822493	108.129.21.170	172.16.xxx.11	TCP	443	59125	68	[TCP Out-Of-Order] 443 → 59125 [FIN, ACK] Seq=5504 Ack=525 Win=28160 Len=0 TSval=1080659140 TSecr=346937

  • 0 in reply to LHerzog

    case ID:  05840524 / APX320 remains inactive after registration

Unfiltered HTML