3CX DLL-Sideloading attack: What you need to know
Hi,
i upgraded XGS 2100 and XG125 to 19.5 GA.I had some minor issues with VPN S2S and IKEv1.Most feature where fine for a week now.
Today at the XG125 WiFi stopped working.
Clients get a IP Adress and thats it, no Internet access or other access
from XGS2100 i can ping the wireless clientsfrom XG125 i can´t ping any wireless clients.
The setup for XG125 worked for the last week, today Wifi fails at XGS125.
All Clients are offline now!
need help
which model APs are affected?
Ian
XG115W - v19.5.1 mr-1 - Home
If a post solves your question please use the 'Verify Answer' button.
All AP´s are affected ..
I had some Rev 01 and Rev 05 APX320 and one AP15 that didn´t allow any connected client to surf the web.
All AP´s did send their SSID, but the clients did´nt get any IP´s.Wireless clients did show up in SFOS, but no traffic at all.
No tcpdump and tracelogs showed no sign of data.Even a ANY to ANY FW Rule had no traffic
Sophos support did a great job and investigated about 160 minutes online...Finally they found the culprit, the SFOS 19.5 did unplugged the Wireless NIC ...
We removed the WiFi GuestAP and removed the Wireless NIC, after adding this again all was fine.
But he didn´t had any idea why 19.5 GA lost the Interface during normal load...
The case is closed already ...
Hi JuergenB,
Can you share the Support case ID you had with Support?
Would you be willing to open a Support access tunnel to your XGS125, so Engineering can investigate why the wireless NIC stopped working? If so, please PM me the support access ID.
Thanks.
Hello Juergen,
Thank you for contacting the Sophos Community.
I checked under your account, but I wasn’t able to find any case open for this, please share the Case ID via here or PM.
Regards,
GuestAP Interface is unplugged again ...
Thank you for reaching out to Sophos Community.
Regarding your case 06125206. Will update the case indicating that is has been unplugged again.Thank you for the update
Erick JanCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Hi JuergenB
I am Saurabh from Engineering,. we're looking in to your case. It seems there's delete AP (1 AP15, 2 APX320) operations performed on 27th Jan. Was that intentional ?
Erick Jan can u please create support investigation ticket (and link both cases) for us to look in to this ?
Hi Saurabh,
yes, this was intentional. Sophos support tried some tricks on SFOS and we remove/added some AP´s for testing.
Hi Spandya,
For your request, kindly see case# 06125206 since the issue is the same case and was created by JuergenB.
Just an additional verification from Dev.
Was it working fine before upgrading to v19.5? and the issue only happened after upgrading