Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos APX 320 not showing in pending Access Points

Hello together,

today I tried to add new APs to a freshly migrated firewall.

Unfortunately, the new Access Points do not show up under pending Access Points.

Firstly, I thought that the SD-WAN-routes did not allow the APs to come online since the firewall also appeared offline in Sophos Central.

After disabling the SD-WAN-routes the firewall appears online again, but the Access Points still don't seem to reach the internet for the initial registration.

Also adding a temporary Any-rule to the firewall and a SNAT-rule to allow all traffic from the APs to the internet didn't help me here.

I also tried installing the newest pattern updates, but the access points still remain undetected.

A DHCP-server is running on the firewall and the APs receive an IP-configuration where the firewall is the default gateway.

Also the appropriate zones (LAN and WIFI) are added to the wireless protection.

The device access is configured to allow Wireless Protection in LAN and WIFI.

The log viewer shows that the APs can now reach the internet without a problem, but the IP 1.2.3.4 over port 2712 TCP is not allowed (Cound not associate packet to any connection). Yet, the temporary firewall rule allows all LAN traffic to any zones over any services.

Note: The APs have the IPs 192.168.192.100 and .101

I hope, you can help me with this issue.

Thanks in advance.

Best regards,

Luis



This thread was automatically locked due to age.
  • Please check your licences.

    "Base Firewall" must be Subscribed for Wireless.

    Also, you may try to add the 1.2.3.4/23 as additional address at the firewall. (this sometimes solved problems for me)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hi Dirk,

    thank you for your reply.

    I just had a look in the license administration. Turns out that the base firewall is not subscribed yet it has an expiration date of 2999.

    Isn't the base firewall always activated?

    I will try to add 1.2.3.4 /23 as an interface alias, maybe that will work.

    Thank you for your help.

    BR,

    Luis

  • Okay, turns out the base firewall subscription was the issue.

    I restarted the firewall again and somehow the base firewall license activated and subsequently the access points showed up.