Hello,
I'm following https://support.sophos.com/support/s/article/KB-000036137?language=en_US to register new APs in Central.
This was not working until we allowed Port tcp:2713 to Heartbeat IP. This is undocumented in that KB article.
I cannot even find a Sophos KB about that Port 2713, only some posts in forums. Some have information that there was a bug that APs connected to central on a wrong port and had to be replaced.
Please bring some light into this.
Also NTP was not working until we allowed NTP outgoing to any (!).
openwrt.pool.ntp.org unresolvable... and so is prod.hydra.sophos.com and others from that KB. You should eventually add information that it may be wildcards: *.prod.hydra.sophos.com
Screenshot of current requirements from KB written above
Hello LHerzog,
Thank you for contacting the Sophos Community.
I would need to pass your feedback to our documentation team for them to double-check about port 2713.
Regards,
Thanks. Please share feedback once you have it.
I know 2712 which is used when APs register at your own Firewall. But 2713 is completely new to me.
Thank you for the follow-up, yes once I hear back I will update.
I confirmed and they mentioned that yes if they’re Central Managed AP, port 2713 isn’t mandatory to be open to register to Central, only when the AP registers and is managed via the XG/SG.
They mentioned if the issue still persists to open a case to get this investigated further.
Thanks emmosophos, as written, it was'nt working until we opened the port.
We'll see what happens when we eventually register new devices in the future.