This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

APX320 and APX530 using undocumented port 2713 to Heartbeat IP 52.5.76.173

Hello,

I'm following https://support.sophos.com/support/s/article/KB-000036137?language=en_US to register new APs in Central.

This was not working until we allowed Port tcp:2713 to Heartbeat IP. This is undocumented in that KB article.

I cannot even find a Sophos KB about that Port 2713, only some posts in forums. Some have information that there was a bug that APs connected to central on a wrong port and had to be replaced.

Please bring some light into this.

Also NTP was not working until we allowed NTP outgoing to any (!).

openwrt.pool.ntp.org unresolvable... and so is prod.hydra.sophos.com and others from that KB. You should eventually add information that it may be wildcards: *.prod.hydra.sophos.com

This thread was automatically locked due to age.

Top Replies

emmosophos over 3 years ago in reply to emmosophos +1 suggested

Hello LHerzog, I confirmed and they mentioned that yes if they’re Central Managed AP, port 2713 isn’t mandatory to be open to register to Central, only when the AP registers and is managed via the XG…

0 LHerzog over 3 years ago

Screenshot of current requirements from KB written above
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago

Hello LHerzog,

Thank you for contacting the Sophos Community.

I would need to pass your feedback to our documentation team for them to double-check about port 2713.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 LHerzog over 3 years ago in reply to emmosophos

Thanks. Please share feedback once you have it.

I know 2712 which is used when APs register at your own Firewall. But 2713 is completely new to me.
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to LHerzog

Hello LHerzog,

Thank you for the follow-up, yes once I hear back I will update.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to emmosophos

Hello LHerzog,

I confirmed and they mentioned that yes if they’re Central Managed AP, port 2713 isn’t mandatory to be open to register to Central, only when the AP registers and is managed via the XG/SG.

They mentioned if the issue still persists to open a case to get this investigated further.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Cancel
0 LHerzog over 3 years ago in reply to emmosophos

Thanks emmosophos, as written, it was'nt working until we opened the port.

We'll see what happens when we eventually register new devices in the future.
Cancel
Vote Up 0 Vote Down

Cancel