I had a pair of XG330's on V18.0.4 MR-4 running in HA (Active-Passive) with 2 x AP55c AP's. One device failed and this was replaced by Sophos with an RMA.
During this time I removed the HA config on the remaining XG330. When the replacement hardware arrived, I patched it to the same firmware level and restored the configuration from the current "live" device. Over the weekend I patched my switches / servers and WAN link into the new XG330. Everything came up and worked except the RADIUS authentication to my Windows 2019 Server. The previous configuration has been working for 2.5 years.
The new XG330 is running as standalone, it's not under HA as yet.
I have 2 wireless SSID's:
I can connect to the standard WPA2/Password without issues.
I can not connect to the RADIUS Authenticated SSID. I have logged a ticket with Sophos support, but all they gave me on the remote session was the article to configure RADIUS for server 2012. I have looked at the Server 2016 article as well.
We can see in the windows event log that the user is trying to authenticate but is failing.
Is there something in the certificate that you have to crate with the Sophos RAIUS setup that includes the S/N of the XG330?
Does anyone know what else I should be looking into?
An update to how we resolved the issue.
It turns out it wasn't the replacements XG330's issue, it was a configuration change on the MTU for the LAG between the XG330 and the Switch.
As part of…
As part of the deployment of the new XG we also changed the core network switches (Juniper) to 10GB.
Following the Windows event log ID issues, we found an article that pointed us to add a setting in the RADUIS server for MTU size:
Once we added the MTU setting into the RADIUS, WiFi worked straight away.
Thank you for your detailled solution and description of the issue. We also use RADIUS for Wifi VLAN assignment and hope I remember your post when we ever face issues like that after changing MTU.