3CX DLL-Sideloading attack: What you need to know
We're a Sophos partner trying to rollout XGS firewalls with Sophos APX broadcasters but hit a major issue where our orders for broadcasters are grinding to a halt. the APX 530 and APX 740 are out of stock according to Sophos with NO ETA.
Nice one Sophos, you make XGS 18.5 no longer support older broadcasters, forcing customers to upgrade and then you cant even supply them or even give an ETA.
I've esculated this within Sophos but everyone is giving us "there's no ETA."
So I'm hoping posting this will raise awareness and someone with common sense at Sophos will actually realise how much of a problem this is to partners and feedback so XGS can programmed to support older broadcasters for the time being. At the moment we're sat on multiple deployments and unable to go anywhere.
I doubt they'll ever respond to this post or reverse their decision to block older devices, so I used eBay to purchase my 740. There's a vendor on there selling them for $400. Might be worth a look.
I had another response back and every partner is in the same boat. Annoyingly, yet predictably, Sophos won't do anything to allow XGS to support non-APXs model.
Thanks for suggesting ebay route, we're in the UK and saw this auction is US based. Its highly tempting to get the projects shifting but have no idea on what Sophos's support/warranty would be using used broadcasters. Also I'm not sure if the broadcasters would function outside the US, technically I cant see why not but who knows what license limitation they've implemented.
One thing I have up my sleeve is to use a UTM and turn that into an AP controller for the older broadcasters and connect that with the XGS.
APX320 are also out of stock. Germany region.
The wireless segment has been heavily impacted by the current global component shortages and all vendors are experiencing longer lead times, not only for access points but also for the Wi-Fi chips and components included in other products, such as firewalls. We expect this situation to continue to be challenging over the coming months.
In case you’re not subscribed already, our Partner Blog is a great resource to keep you up-to-date with the most relevant issues and updates. This one in particular touches on the subject: https://partnernews.sophos.com/en-us/2022/04/products/wireless-lifecycle-and-ap-series-end-of-life-planning/
I understand the shortage of chips would impact the APX range but Sophos should have been forward thinking and enabled the older AP range to work on v18.5 going forward, even if its temporary. I now have 4 deployments dead in the water because of this, potentially losing 2 of them because of the lead time. I very much doubt I'm the only partner in this position
Your sob story means nothing when the issue was created by Sophos completely disabling older hardware.
If Sophos wants your sob story to mean anything at all, enable the older hardware again until you can actually provide for an support newer hardware. Until then, this is obviously a greedy money grab that Sophos can't actually support.
FYI: Your response is frankly insulting and doesn't actually address the real issue at hand.
Virtual high 5 Neil for that comment!
I've raised this with account manager and senior account manager of the UK sales team about this, they wont esculate it to development.
I understand technology has to move forward, the AP range is old but it functions and did function in v18. The hardware hasn't changed so in theory it should be capable of working. Hell even if there was a legacy mode on 18.5 and 19 to support AP range but meant you couldnt use APX then its a start.
Im really annoyed because of the damage this has caused me with some of my customers, they dont understand the chip shortage, why should they when they are trying to run a business.
For anyone else in this position you could use a UTM as an AP controller and then route that to an XG or XGS but quite a drastic approach.
Why not using Central Wireless? All Access Points are supported there. No need to use the Wireless Controller on SFOS/UTM at all.
So actually there is a solution to this approach, it is Central Wireless. Central Wireless Supports APX, AP15/55/100 at no costs.
You can simply migrate over your Access Points and use them there with one XGS Appliance.
You can do this even now and migrate hardware appliances later.
That's a really interesting idea. I have to confess, not touched Central Wireless as always lead to believe its a paid for service by Sophos account manager. Would you be kind enough to explain in a bit more detail to help me and others reading this, I presume its managed by vlans which in turn the XGS can then handle. Does this work with wifis behind RED/SD-REDs?
So essentially it supports all currently supported Access Points (not the EoL versions like AP30 etc.).
You can do Bridge to LAN, VLAN and Guest Network. Separate Zone is not possible, as separate zone is a concept requiring a firewall. Personally i always recommend to use Bridge to VLAN anyway. It is a better solution for performance and routing decisions.
AP/APX can work behind everything and need simply a HTTPS Connection to Central to get the config. You can configure the AP to still broadcast the Network, if the ISP is down for example.
Central supports Social Login, like Facebook/Google if needed. The Guest network can use a own Voucher system. Guest Network can also be a own network managed by the AP and only allow HTTP/HTTPS (if you do not want to use VLANs for example).
You need a Central Account to use this. By creating a Account, you get all Features/Products enabled for a 30 Day Trial. Those Products will run out after 30 Days and only Firewall/Wireless Management will remain in the Account.
Central Wireless can do Bridge to LAN and Bridge to VLAN on the same time - Not like UTM/SFOS, which has to use VLAN for everything, in case you start VLAN. You can do in Central simply VLAN 2 for Guests and Bridge to LAN for the rest.