Sophos Firewall v22 EAP is now available! Click here to learn more.

Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access points AP/APX going offline abruptly

Fasil Yilma

Hi All,

We have 11 APs of different models:

Model Qty FW Version Power/Data Source
AP100C 4 v2.3.4-5 Cisco PoE Switch
AP100X 1 v2.3.4-5 Power Injector/Cisco PoE Switch
APX320X 2 v2.3.4-5 Power Injector/Cisco PoE Switch
APX530 4 v2.3.4-5 Cisco PoE Switch

We have Sophos XGS2300 (SFOS 19.5.2 MR-2-Build624) with DHCP service. Let us say with a network of 172.16.1.x. 172.16.1.1-20 are reserved, and 11 APs are assigned static IP from this range. Clients connected to any of the APs will lease from 21-254.

All of the 11 APs are managed from Sophos Central.

The issue we are having for quite a while is any of them going offline abruptly. To bring them back alive, we have to unplug and plug back their cable OR disable/enable their respective port from the Switch.

We have contacted Sophos Support. So far, they proposed two recommendations:

  1. Turning off "Enable wireless protection" from XGS FW -> Protect - Wireless - Wireless Settings
  2. Assigning static IP address to the APs using their Mac address from XGS FW -> Configure - Network - DHCP.

None of the above recommendations have worked to resolve the issue. 

We are still having APs going offline with the following warning on Sophos Central. Access Point " NameofAP" is offline, s/n: xxxxxx7D7, site: xxxHQ, uptime: 7 hours 7 minutes, last-seen:9/7/23 1:09 PM

Does anyone have similar experience or know how to permanently resolve this annoying and disruptive issue? Thank you in advance!

Fasil



Added TAGs
[edited by: Erick Jan at 5:08 AM (GMT -8) on 12 Jan 2024]
  • 0

    Hello Fasil,

    when you control your APs with Sophos central, then you must not enable Sophos Wireless Protection on the Firewall. This is either/or, never BOTH.

    If this is enabled, Sophos Wifi Accesspoints will randomly connect to one or the other, causing issues like you described.

    You should have some patience, when turning this off, you should restart the APs after you disabled Wireless Protection on the FW. And give them some time to reboot and reconnect.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

    • 0 in reply to PhilippRusch

      Thank you Philipp. 

      Yes, the wireless protection should have been disabled on the FW. It is turned off a week ago, and since then all APs were rebooted at least 4-5 times. The maximum uptime we have is around 2days as can be seen from the attached screenshot. 

      After posting the above, two AP100Cs goes offline again (the last one included). From the FW, those offline APs are reachable via ping. The logviewer only shows IP leasing renewal for the APs close to the time they went offline. The AP led turned Orange and not reachable to clients.  If there is a nearby AP, clients automatically connect to the other, otherwise no wireless connectivity. Attached some screenshots

      When checking the AP configuration while offline, you see the following:

      1. There is Tx/Rx

      2. Memory & CPU in use (green)

      3. No device connected as no SSID broadcasted

      4. Led on AP remains Solid Amber.

      Regards,

      Fasil

      • 0 in reply to Fasil Yilma

        As the APs are actually live while their status is Offline and not broadcasting, trying the following:

        1. Upgraded the FW firmware to the lates version, SFOS 19.5.3 MR3-Build652 

        2. Increased dhcp lease duration to min 7 days

        3. Set Keep broadcasting enabled on 1 or more of the SSIDs. 

        4. Restarted APs

        We will see if this resolves the issue.