This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Step-by-Step: how to move AP from SFOS to Central Wireless

Hi all

A quick rundown of my experience for moving (temporarily) one AG15 to Sophos Central (for testing Central Wireless).

Starting point:

  • AP15 with firmware 15.x
  • AP associated and connected to SG115 running SFOS 16.01.2

Step by step:

  1. SFOS: "released" AP firmware 6.0.001 on SFOS (Backup & Firmware > Pattern Updates > AP Firmware, Install)
  2. SFOS: assumed firmware update to 6.0.001 was successful - I was unable to find any place that shows me the current firmware of a given access point. The only information I get is from the System log [serial-of-ap] sent firmware /content/apfw/AP15.uimage to device, releasing connection). Question: is there really no way to check the firmware of a given access point?
  3. Removed (deleted) the AP15 from my the SFOS configuration (Wireless > Access Points > check Access point in question, select Delete)
  4. Rebooted AP15 (removing power; the device get's an IP assignment including def gw from the DHCP server and device is pingable)
  5. Registered AP at Sophos Central, several rounds were needed (twice "Waiting for initial AP connection" timed out, retry), then it was showing "Updating firmware" (assuming it will update to 1.8.0-3)

One this is done, I will test Sophos Wireless and then move the device back. AFAIK the device will revert the SFOS firmware once registered with SFOS instead of Central Wireless.

- Maurice



This thread was automatically locked due to age.
Parents
  • First Update:

    • Sophos Central, wireless onboarding page: "Updating firmmare" was shown for several hours, while the green LED on the AP was happily blinking
    • When aborting and then ending up on the Wireless Dashboard, no APs are shown (Wireless > Access Points)
    • Two alerts where shown on the dashboard, when selecting "Configure AP" on one of them I get to the AP configuration page. There the S/N of the AP is shown, as well as the public IP the AP came from, but not the internal IP or Version. At the top, the big warning "This access point is offline! .." is displayed

    Summary so far:

    • The migration process is not very verbose (firmware update, registration with Sophos Central), making it difficult to handle eventual problems
    • The migration did not not work for me - I will need to open a support case to see if the AP can show up in Sophos Central

    Further, I was unable to find out how to set some policies for the (any) WLAN SSID (but especially the Guest WLAN is of interest). Advice appreciated.

    - Maurice

  • Update two:

    • Sophos Support was not very helpful - it took a very long time to get a response, and the response did not help (basically I just got a repetition of known facts like the problem with 1.8.0-3)
    • After checking the AP was able to talk freely to the internet, I tried to register the AP again, and this time it registered right away

    So, let's move on to the next step - what can I actually do with the Sophos Central Wireless without a firewall ...

Reply Children
  • Hi,

     

    sorry for the late reply. We were able to reproduce the issue for every initial registration when coming from a SG/XG, causing the first registration to fail. It's tracked internally with CWIFI-5795. The issue is fixed and will be released in January. 

    The issue is not in the firmware on the UTM but actually on the firmware that is installed during the registration process - it does not acknowledge the current state and thus gets out of sync with Sophos Central.

    As the fix is in the firmware coming from Sophos Central during installation, you won't have to modify your APs. The fix is transparent for you.

    As workaround, please wait until the registration process fails (should be after 5 minutes) and click on retry. The 2nd registration will work. Don't unplug your AP during this period. A power loss during firmware update might brick the AP.

     

    Kind regards,

     

    Dirk Bolte