This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

APX120 behin SD-RED20

Hi there,

 

I want to setup the following:

We have a small branch office for one employee for which we need a wireless LAN. I have set up a SD-RED20 for this location which works quite well via LTE.

To access the network via WiFi, I have also set up an APX120 with a SSID which bridges to AP-LAN. Everything works quite well in the main office.

If I connect the APX to the SD-RED20, the APX does not connect to the UTM which I do not understand as the Branch offices network connected over the RED is allowed to connect to the firewalls main network via Any protocol.

 

Do I miss something here? Do I have to create another firewall rule for the initial handshake between UTM an AP?

 

Appreciate your help!

 

Thanks in advance

Alex



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    If the RED operation mode is not Standard/Unified, you have to add Magic IP 1.2.3.4 to the split network. 

    Access point registration

    1. After being powered on the AP boots up ~45 seconds to complete.
    2. After boot, the AP connects to the DHCP server and obtains an IP address
    3. The AP connects to Magic IP of 1.2.3.4 on port 2712.
      • Traffic is sent to the APs default gateway.
      • If no response from Firewall the AP reboots and the process starts over again.
    4. The AP appears on the GUI of the Sophos Firewall in the Pending list.
      • The AP will reboot until accepted by administrator
    5. The administrator manually accepts AP and assigns networks.
    6. AP moves into the Inactive list.
      • If the firewall's AP firmware is newer than firmware on AP it pushes new firmware. The AP installs new firmware then reboots.
    7. Configuration settings transferred from the firewall to the AP
    8. The AP moves into the Active list.

    Thanks,

  • Hi Alex,

    2 things can be an issue here.

    First is the RED deployment mode. Which one do you use, unified or one of the split modes? If one of the split modes is used you will either have a host object with IP "1.2.3.4" to be included in the "Split Networks"-list or you will need to have a DHCP Option "234 - AP Magic IP" be active and set to an IP-address of the UTM (e.g. the RED interface's IP).

    Second is the Wireless Protection tab. There you will have to set the RED interface as an "Allowed Interface" under "Global Settings".

     

    For a RED20 I would recommend using the internal module slot for WLAN if that slot isn't already in-use for a 3G/4G module.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • kerobra said:
    Second is the Wireless Protection tab. There you will have to set the RED interface as an "Allowed Interface" under "Global Settings".

    Ah, Thank You very much. I think, I have missed this one out. Will try that after my vacation in 3 weeks. But I am pretty sure that this one will resolve my issues.

    kerobra said:
    For a RED20 I would recommend using the internal module slot for WLAN if that slot isn't already in-use for a 3G/4G module.

    For cost reasons I had to go for an APX instead of the internal module. The WiFi Module was more than double as price. The same for the 4G connection. HUAWEI Stick was about 40€ and the Module was >300€

    Thank you very much for your help. I will answer again after returning from vacation.

    Viele Grüße / Best regards

    Alex