Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 6118 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can UTM9 manage Wireless AP at a remote site?

Glenn Tetlow
We are investigating the Sophos UTM9 Wireless Protection.
We have it running at our main office on the local subnet and all is working well.
One questions I have is this.  If we put a Sophos Wireless AP into one of our remote sites which are connected via our WAN, can we still manage this Remote site AP via our Main office UTM or do we need to put in a RED at the remote site to be able to manage this AP?


This thread was automatically locked due to age.
  • 0
    Hi, Glenn, and welcome to the User BB!

    Is this a VPN connection between the two offices?  What device is at the other end of the tunnel at the remote site?

    Cheers - Bob
    PS When asking a question, please remember always to give the exact version you're on - 9.006005?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    We have a managed Wan service between each site so no VPN required.
    We are running version 9.006-5

    Glenn Tetlow

    ICT Lead

    Central Otago District Council

  • 0
    So, you're saying that the internal IPs at the other site are defined in the UTM as a local network on the managed-wan interface of the UTM?  Does all of their traffic to the Internet transit your UTM in the main office?

    The only trick is that messages to IP 1.2.3.4 must reach the UTM in order for it to manage a Sophos Wireless AP.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hey Bob,

    Where's that documented out of curiosity?
  • 0 in reply to TheDrew
    It's not, I believe.  Found out about it here [:)]

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    Hi, that's only for the initial setup, right? 
    Or is it needed during firmware upgrades too?

    Barry
  • 0
    By gosh, Barry - you taught me something again!

    I checked our 8.309 with AP 10.  Network usage shows no traffic to 1.2.3.4 today, and I've been working via the AP for several hours.  It does show 44.7kB of AOCP traffic over the last week when we had a brief power glitch that caused it to rebooot

    I bet it just needs that when it reboots so that it can negotiate a mini-RED-type tunnel with a local UTM; I think it doesn't request firmware upgrades, rather that those are pushed to it.

    Can anyone add to/correct that?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Well, if it does it on reboot, then I guess the answer for Glenn is that it won't work without a UTM or RED at the remote location, right?

    Unless he can static-route the 1.2.3.4 traffic back to the remote UTM.

    Barry
  • 0
    I agree, Barry - either a VPN or a RED if his "managed WAN service" can't route 1.2.3.4 to the UTM.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I believe that the AP only tries to contact 1.2.3.4 if it has not been provisioned yet (a discovery process) or if it loses contact with its managing UTM for a prolonged period of time.  In normal operation, it communicates with the UTM over whatever IP the UTM has on the subnet it reaches it on.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Unfiltered HTML