Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 4725 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AP10 behind RED

mikkeland
Hi,

Having some issues with an AP10 behind a RED.
RED setup

  • Uplink mode: Client
  • Operation mode: Standard/unified
  • Branch office internet connection is 6 MBit ADSL with dynamic IP address
  • RED interface has been added to "Allowed wireless interfaces"

AP details

  • AP has been approved from "Pending access points"
  • AP is listed as Inactive with an unknown MAC address
  • AP is attached directly to the RED (nearest switch has been tried as well)
  • AP responds to PING, but intermittently 1-5 packets are lost (no packet loss to other hosts on subnet)
  • A single Wireless network has been attached to the AP

Wireless log shows  
2014:03:21-15:01:25 firewall-1 awed[25301]: [MASTER] new connection from 10.18.1.105:3831

2014:03:21-15:01:25 firewall-1 awed[2816]: [AP10 A4001121CFA1A52] AP10 from 10.18.1.105:3831 identified as A4001121CFA1A52

2014:03:21-15:01:25 firewall-1 awed[2816]: [AP10 A4001121CFA1A52] (Re-)loaded identity and/or configuration

2014:03:21-15:01:28 firewall-1 awed[2778]: [AP10 A4001121CFA1A52] failed to send /etc/wireless/firmware/AP10.uimage to device, dropping.

2014:03:21-15:02:14 firewall-1 awed[25301]: [MASTER] new connection from 10.18.1.105:3832

2014:03:21-15:02:14 firewall-1 awed[2913]: [AP10 A4001121CFA1A52] AP10 from 10.18.1.105:3832 identified as A4001121CFA1A52

2014:03:21-15:02:14 firewall-1 awed[2913]: [AP10 A4001121CFA1A52] (Re-)loaded identity and/or configuration

2014:03:21-15:02:17 firewall-1 awed[2816]: [AP10 A4001121CFA1A52] failed to send /etc/wireless/firmware/AP10.uimage to device, dropping.

RED log shows 

2014:03:21-15:02:13 firewall-1 red_server[26955]: A32008F8FF515E1: PONG local_tx=47018

2014:03:21-15:02:14 firewall-1 redctl[2914]: 10.18.1.105 =

2014:03:21-15:02:14 firewall-1 redctl[2914]: 10.18.1.105

2014:03:21-15:02:29 firewall-1 red_server[26955]: A32008F8FF515E1: command 'PING 50619 uplink=WAN'


There are no relevant entries in the Firewall log

The AP has been power cycled multiple times
Wireless protection has been disabled/enabled on the UTM220

please advise what to do

Sincerely
Mikkel


This thread was automatically locked due to age.
  • 0
    There are no relevant entries in the Firewall log

    Are you sure you don't have a firewall rule that silently drops some packets?  "failed to send /etc/wireless/firmware/AP10.uimage" isn't an issue that's ever been reported here before. 

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Are you sure you don't have a firewall rule that silently drops some packets?  "failed to send /etc/wireless/firmware/AP10.uimage" isn't an issue that's ever been reported here before. 

    Cheers - Bob


    Hi,

    I've just gone through the firewall rules and moved it around so that 
    [LIST=1]
    • rule number 1 allows ALL traffic from RED branch office to main office 
    • rule number 2 allows ALL traffic from main office to RED branch office 
    [/LIST]

    Furthermore I discovered som ICMP denies from the AP, and have subesquently allowed ICMP  
    Default DROP	ICMP	10.18.1.105	→	10.18.1.1	len=128	ttl=64	tos=0x00	srcmac=0:1a:8c[:D]eleted	dstmac=0:e:69[:D]eleted

    10.18.1.105 = AP10
    10.18.1.1 = RED interface on UTM
    The errors in the wireless protection log remains the same :-/

    /Mikkel
  • 0
    Update:
    For different reasons I made a DHCP reservation for the AP, and it got the new address almost immediately. This would lead me to believe that the dropped ping packets from a boot loop.

    /M
  • 0
    Mikkel, have you resolved your issue?

    If not, please refer to #1 in https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065, and show any related lines.  For the Firewall logs, the Live Log contains less information, so you should always post here the corresponding line(s) from the full log file.

    Oh, and note that ping behavior is regulated on the 'ICMP' tab of 'Firewall'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Mikkel, have you resolved your issue?

    If not, please refer to #1 in http://www.astaro.org/gateway-products/general-discussion/49065-rulz.html, and show any related lines.  For the Firewall logs, the Live Log contains less information, so you should always post here the corresponding line(s) from the full log file.

    Oh, and note that ping behavior is regulated on the 'ICMP' tab of 'Firewall'.

    Cheers - Bob


    Hi,

    Intrusion Prevention and Application Control logs are both empty
    Wireless protection logs (not live) still just shows
    2014:03:25-00:02:30 firewall-1 redctl[17761]: 10.18.1.5 = 
    2014:03:25-00:02:30 firewall-1 redctl[17761]:   10.18.1.5
    2014:03:25-00:02:33 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 80204 uplink=WAN'
    2014:03:25-00:02:33 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=80204 local_rx=80211 diff=-7
    2014:03:25-00:02:33 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=57136
    2014:03:25-00:02:49 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 80977 uplink=WAN'
    2014:03:25-00:02:49 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=80977 local_rx=80983 diff=-6
    2014:03:25-00:02:49 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=57784
    2014:03:25-00:03:05 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 81746 uplink=WAN'
    2014:03:25-00:03:05 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=81746 local_rx=81749 diff=-3
    2014:03:25-00:03:05 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=58424
    2014:03:25-00:03:14 firewall-1 redctl[17771]: 10.18.1.5 = 
    2014:03:25-00:03:14 firewall-1 redctl[17771]:   10.18.1.5
    2014:03:25-00:03:21 firewall-1 red_server[5392]: SELF: (Re-)loading device configurations
    2014:03:25-00:03:22 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 82529 uplink=WAN'
    2014:03:25-00:03:22 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=82529 local_rx=82553 diff=-24
    2014:03:25-00:03:22 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=59103
    2014:03:25-00:03:22 firewall-1 red_server[5392]: SELF: (Re-)loading device configurations
    2014:03:25-00:03:38 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 83392 uplink=WAN'
    2014:03:25-00:03:38 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=83392 local_rx=83409 diff=-17
    2014:03:25-00:03:38 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=59771
    2014:03:25-00:03:54 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 84250 uplink=WAN'
    2014:03:25-00:03:54 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=84250 local_rx=84262 diff=-12
    2014:03:25-00:03:54 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=60352
    2014:03:25-00:04:03 firewall-1 redctl[18146]: 10.18.1.5 = 
    2014:03:25-00:04:03 firewall-1 redctl[18146]:   10.18.1.5

    RED logs show 
    2014:03:25-00:02:30 firewall-1 redctl[17761]: 10.18.1.5 = 

    2014:03:25-00:02:30 firewall-1 redctl[17761]:   10.18.1.5

    2014:03:25-00:02:33 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 80204 uplink=WAN'

    2014:03:25-00:02:33 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=80204 local_rx=80211 diff=-7

    2014:03:25-00:02:33 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=57136

    2014:03:25-00:02:49 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 80977 uplink=WAN'

    2014:03:25-00:02:49 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=80977 local_rx=80983 diff=-6

    2014:03:25-00:02:49 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=57784

    2014:03:25-00:03:05 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 81746 uplink=WAN'

    2014:03:25-00:03:05 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=81746 local_rx=81749 diff=-3

    2014:03:25-00:03:05 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=58424

    2014:03:25-00:03:14 firewall-1 redctl[17771]: 10.18.1.5 = 

    2014:03:25-00:03:14 firewall-1 redctl[17771]:   10.18.1.5

    2014:03:25-00:03:21 firewall-1 red_server[5392]: SELF: (Re-)loading device configurations

    2014:03:25-00:03:22 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 82529 uplink=WAN'

    2014:03:25-00:03:22 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=82529 local_rx=82553 diff=-24

    2014:03:25-00:03:22 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=59103

    2014:03:25-00:03:22 firewall-1 red_server[5392]: SELF: (Re-)loading device configurations

    2014:03:25-00:03:38 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 83392 uplink=WAN'

    2014:03:25-00:03:38 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=83392 local_rx=83409 diff=-17

    2014:03:25-00:03:38 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=59771

    2014:03:25-00:03:54 firewall-1 red_server[10876]: A32008F8FF515E1: command 'PING 84250 uplink=WAN'

    2014:03:25-00:03:54 firewall-1 red_server[10876]: A32008F8FF515E1: PING remote_tx=84250 local_rx=84262 diff=-12

    2014:03:25-00:03:54 firewall-1 red_server[10876]: A32008F8FF515E1: PONG local_tx=60352

    2014:03:25-00:04:03 firewall-1 redctl[18146]: 10.18.1.5 = 

    2014:03:25-00:04:03 firewall-1 redctl[18146]:   10.18.1.5


    So unfortunately no progress :-/

    /M
  • 0
    Oops! You posted the RED log twice.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Ooops - sorry about that.
    Wireless logs - still showing the same thing
    2014:03:25-00:04:03 firewall-1 awed[25301]: [MASTER] new connection from 10.18.1.5:3107
    2014:03:25-00:04:03 firewall-1 awed[18144]: [AP10 A4001121CFA1A52] AP10 from 10.18.1.5:3107 identified as A4001121CFA1A52
    2014:03:25-00:04:03 firewall-1 awed[18144]: [AP10 A4001121CFA1A52] (Re-)loaded identity and/or configuration
    2014:03:25-00:04:06 firewall-1 awed[17770]: [AP10 A4001121CFA1A52] failed to send /etc/wireless/firmware/AP10.uimage to device, dropping.
    2014:03:25-00:04:31 firewall-1 awed[25301]: [MASTER] new connection from 10.18.1.5:3104
    2014:03:25-00:04:32 firewall-1 awed[18177]: [AP10 A4001121CFA1A52] AP10 from 10.18.1.5:3104 identified as A4001121CFA1A52
    2014:03:25-00:04:32 firewall-1 awed[18177]: [AP10 A4001121CFA1A52] (Re-)loaded identity and/or configuration
    2014:03:25-00:04:34 firewall-1 awed[18144]: [AP10 A4001121CFA1A52] failed to send /etc/wireless/firmware/AP10.uimage to device, dropping.
    2014:03:25-00:05:05 firewall-1 awed[25301]: [MASTER] new connection from 10.18.1.5:3105
    2014:03:25-00:05:06 firewall-1 awed[18232]: [AP10 A4001121CFA1A52] AP10 from 10.18.1.5:3105 identified as A4001121CFA1A52
    2014:03:25-00:05:06 firewall-1 awed[18232]: [AP10 A4001121CFA1A52] (Re-)loaded identity and/or configuration
    2014:03:25-00:05:08 firewall-1 awed[18177]: [AP10 A4001121CFA1A52] failed to send /etc/wireless/firmware/AP10.uimage to device, dropping.
    2014:03:25-00:05:49 firewall-1 awed[25301]: [MASTER] new connection from 10.18.1.5:3106
    2014:03:25-00:05:49 firewall-1 awed[18302]: [AP10 A4001121CFA1A52] AP10 from 10.18.1.5:3106 identified as A4001121CFA1A52
    2014:03:25-00:05:49 firewall-1 awed[18302]: [AP10 A4001121CFA1A52] (Re-)loaded identity and/or configuration
    2014:03:25-00:05:52 firewall-1 awed[18232]: [AP10 A4001121CFA1A52] failed to send /etc/wireless/firmware/AP10.uimage to device, dropping.
    2014:03:25-00:06:38 firewall-1 awed[25301]: [MASTER] new connection from 10.18.1.5:3107
    2014:03:25-00:06:38 firewall-1 awed[18346]: [AP10 A4001121CFA1A52] AP10 from 10.18.1.5:3107 identified as A4001121CFA1A52
    2014:03:25-00:06:38 firewall-1 awed[18346]: [AP10 A4001121CFA1A52] (Re-)loaded identity and/or configuration
    2014:03:25-00:06:41 firewall-1 awed[18302]: [AP10 A4001121CFA1A52] failed to send /etc/wireless/firmware/AP10.uimage to device, dropping.
    2014:03:25-00:07:07 firewall-1 awed[25301]: [MASTER] new connection from 10.18.1.5:3104
    2014:03:25-00:07:07 firewall-1 awed[18352]: [AP10 A4001121CFA1A52] AP10 from 10.18.1.5:3104 identified as A4001121CFA1A52
    2014:03:25-00:07:07 firewall-1 awed[18352]: [AP10 A4001121CFA1A52] (Re-)loaded identity and/or configuration
    2014:03:25-00:07:10 firewall-1 awed[18346]: [AP10 A4001121CFA1A52] failed to send /etc/wireless/firmware/AP10.uimage to device, dropping.
    2014:03:25-00:07:41 firewall-1 awed[25301]: [MASTER] new connection from 10.18.1.5:3105
    2014:03:25-00:07:41 firewall-1 awed[18367]: [AP10 A4001121CFA1A52] AP10 from 10.18.1.5:3105 identified as A4001121CFA1A52
    2014:03:25-00:07:41 firewall-1 awed[18367]: [AP10 A4001121CFA1A52] (Re-)loaded identity and/or configuration
    2014:03:25-00:07:44 firewall-1 awed[18352]: [AP10 A4001121CFA1A52] failed to send /etc/wireless/firmware/AP10.uimage to device, dropping.
  • 0
    Is this a Cluster or two units in Hot-Standby?  What happens if you force a failover?
    ha_daemon -c takeover

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Single UTM - no cluster of any kind
  • 0
    Well, the only thing left before asking Sophos to replace it is: How to recover a Sophos RED device / Sophos Access Point.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML