Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1304 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.309] Accespoint behind IPSEC on other Site: no DHCP for Clients

Potsdam
Hello, 

we have a central UTM on Sit A with fullguard managing all Accespoints. 
On the internal interface of this UTM are 5 AP - there is all OK.

On another site B (UTM with network subscription and IPSEC to ) are 4 accespoints. AP registration traffic to 1.2.3.4 is forwarded per DNAT to UTM @ Site A.

before Upgrade of central UTM on site a from 9.2x to 9.309 everything was fine.

Now Clients can connect to accespoint on Site B - but they get no IP-Adress per DHCP. (On Site A it works)

(on Site B i added UDP 8472 to my packetfilterrules to pass traffic of the Accespoints to Site A - this is new in 9.3x)

In dhcp.log on Site A i can see only : 
... dhcpd: DHCPOFFER on 172.x.y.z to aa:aa:bb:bb:cc:cc (name) via wlan0

in Packfilterlogs on Site A and B i cant detect relevant things.

Has anyone an idea where to search?
Thanks


This thread was automatically locked due to age.
  • 0
    Does #1 in Rulz give you any clues?  I would look at both UTMs.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Whenever something seems strange, always check the Intrusion Prevention, Application Control and Firewall logs. If 'Advanced Threat Protection' on the Dashboard is not zero, check that log also.


    Done - no entrys 

    this was my 1. step [H]

    in the logs i detected yesterday that AP-Traffic now runs over UDP 8472 to the central UTM. a paketfilterrule on Site B is established.
Unfiltered HTML