Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 29 subscribers
  • Views 672 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG330 HA | Wireless APs not working during failover

Angelo Orlando1

Sophos XG330 rev1 | Firmware 18.0.5 MR4 (same with previous versions)

In failover mode,so  when the slave firewall becomes active,  all the wireless AP connected stop working (we have 26) and dnt work till

the failed primary becomes in his original role.

All the other services provided by the firewall work properly (endpoint connectivity to internet and publishing) in internet



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to dirkkotte

    The APs receive the ip address from the main DHCP Server under the same VLAN Default network.

    APs, DHCP Server and Firewall are under the same VLAN.

    The APs are distributed under many departmental switches and connected to ports under the default vlan of the lan

  • 0 in reply to Angelo Orlando1

    You do not bridge your VLAN via firewall interfaces ...?

    As "APs, DHCP server and firewall are under the same VLAN." Do the APs get their original IP when restarting and can they be pinged from your LAN / VLAN?
    ... also from the firewall?

    The question is ... everything works (also AP-DHCP) ... except the AP registration with XG?

    Next would be a packet capture to check packets coming from and going to one of the APs.

  • 0 in reply to dirkkotte

    Confirmed. Everything works except the AP registration with XG.

    We are in this situation since the beggining (2-3 years ago)..after all the firmware updated occured.

    No errors in the logs of both the firewall.

    Sophos supports told us to break the HA and recreate it again because maybe there is a problem in the syncronization.

    But if there is a problem in the syncronization why not having any error in the logs?!

  • 0 in reply to Angelo Orlando1

    Recreating the HA may be a simple way to solve the problem.

    After breaking HA, i would completely reinstall the slave. (possible there are some corrupt WiFi - Process files)

  • 0 in reply to dirkkotte

    Another alternative is to move the AP management to central and that should stop the issue with the APs. The APs should not notice a change in XG in a HA situation, it is supposed to be an almost transparent fail over.

    Ian

  • 0 in reply to rfcat_vk

    We are considering the alternative to move all our WiFi Access Point under a different Sophos Firewall like a XG135

    definining in the DHCP an different configuration, for default gateway, for ALL the APs by mac-address