Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 29 subscribers
  • Views 692 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG330 HA | Wireless APs not working during failover

Angelo Orlando1

Sophos XG330 rev1 | Firmware 18.0.5 MR4 (same with previous versions)

In failover mode,so  when the slave firewall becomes active,  all the wireless AP connected stop working (we have 26) and dnt work till

the failed primary becomes in his original role.

All the other services provided by the firewall work properly (endpoint connectivity to internet and publishing) in internet



This thread was automatically locked due to age.
Parents
  • 0

    the AP should start rebooting in a loop.

    Do the AP get their original IP? Is the AP pingable?

    (possible the Switch where the secondary XG is connected to is missing some VLAN's? )


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Yes the AP start rebooting in a loop but then the slave becomes the master ... all wifi access points stop to work , they cant reach the firewall.

    No VLANs.

    Angelo Orlando | Global IT Project Coordinator | Sharbatly Fruit KSA

  • 0 in reply to Angelo Orlando1

    Are Clients and AP's placed within the same Subnet/switch?

    AP's use the same switch as your LAN-Clients .. and these clients are able to work?

    Do the AP get their original IP? Is the AP pingable?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    The APs receive the ip address from the main DHCP Server under the same VLAN Default network.

    APs, DHCP Server and Firewall are under the same VLAN.

    The APs are distributed under many departmental switches and connected to ports under the default vlan of the lan

    Angelo Orlando | Global IT Project Coordinator | Sharbatly Fruit KSA

  • 0 in reply to Angelo Orlando1

    You do not bridge your VLAN via firewall interfaces ...?

    As "APs, DHCP server and firewall are under the same VLAN." Do the APs get their original IP when restarting and can they be pinged from your LAN / VLAN?
    ... also from the firewall?

    The question is ... everything works (also AP-DHCP) ... except the AP registration with XG?

    Next would be a packet capture to check packets coming from and going to one of the APs.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • 0 in reply to Angelo Orlando1

    You do not bridge your VLAN via firewall interfaces ...?

    As "APs, DHCP server and firewall are under the same VLAN." Do the APs get their original IP when restarting and can they be pinged from your LAN / VLAN?
    ... also from the firewall?

    The question is ... everything works (also AP-DHCP) ... except the AP registration with XG?

    Next would be a packet capture to check packets coming from and going to one of the APs.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
  • 0 in reply to dirkkotte

    Confirmed. Everything works except the AP registration with XG.

    We are in this situation since the beggining (2-3 years ago)..after all the firmware updated occured.

    No errors in the logs of both the firewall.

    Sophos supports told us to break the HA and recreate it again because maybe there is a problem in the syncronization.

    But if there is a problem in the syncronization why not having any error in the logs?!

    Angelo Orlando | Global IT Project Coordinator | Sharbatly Fruit KSA

  • 0 in reply to Angelo Orlando1

    Recreating the HA may be a simple way to solve the problem.

    After breaking HA, i would completely reinstall the slave. (possible there are some corrupt WiFi - Process files)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Another alternative is to move the AP management to central and that should stop the issue with the APs. The APs should not notice a change in XG in a HA situation, it is supposed to be an almost transparent fail over.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    We are considering the alternative to move all our WiFi Access Point under a different Sophos Firewall like a XG135

    definining in the DHCP an different configuration, for default gateway, for ALL the APs by mac-address

    Angelo Orlando | Global IT Project Coordinator | Sharbatly Fruit KSA

Cookie Information Banner