Sophos XG330 HA | Wireless APs not working during failover

the AP should start rebooting in a loop.

Do the AP get their original IP? Is the AP pingable?

(possible the Switch where the secondary XG is connected to is missing some VLAN's? )

Yes the AP start rebooting in a loop but then the slave becomes the master ... all wifi access points stop to work , they cant reach the firewall.

No VLANs.

Are Clients and AP's placed within the same Subnet/switch?

AP's use the same switch as your LAN-Clients .. and these clients are able to work?

Do the AP get their original IP? Is the AP pingable?

The APs receive the ip address from the main DHCP Server under the same VLAN Default network.

APs, DHCP Server and Firewall are under the same VLAN.

The APs are distributed under many departmental switches and connected to ports under the default vlan of the lan

You do not bridge your VLAN via firewall interfaces ...?

As "APs, DHCP server and firewall are under the same VLAN." Do the APs get their original IP when restarting and can they be pinged from your LAN / VLAN?
... also from the firewall?

The question is ... everything works (also AP-DHCP) ... except the AP registration with XG?

Next would be a packet capture to check packets coming from and going to one of the APs.

You do not bridge your VLAN via firewall interfaces ...?

As "APs, DHCP server and firewall are under the same VLAN." Do the APs get their original IP when restarting and can they be pinged from your LAN / VLAN?
... also from the firewall?

The question is ... everything works (also AP-DHCP) ... except the AP registration with XG?

Next would be a packet capture to check packets coming from and going to one of the APs.

Confirmed. Everything works except the AP registration with XG.

We are in this situation since the beggining (2-3 years ago)..after all the firmware updated occured.

No errors in the logs of both the firewall.

Sophos supports told us to break the HA and recreate it again because maybe there is a problem in the syncronization.

But if there is a problem in the syncronization why not having any error in the logs?!

Recreating the HA may be a simple way to solve the problem.

After breaking HA, i would completely reinstall the slave. (possible there are some corrupt WiFi - Process files)

Another alternative is to move the AP management to central and that should stop the issue with the APs. The APs should not notice a change in XG in a HA situation, it is supposed to be an almost transparent fail over.

Ian

We are considering the alternative to move all our WiFi Access Point under a different Sophos Firewall like a XG135

definining in the DHCP an different configuration, for default gateway, for ALL the APs by mac-address