Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 29 subscribers
  • Views 1055 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[SOPHOS AP55C ] Unable to migrate Sophos AP55C from Sophos XG105 to Sophos Central Wireless

RaphaelleB

 Hello,

Since the management of AP WIFI on Sophos Central is free, we migrate the APs of our customers on Sophos Central Wireless.

I'm writing to you because we have a problem with the migration of a WIFI AP on a Sophos XG to Sophos Central WIFI.

Our customer has a Sophos AP55C WIFI for 2 years, I tried to perform the following manipulations:

1 - Update of the Model AP Firmware on its last version (11.0.018)

2 - Creation of the SSID on Sophos Central

3 - Creation of the firewall rule to let all the flows from the AP WIFI to the WAN pass without IPS...

5- Removal of the terminal on the Sophos XG105 (version SFOS 17.5.9 MR-9)

6- Add the terminal on Sophos Central WIFI with its serial number

Unfortunately, this did not work, although I have done this for other customers with no problems on APs of the same range (AP55C / Sophos XG105 (with low firmeware than it))

Is someone have the same problem ?

Regards,

Raphaëlle B



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to rfcat_vk

    Hello,

    Thanks for your reply.

    I have unchecked the NAT Masquering on the firewall rule like you said.

    I have re tried the attribution but it's already weird.

    I have check the Policy tests : 

    prod.hydra.sophos.com and apu.sophos.com doesn't work but i throught it's normal.

    Weird things: 

    The AP communicate only with DNS i don't know if its weird too ? I think, it's only because it wait to be assigned.

    Regards,

    Raphaelle B

Children
  • 0 in reply to RaphaelleB

    in the new test-firewall rule AP to WAN ANY Service, please enable logging and put it on top of your ruleset.

    Also as mentioned, check TLS and Webfilter Log.

  • 0 in reply to LHerzog

    Hello,

    The rule is already on the top of ruleset.

    Sorry but i have checked HTTPS scan and Web policy (Allow all) on firewall rule + check log firewall traffic : 

    But i don't know how to show TLS and Webfilter log. I looked at logs viewers but there is no logs after a retry of adding the AP to Sophos Cloud : 

    Regards,

    Raphaelle B

  • 0 in reply to RaphaelleB

    You can switch to the Advanced View in Logviewer (on the mid the blue icon) and check for the entire logs. Then check for your IP. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hello,

    Here, you can find the advanced logs : 

    messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.8.8" dst_country="USA" protocol="UDP" src_port="51131" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="67" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="2196261912" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.8.8" dst_country="USA" protocol="UDP" src_port="54806" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="68" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="3649773912" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.8.8" dst_country="USA" protocol="UDP" src_port="48452" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="67" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="3649778384" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.4.4" dst_country="USA" protocol="UDP" src_port="38374" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="68" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="3649777696" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="60020" log_type="Event" log_component="DHCP Server" log_subtype="System" status="Renew" leased_ip="192.168.1.11" src_mac="00:1a:8c:b6:98:8e" client_host_name="" message="Lease IP 192.168.1.11 renewed for MAC 00:1a:8c:b6:98:8e" raw_data="192.168.1.11 Mon 28 Mar 11:35:54 2022 Tue 29 Mar 11:35:54 2022 00:1a:8c:b6:98:8e AP55C-XXXX"

    Regards,

    Raphaelle

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?