Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 29 subscribers
  • Views 1042 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[SOPHOS AP55C ] Unable to migrate Sophos AP55C from Sophos XG105 to Sophos Central Wireless

RaphaelleB

 Hello,

Since the management of AP WIFI on Sophos Central is free, we migrate the APs of our customers on Sophos Central Wireless.

I'm writing to you because we have a problem with the migration of a WIFI AP on a Sophos XG to Sophos Central WIFI.

Our customer has a Sophos AP55C WIFI for 2 years, I tried to perform the following manipulations:

1 - Update of the Model AP Firmware on its last version (11.0.018)

2 - Creation of the SSID on Sophos Central

3 - Creation of the firewall rule to let all the flows from the AP WIFI to the WAN pass without IPS...

5- Removal of the terminal on the Sophos XG105 (version SFOS 17.5.9 MR-9)

6- Add the terminal on Sophos Central WIFI with its serial number

Unfortunately, this did not work, although I have done this for other customers with no problems on APs of the same range (AP55C / Sophos XG105 (with low firmeware than it))

Is someone have the same problem ?

Regards,

Raphaëlle B



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community

    Make sure you are disabling the Wireless module from the XG

    (System >> Administration >> Device Access. And Disable all of the Wireless Protection for all of the Zones)

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hello,

    Thank you for your help !

    I have disable Wireless Protection for all zones but it still doesn't work.

    I thought it could have been the router but there is no router between the firewall and the provider. It is the firewall that acts as the router.

    Regards,

    Raphaelle B

  • 0 in reply to emmosophos

    Hello,

    I have disabled Wireless protection on Global Settings + Device access

    But it still dosn't work :/

    Regards,

    Raphaelle B

  • 0 in reply to LHerzog

    Hello,

    Thanks for your reply.

    It's on XG yes. He is the DHCP server and my AP received an IP : 

    The AP works fine when i add it on XG.

    I have read your post and add an firewall rule that allow all services for the AP : 

    But it still doesn't work too :/ 

    Regards,

    Raphaelle B

  • 0 in reply to RaphaelleB

    Hi,

    you don't need a NAT.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Please confirm, the logs I mentioned do not show any blocks for the Source IP.

  • 0 in reply to rfcat_vk

    Hello,

    Thanks for your reply.

    I have unchecked the NAT Masquering on the firewall rule like you said.

    I have re tried the attribution but it's already weird.

    I have check the Policy tests : 

    prod.hydra.sophos.com and apu.sophos.com doesn't work but i throught it's normal.

    Weird things: 

    The AP communicate only with DNS i don't know if its weird too ? I think, it's only because it wait to be assigned.

    Regards,

    Raphaelle B

  • 0 in reply to LHerzog

    Hello, 

    Here you are in my last post.

    Regards,

    Raphaëlle

  • 0 in reply to RaphaelleB

    in the new test-firewall rule AP to WAN ANY Service, please enable logging and put it on top of your ruleset.

    Also as mentioned, check TLS and Webfilter Log.

  • 0 in reply to LHerzog

    Hello,

    The rule is already on the top of ruleset.

    Sorry but i have checked HTTPS scan and Web policy (Allow all) on firewall rule + check log firewall traffic : 

    But i don't know how to show TLS and Webfilter log. I looked at logs viewers but there is no logs after a retry of adding the AP to Sophos Cloud : 

    Regards,

    Raphaelle B

  • 0 in reply to RaphaelleB

    You can switch to the Advanced View in Logviewer (on the mid the blue icon) and check for the entire logs. Then check for your IP. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hello,

    Here, you can find the advanced logs : 

    messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.8.8" dst_country="USA" protocol="UDP" src_port="51131" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="67" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="2196261912" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.8.8" dst_country="USA" protocol="UDP" src_port="54806" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="68" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="3649773912" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.8.8" dst_country="USA" protocol="UDP" src_port="48452" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="67" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="3649778384" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.4.4" dst_country="USA" protocol="UDP" src_port="38374" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="68" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="3649777696" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="60020" log_type="Event" log_component="DHCP Server" log_subtype="System" status="Renew" leased_ip="192.168.1.11" src_mac="00:1a:8c:b6:98:8e" client_host_name="" message="Lease IP 192.168.1.11 renewed for MAC 00:1a:8c:b6:98:8e" raw_data="192.168.1.11 Mon 28 Mar 11:35:54 2022 Tue 29 Mar 11:35:54 2022 00:1a:8c:b6:98:8e AP55C-XXXX"

    Regards,

    Raphaelle

Reply
  • 0 in reply to LuCar Toni

    Hello,

    Here, you can find the advanced logs : 

    messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.8.8" dst_country="USA" protocol="UDP" src_port="51131" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="67" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="2196261912" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.8.8" dst_country="USA" protocol="UDP" src_port="54806" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="68" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="3649773912" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.8.8" dst_country="USA" protocol="UDP" src_port="48452" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="67" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="3649778384" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="30" fw_rule_id="5" policy_type="1" user="" user_group="" web_policy_id="1" ips_policy_id="0" appfilter_policy_id="0" app_name="DNS" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="Port1" out_interface="Port4_ppp" src_mac="00:00:00:00:00:00" src_ip="192.168.1.11" src_country="R1" dst_ip="8.8.4.4" dst_country="USA" protocol="UDP" src_port="38374" dst_port="53" packets_sent="1" packets_received="0" bytes_sent="68" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="LAN" src_zone="LAN" dst_zone_type="WAN" dst_zone="WAN" con_direction="" con_event="Stop" con_id="3649777696" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"
messageid="60020" log_type="Event" log_component="DHCP Server" log_subtype="System" status="Renew" leased_ip="192.168.1.11" src_mac="00:1a:8c:b6:98:8e" client_host_name="" message="Lease IP 192.168.1.11 renewed for MAC 00:1a:8c:b6:98:8e" raw_data="192.168.1.11 Mon 28 Mar 11:35:54 2022 Tue 29 Mar 11:35:54 2022 00:1a:8c:b6:98:8e AP55C-XXXX"

    Regards,

    Raphaelle

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?