Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 375 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Central WiFi Domain Wildcard issue in 18.5 MR4 - wifi-cloudstation-eu-central-1.prod.hydra.sophos.com

LHerzog

After upgrading one XGS and XG from 18.5 MR3 to MR4 we have issues with our Sophos Central managed APX Accesspoints showing as offline in Central after between 30 and 60 minutes after the upgrade of the Firewall.

See: https://community.sophos.com/sophos-xg-firewall/f/discussions/134965/sophos-firewall-v18-5-mr4-feedback-and-experiences/499608#499608

I identified the following issue:

The APs have a firewall rule allowing them to connect to Sophos Central Domains including HTTPS. No Webfiltering is enabled on the FW Rule.

They connect to wifi-cloudstation-eu-central-1.prod.hydra.sophos.com

In the firewall rule we have multiple Sophos Wildcard * DST FQDN.

The *prod.hydra.sophos.com FQDN Host we have already in the rule should match the destination IP but does not.

The * FQDN resolves correctly on XG/S:

But the traffic created by the APs does not hit the rule and drops at our drop+log rule.

We need to workaround and create a new FQDN host for wifi-cloudstation-eu-central-1.prod.hydra.sophos.com and add that to the same firewall rule and then it works. The new FQDN host resolves the same three IPs that are already resolved by the wildcard FQDN.

I can see the traffic in the TLS DPI log.



Edited TAGs
[edited by: Erick Jan at 2:52 AM (GMT -8) on 15 Nov 2022]
  • 0

    Check the advanced view in Logviewer and correlate the logs. If this stops, seems like the DNS Cache flush after some time. 

  • 0 in reply to LuCar Toni

    hm, on a 3rd XGS cluster had the same issue but changing. APs (no APX but AP55c) were online in Central but I can see that over the time some requests of them to go to wifi-cloudstation-eu-central-1.prod.hydra.sophos.com skippd the firewall rule and got into block rule.

    That's also the same the adv. Viewer shows.

    I always ask myself why Sophos does not have their own stuff working on their devices 100% out-of-the-box.

  • 0 in reply to LHerzog

    I checked the same setup with my XGS and my APXs but i am running V19.0 and not MR4. So it is hard for me to reproduce this issue. 

    Wondering: Why did you decide to move to V18.5 MR4 and not V19.0? 

    You should open a case as well, if you can reproduce this behavior as well.