Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 6838 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't log in

jamesharper

We are in the middle of deploying a new A/P HA XG setup and first the AP wouldn't connect. tcpdump shows it trying to get a DHCP lease but Sophos isn't responding.

After rebooting both Sophos units, we now cannot log in. The web GUI shows the login screen, but we just get access denied when trying to log in. Same with SSH.

We have connected a serial cable but can't get anything out of it.

LAN -> WAN traffic appears to be working.

LAN -> LAN traffic is not working.

Any ideas? This is somewhat embarrassing.

thanks

James



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    The serial issue was a bad cable. The engineer onsite was using one from his kit, not the one that shipped with Sophos. Once he used that the serial connection worked fine.

    It is a HA setup, and the aux unit appears to not have sync'd properly to the primary, so on reboot when the aux became primary it sync'd its corrupted config with the other unit and both were corrupt. Once I got the serial cable connected I was able to reset the password, and redo the configuration changes that had been lost. This sort of thing makes me nervous about the other setups I have out there - there were no errors about any sync failures, but when the HA units swapped it was like it went back in time - missing firewall rules, DNS request routing was missing, and the password was lost.

    The AP issue was strange. It would appear as a pending device, but then would never come online once it was accepted. The AP is an AP55C, but when I edited the config it only allowed configuration for 2.4Ghz radio, even though the AP55C has 2.4Ghz and 5Ghz. Normally the AP will boot up on the default VLAN 1, get its config from the Sophos, then come up on the management VLAN. This wasn't happening - it stayed on the default VLAN and kept trying to get an IP address. To fix it, I took the AP out of the group and left it on the default VLAN. It then showed up correctly with 2.4Ghz and 5Ghz radio, and I could then put it in the group and it worked as expected. I'm wondering if this was old stock with old firmware on it or something that couldn't handle my VLAN configuration properly, and had to come online and get the new firmware before it would work. I've set these up this way many times and never had a problem.

    I wish the logfiles were more like SG - i could find my way around those easily. The logfiles in XG are cryptic and I find it hard to get anything useful out of them, especially with HA and AP.

    James

  • 0 in reply to jamesharper

    Hi James,

    We are working on improving the log file information in upcoming versions. If you ever need my help to look into the log files please feel free to reach me.

    Thanks