Sophos Central (Cloud): Wireless in the cloud

Sophos will soon provide “Wireless in the Cloud”, which means you can use Sophos Accesspoints: https://www.sophos.com/en-us/products/secure-wifi.aspx, with the Cloud, instead of only using Sophos UTM.

For now, only the “new” AP models are supported (AP55(C)/AP100(C,X)/AP15)

This is great if you have many company sites and you are not using UTM in your environment, and you just want to send out an access point to a branch office, and make them connect the access point to their company switch. No need to config by web interface.

So how does it work?

  1. make sure you have a Sophos Wireless Subscription in place (valid end of june 2016)
  2. Login to Sophos Central and click Wireless and add you accesspoint:

  3. Enter your AP’s serial number under the Step3 and press register – the register will run for 5 minutes, before it times out

  4. Wait for your accesspoint to get it’s new cloud firmware, as you can see abobe, the LED will have different blink codes, as it did with the UTM. So when the AP LED is constantly green, it’s working.
  5. After this, you can go into the “SSID” and add your network and assign them to the different accesspoints.

  6. You can also create “Sites”, so itøs easier to see, where in the world, you AP’s are located.
  7. Thats it! you’re done 🙂

IMPORATANT: The AP’s delivered from Sophos today, are only UTM compatible, and not cloud (But they will in the future) – to use Ap’s you already have, you must first let them get a recent firmware (from >= UTM9.4), then you have to delete them from the UTM again afterwards.

After reboot and when they are not linked to the UTM, they try to contact both Cloud and UTM at the same time.

Please make sure they can reach the Internet via Port 443 (HTTPS), and that there is no httproxy hijacking the connection, as they need to have direct access to the Internet.

Back to the UTM:

If you want to get the Ap back to be serviced by the UTM, and it already got in the “pending” state before, it will not work just to accept it again, if so, you will see this in the “live log” for Wireless:

2016:05:20-11:37:45 fw02 awed[4127]: [MASTER] new connection from 192.168.110.252:35129
2016:05:20-11:37:45 fw02 awed[4649]: [A12121212121212] AP15 from 192.168.110.252:35129 identified as A12121212121212
2016:05:20-11:37:45 fw02 awed[4649]: [A12121212121212] (Re-)loaded identity and/or configuration
2016:05:20-11:37:45 fw02 awed[4649]: [A12121212121212] device sends DEV2ASG_INITIALCONTACT twice, dropping.
2016:05:20-11:37:50 fw02 awed[4127]: [MASTER] new connection from 192.168.110.252:35131
2016:05:20-11:37:50 fw02 awed[4673]: [A12121212121212] AP15 from 192.168.110.252:35131 identified as A12121212121212
2016:05:20-11:37:50 fw02 awed[4673]: [A12121212121212] (Re-)loaded identity and/or configuration
2016:05:20-11:37:50 fw02 awed[4673]: [A12121212121212] device sends DEV2ASG_INITIALCONTACT twice, dropping.
2016:05:20-11:37:55 fw02 awed[4127]: [MASTER] new connection from 192.168.110.252:35133
2016:05:20-11:37:55 fw02 awed[4683]: [A12121212121212] AP15 from 192.168.110.252:35133 identified as A12121212121212
2016:05:20-11:37:55 fw02 awed[4683]: [A12121212121212] (Re-)loaded identity and/or configuration
2016:05:20-11:37:55 fw02 awed[4683]: [A12121212121212] device sends DEV2ASG_INITIALCONTACT twice, dropping.
2016:05:20-11:38:00 fw02 awed[4127]: [MASTER] new connection from 192.168.110.252:35135
2016:05:20-11:38:01 fw02 awed[4694]: [A12121212121212] AP15 from 192.168.110.252:35135 identified as A12121212121212
2016:05:20-11:38:01 fw02 awed[4694]: [A12121212121212] (Re-)loaded identity and/or configuration
2016:05:20-11:38:01 fw02 awed[4694]: [A12121212121212] device sends DEV2ASG_INITIALCONTACT twice, dropping.

To fix this, just delete the accesspoint from the UTM again, and wait for it to be pending again, accept it, and it will be reflashed with UTm wifi firmware, thus removing the cloud firmware 🙂

Hope this helps 🙂

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close