Layer 3 Adoption/Provisioning Issues
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-13-2019 01:11 AM
Hi All. I have purchased some additional AP's for a client (r310's). They will be using these at a remote location.
I am setting these up at my office temporarily before deploying them, so they are in the same sort of layer 3 setup as they will be when deployed, however I am having some issue getting them provisioned.
At the moment, they show up in the zone director and I can adopt them, however they get stuck in a provisioning/disconnected loop.
The main site (where the zone director is located) has a bit of a crappy setup in the fact it has a double nat. There is a small DSL router sat on the end of the Internet connection and then a smoothwall firewall/webfilter with the zone director sat behind that. I have ports 12222-12223 and 11443 (secure upgrades) forwarded on both firewalls, and as mentioned the AP's show in the ZD console, so the connectivity is working to some extent.
The logs on the AP's say such things as:
Failed to download avp port mapping
failed|control file download problem
Failed on processing Configuration Response Message
Im really stumped now and can only think the double NAT is the issue, any suggestions?
I am setting these up at my office temporarily before deploying them, so they are in the same sort of layer 3 setup as they will be when deployed, however I am having some issue getting them provisioned.
At the moment, they show up in the zone director and I can adopt them, however they get stuck in a provisioning/disconnected loop.
The main site (where the zone director is located) has a bit of a crappy setup in the fact it has a double nat. There is a small DSL router sat on the end of the Internet connection and then a smoothwall firewall/webfilter with the zone director sat behind that. I have ports 12222-12223 and 11443 (secure upgrades) forwarded on both firewalls, and as mentioned the AP's show in the ZD console, so the connectivity is working to some extent.
The logs on the AP's say such things as:
Failed to download avp port mapping
failed|control file download problem
Failed on processing Configuration Response Message
Im really stumped now and can only think the double NAT is the issue, any suggestions?
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-13-2019 04:30 AM
I'm not 100% sure but in smartzone you had to tell the controller what it's outside ip was (which was subsequently used to tell the APs where to connect) I would guess you need something similar in ZD? Also, given that you have this setup in your lab, can you see the AP trying to reach any other port on the outside IP? Cheers.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-13-2019 08:46 AM
Hi, Ive not checked outgoing on my side, however i can see the incomming requests on the firewall at the other end and I can see the ports above being hit.
I had similar thoughts about the public IP, but i cant find anything in the ZD web interface to set it. Possibly a command line setting?
I had similar thoughts about the public IP, but i cant find anything in the ZD web interface to set it. Possibly a command line setting?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-13-2019 09:56 AM
Try also opening port 21. The download is happening over FTP, not LWAPP.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2019 12:44 AM
Hi Victor
I did have FTP open, however i was having issues with PASV ports due to the double NAT. I've since turned on secure upgrades, which uses a HTTPS port instead (11443). Before i turned this on (and with FTP on), i couldnt even adopt the points.
I did have FTP open, however i was having issues with PASV ports due to the double NAT. I've since turned on secure upgrades, which uses a HTTPS port instead (11443). Before i turned this on (and with FTP on), i couldnt even adopt the points.
