Header Only - DO NOT REMOVE - Extreme Networks

ezcloudx can't connect to 3935i behind fw/nat


I have 3935i AP behind firewall using NAT ip which it get's from fw using firewall. When firewall rules where tightened Ezcloudx lost access to AP and AP blinks it's leds very often. I need firewall hosts/ports which to open in order to get it work. Any tips?

5 replies

Userlevel 1
Hi, Mikael.

Are you following the Networks Requirements, which includes: "HTTPS traffic must be allowed through your firewall on port 443 for ExtremeCloud-managed APs
and switches to connect to ExtremeCloud and receive their configuration, software updates and
send analytics."

This info is located in the ExtremeCloud Information Center and QRG at http://www.extremenetworks.com/support/documentation/

Hope this helps. If not, you might want to contact Extreme's GTAC team at http://support.extremenetworks.com/

Jonquil Williams
Extreme Networks
Lead Technical Writer, Information Development
Userlevel 7
Hi Mikael,

you might find the GTAC Knowledge article How does my Access Point communicate to the ExtremeCloud? useful.

Thanks,
Erik
Hi, After getting console access to AP I noticed that it could communicate to devices.extremecloud.com using ip but not with dns name. AP was configured to use dhcp for WAN access but for some reason it had locked resolver setting in resolv.conf which had wrong resolver ip set. I did cset factory reset which fixed the problem. Now ezcloud sees AP as it should.

I can see on fw logs that ap communicates to devices.extremecloud.com using port 443 (ssl app) as you adviced.

Thx.

Br,

Mikael
Userlevel 7
aalmi wrote:

Hi, After getting console access to AP I noticed that it could communicate to devices.extremecloud.com using ip but not with dns name. AP was configured to use dhcp for WAN access but for some reason it had locked resolver setting in resolv.conf which had wrong resolver ip set. I did cset factory reset which fixed the problem. Now ezcloud sees AP as it should.

I can see on fw logs that ap communicates to devices.extremecloud.com using port 443 (ssl app) as you adviced.

Thx.

Br,

Mikael

Thanks for letting us know. 🙂
Userlevel 4
I realize this is a late post, but we recently ran into a similar problem and it occurred after a maintenance update to the cloud platform. What we found was that the front-end servers were relocated to an IP address which (according to our GeoIP filters on the firewall) is based in Germany. We were blocking Germany, and therefore the devices would not show in the cloud. One of those things you don't always think of, especially when it occurs on a device for which you don't "see" where it's going from a contextual sense.

BigRic

Reply