This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AP's on WAN side of Firewall don't upgrade

AP's on WAN side of Firewall don't upgrade

Tim_Senaldi
New Contributor II

‎02-22-2016 02:01 PM

I have several AP's at a remote site. They are accessing the controller through a public IP. I have no issues with this. The issue appears when I try to upgrade the controller. The AP's do not update and they fail. They are found in the controller. However, they don't get a channel and are inaccessible to the remote clients as they don't see a SSID. Is there a port I need to open on the firewall to handle the upgrade of AP's?
0 Kudos
4 REPLIES 4

Steve_Ballantyn
Contributor

‎02-25-2016 04:54 PM

I think what Tim is saying is that his AP's are at a remote site behind a firewall (using NAT) but they access the controller with a public IP address (which too, is probably NAT'd). This is the setup that I just got up and running with. It works well, but I was told explicitly that you cannot upgrade your AP's in this configuration (yet).

The problem is that the AP is sending "authorize firmware version" requests to the controller, and the controller is saying "no, you need to upgrade". The AP tries, but then the TFTP will fail every time. I think support may actually be working on that (from what I hear from support).

I resolved this on two different locations using two different fixes. 1) Brought the AP on site, let it upgrade, took it back to where it came from, and 2) I logged into the AP remotely with ssh and downloaded the firmware from a TFTP server (tftpd) running on a PC local to the AP. You can find instructions for that here.
0 Kudos

Ronald_Dvorak
Honored Contributor

‎02-22-2016 03:11 PM

In the GUI go to > AP > Global Settings > AP Maintenance > Upgrade Behavior

Set it to "upgrade when AP connects using settings from controlled upgrade"

This will disable the software upgrade on the APs = APs will run the old software.
But that should bring up the WLAN/SSID.

What is the version you've upgraded the controller to?

-Ron
0 Kudos

JP4
New Contributor II

‎02-22-2016 02:54 PM

It sounds like you might have something else going on if the ssid's are not broadcasting, but I have never been able to upgrade remote AP's through a NAT on a firewall. I ended up doing a site-to-site VPN after several conversations with GTAC. This was 1+years ago, so maybe this has been added in newer code, but I have not tried. I also think you can run an FTP server locally and get the code that way, but I don't have the commands for doing this, probably need to contact GTAC about this.
0 Kudos
GTM-P2G8KFN