AP 330 stop responding
Hi All, i have an AP330 that stopped where the cloud do not see this device connected. I reset the AP330 and it's flashing Orange fast (from the manual it shows trying to get feature key and it's behind the fb which it's not really blocking on getting the feature key).
How do i update the firmware on the AP 330 without connecting to the cloud since the cloud always show the device is never connected? i have the firmware on a usb drive and need to know how to upgrade manually via command line.
0
Sign In to comment.
Comments
@WGM you'll need to access the AP's webUI.
See:
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/WG-Cloud/Devices/access_point/ap_webui.html
-James Carson
WatchGuard Customer Support
Hi James, Thanks for the reply i've trying using the webUI, but cannot connect to the IP.
Hi WGM,
The AP will only upgrade firmware via the CLI by using an external host:
ap330>mgmt
ap330/mgmt>fwgrade
ap330/mgmt/fwgrade>fwup
Recognized URL format:
http://192.168.1.100:8080/file_name
https://192.168.1.100:443/file_name
ftp://account:password@192.168.1.100/file_name
tftp://192.168.1.100/file_name
If your AP is stuck, I'd suggest contacting support via a support case
-James Carson
WatchGuard Customer Support
Hi James, excuse my ignorance, if i have the downloaded firmware in the computer, how can i upgrade the firmware using the CLI? I don't understand the Recognized URL format using the local computer to upload the firmware to the AP via CLI
Thanks again.
@WGM you would not be able to use the file you have downloaded locally via USB. If you want to use a local file, you'll need to put it on a local webserver, and pull it down from the AP that way.
The URL format is giving some examples of what the command might look like pulling the file down from a local webserver at 192.168.1.100.
-James Carson
WatchGuard Customer Support
Review this:
Access Point Command Line Interface
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/access_point/ap_cli.html
If you can't access it via the Web UI, you may not be able to access it via the CLI.
Worth a try.
Got it. I'm also getting this from other ap device "WEB cURL and libcurl HTTP Response Headers
Parsing Resource Exhaustion -2 (CVE-2023-38039)
state 0" in the logs i see these request: IPS getting drop Protocol:6 port 80 to this IP "142.250.188.238" from the AP device. It just started happening in the last couple days. Also shows Process: bw_driver.
How can i resolve this?
Hi @WGM
That sounds like application control. If the AP is factory reset it should wipe any app control settings that were passed to it.
-James Carson
WatchGuard Customer Support
Hi James, what would be your suggestion to remediate? We did a factory reset on it and still showing the logs. also still showing in the blocked attacks in executive summary report.
"WEB cURL and libcurl HTTP Response Headers
Parsing Resource Exhaustion -2 (CVE-2023-38039)"
The logs comes from the 2 different AP devices IP.
"142.250.188.238" is a Google IP address.
It is doubtful that your AP330 is trying to invoke this exploit, so I think that it is a false positive, and that you could not do IPS checks for the AP330 IP addrs while still doing them for the IP addrs of the devices would are connected to the APs.
I have not noticed this from my AP330, which is running 2.1.12-0.B687336.
At the moment, I don't see CVE-2023-38039 in the IPS signature list:
https://securityportal.watchguard.com/Threats
And a search for cURL doesn't show it either.
I don’t have a HTTPS proxy looking at my AP330, so that is a reason I would never see this type of IPS log entry
Thank you Bruce.
Found the problem:
https://portal.watchguard.com/wgknowledgebase?type=Known Issues&SFDCID=kA16S000000bz5WSAQ&lang=en_US
Hope you all have a safe and Happy Holidays!!