Accessing Sophos magic IP via pfSense...

  • Hi all,

    i´m experiencing the following problem:

    we use a pfSense as a captive portal for the customer WiFi behind our Sophos UTM.
    All Sophos WiFi-AccessPoints need to connect to the UTM to get their configuration.
    Initially they are trying to reach the magic-IP and Port 2712.

    I created rules allowing this on the IP AND the real IP of the UTM seen from the pfSense´s side.

    Problem now is: The APs can not reach (or communicate) with the UTM.

    Network-Protocol on the pfSense says:

    6 8.458554 TCP 74 55820 → 2712 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294943005 TSecr=0 WS=16
    7 9.455677 TCP 74 [TCP Retransmission] 55820 → 2712 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294943105 TSecr=0 WS=16

    where is the IP of the AccessPoint and the IP of the UTM (LAN-Side), pfSense has 192..168.7.253 on WAN-Side

    Traffic to Internet, access to UTM-Management is working fine from that Network ... but the badly needed self-configuration of the accesspoints, as they are only configurable through the UTM, fails !!

    Has anybody an idea where i could put my fingers at ?

    Kind regards,


  • Netgate Administrator

    Where did you create those rules?

    You will need to add those IPs to the Allowed IPs list on the captive portal. Or add the MAC address of the access points to the MACs pass list there.

    "Magic IP"? Hmm.

    Looks like the APs are resolving the UTM correctly though or have been set to do so manually.


  • @LB-Munich

    Hi all,

    for heavens sake ... i found it finally.
    As soon as the MAC is listed in the MAC-Address-Whitelist everything works ...

    i´m such a moron ....

    Kind regards,

Log in to reply