WXA 2000/4000 devices does not communicate with the appliance: "No WXA Found"
03/26/2020 1421 11426
After connecting a WXA 2000 or 4000 to a LAN interface of a new unit, the device seems to obtain an IP address, but fails to respond to WXA probes.
A packet capture will show TCP communication to and from the IP address of the WXA device, but the WXA device configuration does not show up in the SonicWall UI.
The SonicWall uses TLS / SSL probes to communicate with the WXA device as a client to a server. Older versions of the WXA 2000 and the WXA 4000 firmware respond to the SonicWall probes using the TLS version 1.0 protocol, which many current versions of firmware now have disabled by default.
The workaround is to enable TLS v1.0 in the https://IPSonicWall/diag.html page of the SonicWall under the "Encryption Settings" section.
- Navigate to the /diag.html page of your firewall (located at https://IPSonicWall/diag.html).
- Click the "Internal Settings" button
- Scroll down to "Encryption Settings".
- Uncheck either "Disable SSLv3" or "Disable TLSv1.0", depending on the options available in your particular firmware version. Note: in the latest firmware versions (i.e. 6.2.5.x, 6.2.6.x), you need to check "Enable TLS compatible mode" instead.
- Click "Accept" at the top and then "Close" to go back into the appliance GUI.
Now navigate back to WAN Acceleration | Status. You should now see your appliance.
In order to upgrade the firmware, you need to download the image from your MySonicWall downloads.
To apply the upgrade, navigate to WAN Acceleration | Firmware (or WAN Acceleration | System | Firmware tab), click Upload New Firmware, select your firmware and then boot it.
NOTE: Once updated, remember to re-enable the options "Disable SSLv3 or TLSv1", or to disable "Enable TLS Compatible Mode" from the diag page.