Hello fellow Sophoans,
As anyone successfully setup Netgear Nighthawk as an AP on Sophos XG? I'm trying to use it independently on a port (zoned) but it doesn't come up. Do I have to have a Sophos AP to be able to see the AP on the firewall?
khlawk said:Hello fellow Sophoans,
As anyone successfully setup Netgear Nighthawk as an AP on Sophos XG? I'm trying to use it independently on a port (zoned) but it doesn't come up. Do I have to have a Sophos AP to be able to see the AP on the firewall?
klhawk,
The Netgear Nighthawk is more than just a wireless access point. It is a combined router, switch, Access Point, and and wireless AP controller.
The Sophos XG Firewall is a combined router and wireless AP controller. Some models also include a switch, an access point, or both.
You didn't state which model XG Firewall you have nor which mode it is in: Gateway or Bridge. I will assume your XG Firewall is in Gateway mode, has no access point (no built in antennas system), and that it also has the default two Network Interfaces: Port 1 to Zone LAN (the Netgear Nighthawk) and Port 2 to Zone WAN (the internet gateway; i.e. cable modem, DSL, etc). You also didn't say which model Netgear Nighthawk you have nor if it has the factory installed operating system nor if you installed DD-WRT, Open WRT, Tomato, pfSense, etc. I will assume your Netgear Nighthawk is running on the factory OS.
Now, between your XG Firewall and your Nighthawk, you have two routers with NAT and two AP controllers. This poses two problems. By default, the Sophos Wireless AP controller is off and your Nighthawk wireless AP controller is on. This is fine, and it solves one problem. The other problem is you have two routers with NAT that are operating on the same network. You need to turn one off.
The simplest way is to turn off the router in the Nighthawk. It is best that you reset your Nighthawk to factory default and use this link to set your Nighthawk in AP mode for the first time. If you don't want to do that, you can still set the Nighthawk in AP Mode from your current configuration. It doesn't matter which technique you use as long as you choose the options for "get IP address dynamically from router" and "Yes, I can disable the existing gateway's Wi-Fi". You will need to assign SSIDs and passwords to Wi-Fi if you haven't already done so.
Based on this setup, the XG Firewall router will have a base IP address of 172.16.16.16 and control DHCP, IPV4/IPV6, VLANs, and DNS/NAT. Your Nighthawk will control the Wi-FI and relay communication between Wi-Fi clients and the XG Firewall router.
Turn off both your XG Firewall and NightHawk. Turn on your XG Firewall. Once the firewall running and online, turn on your Nighthawk. If you can't tell if the firewall is up, wait 5 minutes before turning on the Nighthawk. When the Nighthawk is running and online, try connecting to your internal Wi-Fi (not the Guest network). Your wireless device should receive an IP address in the range of 172.16.16.17 to 172.16.16.254 and be able to communicate with the router and the internet. Your Guest Wi-Fi will probably not be working.
If you want to enable Guest Wi-Fi or if the internal Wi-Fi is not working, you will need the model number of your Nighthawk AP and XG Firewall.
khlawk said:Hello fellow Sophoans,
As anyone successfully setup Netgear Nighthawk as an AP on Sophos XG? I'm trying to use it independently on a port (zoned) but it doesn't come up. Do I have to have a Sophos AP to be able to see the AP on the firewall?
klhawk,
The Netgear Nighthawk is more than just a wireless access point. It is a combined router, switch, Access Point, and and wireless AP controller.
The Sophos XG Firewall is a combined router and wireless AP controller. Some models also include a switch, an access point, or both.
You didn't state which model XG Firewall you have nor which mode it is in: Gateway or Bridge. I will assume your XG Firewall is in Gateway mode, has no access point (no built in antennas system), and that it also has the default two Network Interfaces: Port 1 to Zone LAN (the Netgear Nighthawk) and Port 2 to Zone WAN (the internet gateway; i.e. cable modem, DSL, etc). You also didn't say which model Netgear Nighthawk you have nor if it has the factory installed operating system nor if you installed DD-WRT, Open WRT, Tomato, pfSense, etc. I will assume your Netgear Nighthawk is running on the factory OS.
Now, between your XG Firewall and your Nighthawk, you have two routers with NAT and two AP controllers. This poses two problems. By default, the Sophos Wireless AP controller is off and your Nighthawk wireless AP controller is on. This is fine, and it solves one problem. The other problem is you have two routers with NAT that are operating on the same network. You need to turn one off.
The simplest way is to turn off the router in the Nighthawk. It is best that you reset your Nighthawk to factory default and use this link to set your Nighthawk in AP mode for the first time. If you don't want to do that, you can still set the Nighthawk in AP Mode from your current configuration. It doesn't matter which technique you use as long as you choose the options for "get IP address dynamically from router" and "Yes, I can disable the existing gateway's Wi-Fi". You will need to assign SSIDs and passwords to Wi-Fi if you haven't already done so.
Based on this setup, the XG Firewall router will have a base IP address of 172.16.16.16 and control DHCP, IPV4/IPV6, VLANs, and DNS/NAT. Your Nighthawk will control the Wi-FI and relay communication between Wi-Fi clients and the XG Firewall router.
Turn off both your XG Firewall and NightHawk. Turn on your XG Firewall. Once the firewall running and online, turn on your Nighthawk. If you can't tell if the firewall is up, wait 5 minutes before turning on the Nighthawk. When the Nighthawk is running and online, try connecting to your internal Wi-Fi (not the Guest network). Your wireless device should receive an IP address in the range of 172.16.16.17 to 172.16.16.254 and be able to communicate with the router and the internet. Your Guest Wi-Fi will probably not be working.
If you want to enable Guest Wi-Fi or if the internal Wi-Fi is not working, you will need the model number of your Nighthawk AP and XG Firewall.
