I want to start by saying that I am in no way a classically trained network guy. Everything I know has been learned in the School of Hard Knocks, experience or from forums such as this. I say that to say I may not understand some basic principle that many here take for granted. If that is the case, please be patient if I ask for you to explain something to me. I'm not lazy, I just do not know what I do not know.
I am migrating from UTM 9 to XG and I am retooling my entire network in the process. I am using an AMD Mini ITX machine to run XG and the install went fine but I am still getting used to the differences between UTM and XG. On this machine, I have the motherboard network jack as the WAN port and I have a NIC with 4 1gb ports. I am using the 4 ports to segment my network and I am rethinking my current setup.
Today, I have 2 DDWRT routers in AP mode each running only one SSID and each on a different port on the UTM. One router runs my cameras and most of my IoT things like smart light switches and the other is for wireless access to my LAN for phones, tablets, Roku's, etc. I have seen many discussions here about mesh networks, but they all talk about SOPHOS hardware.
Question 1 would be can I use any 3rd party AP in a mesh setup on my XG?
I want to have 2 separate Wi-Fi networks that are separate from each other. Question 2 would be should I use 2 separate mesh systems on different physical ports or use wireless VLANs on the same hardware? I have seen wireless APs that support VLANs both with wired and wireless backhaul. Will I be able to 'mesh' these using the Mesh Networks tab on the XG?
If it seems like I am out in left field, I apologize, but I am doing as much research on this as I can and I feel like I am just not understanding some of the principles of this stuff. Any advice or assistance is greatly appreciated.
About question 1, you can't configure 3rd party AP's directly on the Firewall as It only works with Sophos own AP's. But if those AP's have their own management plane or a controller, then you can…
About question 1, you can't configure 3rd party AP's directly on the Firewall as It only works with Sophos own AP's. But if those AP's have their own management plane or a controller, then you can use It to configure them. The Firewall itself doesn't care if they're doing mesh or not.
On question 2, you should always use VLAN's to separate networks, there's no need to have a unique AP for this. But this will fully depend on if your AP supports It or not.
I'm currently running some EAP 245 Rev.3 with an Omada controller, I have one AP through mesh, and It does works as expected with two SSID's with VLAN's. (You can assign a certain VLAN to a certain SSID or multiples.)
If a post solves your question use the 'Verify Answer' link.
XG 115w Rev.3 v19 GA @ Home.
I figured that was the case with question 1.
After a little more education (confirmed by your answer), I think I understand the 2nd question better. Since the SOPHOS APs are out of my price range, I have researched others and I have gathered that I can 'mesh' 2 or more of certain brands/models so long as there is either a controller or a managed switch in between in order to facilitate the VLANs. The APs that I am looking at can support up to 8 VLANs.
I think that I just need to acquire some of the equipment and start tinkering to get everything ironed out. Thank you for helping confirm what I am learning.