Sophos XG310 and Aruba IAP: Wireless Set-up

Hi,

I'm new to this group and I want to ask your expertise on setting up my wireless network.

We have two new XG310 appliances that were delivered yesterday to replace our ASTARO generation firewall. We purchased two for HA (Active/Standby) set-up. Because they are, we decided to revise our policies and configurations - meaning we will re-write everything. My concern is our wifi network. We have a number of Aruba IAPs configured with virtual controller. We have two SSIDs: one for staff and one for public. The staff SSID has a passphrase and hidden. The public is open. 

What I would like to do on the new set-up is staff SSID can access our domain resources (shared folder, printers) and go to internet. And the public SSID can access ONLY the internet (http and https). Currently, our wifi network doesn't work that way. Because the Aruba IAP has a virtual controller, all wifi connections are NATd using the IAP's IP address. When a client connects to the wifi, an IP address is acquired with 172.31.x.x with a corresponding VLAN assignment based on the SSID it connects to. Can I set-up a VLAN-based policy on the XG firewall? Is there a way to set-up my Aruba IAP as bridged mode only (and how does this work)? Can someone help me how to start setting-up?

I will appreciate any help.

Thank you.

Ariel