Couple of questions for Sophos wireless

hi louis,

i have some ap running with my utms at work.. cant answer all but some...

1. dont know.. hope some sophos staff or someone with greater count of installation can answer this..

2. no performance problems at my site.. but only running 3 AP30

3. no.. only if the utms itself are running in ha mode (master/slave)

4. no. if utm is down the "intelligence" of the AP is down...

hope that helps..

Hi,

thanks for the fast reply.

With regards to #3, we have a master/failover UTM setup. I'm just wondering what happens when we a master/master setup and where the AP's will intitally set themselves up?

#4 is a little bad too. I know the ubiquiti's still continue to run if the controllers go down but they will lose functionality like guest access due to there being no centralised authentication. But surely if you have a network/SSID setup with radius authentication or just a PSK, you would think the AP would continue to function?

Louis

#3 only have ha/failover running so i have no experience in master / master environment

#4 if i shutdown my utm-ha-cluster no more wlan is reachable... so i think complete functionality is lost..

maybe some others can jump in and answer more detailed ..

Louis, this really is a conversation you need to be having with your reseller.  Depending on the power of the UTM running them, there are limitations on the number of REDs+SSIDs you should run.

3. The configurations on Master and Slave are nodes are identical, allowing the Slave to become Master within milliseconds and causing virtually nothing apparent to the users.

4. If the UTMs go down and an SSID is 'Bridged to AP LAN', it will be able to transmit traffic between wireless and wired clients in that Ethernet segment.

Cheers - Bob

BAlfson said:

4. If the UTMs go down and an SSID is 'Bridged to AP LAN', it will be able to transmit traffic between wireless and wired clients in that Ethernet segmen

dont think so. i thougth only with ap55, ap100. my ap30 goes down if my utm is offline. the ap55 still sends wireless network. 

correct info about guestsegments and bridged to ap lan.

Hi Louis,

Check the Sizing guide here, to know the number of AP supported by various UTM models. SSID supported by AP:

>> AP10, AP15 and AP30: total 8 SSIDs 

>> AP 50 and above; total 16 SSIDs

Thanks

Sachin, the real issue is the number of tunnels between an AP and a UTM.  For example, if there are three 'Separate Zone' SSIDs on an AP, are those all handled with a single tunnel back to the UTM or does each SSID get its own tunnel?

Cheers - Bob

Hi Bob,

Nice question, I am not sure about the answer but I think 3 SSIDs = 3 separate channel bands which means individual tunnels for each SSIDs.

I will discuss it with my team and update you soon.

Thanks

How much load on the wireless is a "seperate zone" compared to a "bridge to vlan"

Is the communication to the UTM secure for the config or the seperate zone.

IDEA: with sophos central (connecting via https), it would be good if the magic address of 1.2.3.4 could be configured on the AP and the wireless could https to a UTM from an external source?

Put that in as a feature request.