XG115W - Onboard Wireless Bridging

Question

Hi All, 
 I'm horrified to have to post this question. So, we've recently signed on as a reseller for Sophos and I'm working to prep our first unit for deployment. Our client requires that the wireless is fully bridged to the LAN. Their wireless devices (which are production laptops only) need unfettered access to resources on the LAN (printers, servers, ping, etc.). 
 I for the life of me can't get this to happen. I've worked with Sonicwall for 16 years, and it appears I'm just stuck in my ways. 
 Setup: 
 WAN: DHCP 
 LAN: 10.0.71.1 
 WIreless: Default Sophos (and yes, I've created my own as well and failed): 10.0.6.1, Bridged to LAN 
 The administrator guide states that the Bridge to AP LAN Networks with Local Devices can be initiated using either a bridge, or edit the interface, change the zone and provide an IP to use the interface in gateway mode. 
 
 when I try to setup a bridge, I get an error - "You cannot select the interface as Member Interface as you are accessing the device using the same Interface IP"
 
 there's a Sophos video that shows this exact process, and it doesn't fail

when I switched the zone of the wireless from wireless to LAN, it still does not bridge (and I created rules for it just to make sure)

The YouTube videos below have steps to bridge the networks 
 
 this one ( https://www.youtube.com/watch?v=NsfF7tz1h-0&index=2&list=PLwMkdx8vaaKCsz_Y5vRZPVYqc5HjIv8kW ) at around 3:15 details what to do, but could not get to resources 
 this one ( https://www.youtube.com/watch?v=iiDdFD1bfH8&index=1&list=PLwMkdx8vaaKCsz_Y5vRZPVYqc5HjIv8kW ), when creating a new wireless network at 1:55 indicates that setting the Bridge to AP LAN does not require additional firewall rules to reach LAN resources

We have 4 units lined up, ready to schedule deployment. We are also working very hard to go through the Sophos engineering courses. If anyone can add insight, and the proper way to bridge in the manner we're looking to deploy, I would be forever grateful

NicolasRICHARD · Answer

Hi Christian, 
 I met the same problem it seems... I propose this solution , let us know hoow it works for your needs.

First step : Wireless network definition : bridge to ApLan

Second Step : Associate the Wireless network to at least One Access Point 
 
 Third Step : Bridge the interface created for th Wireless Network

Please note that without association to an Access Point, the Wireless Network will not have any interface defined so you cannot bridge it (only setting an IP address and it won&rsquo;t work as needed)

ChristianHopkins · Answer

Hello All, 
 Thank you for the responses - and I have an update. We did figure out a way to bridge the LAN and Wireless, but were concerned that it seemed out of band. Support intervened this afternoon and confirmed what we had done and the steps we took were actually correct. Here is the part that did not make sense from watching the YouTube Sophos video, and even the XG Administration Guide - 
 - in order to create a Bridge from interfaces LAN (Port1) and Sophos (pre-configured wireless), you must create the bridge from another interface. Which means you need to configure one of the non-functional ports (Port 3 or 4), enable the interface and login through that interface 
 - once you're not performing configurations from one of the interfaces you're attempting to work on, then you can create the Bridge! 
 In speaking with support, he was actually watching the YouTube videos, and also looked at the admin guide. Both, he said were not detailed enough to give that instruction 
 ** Oh, and this is a change from SG and UTM, where previously you could be working from the LAN interface and create a bridge without issue. So this is specific to the new XG. 
 That said, I can at least move on and prep the now three (3) Sophos XG's I have waiting. Thanks again to you all, and to support who were extremely helpful. 
 
 Best regards, 
 Christian