Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
- Overview
- Topology
- Step 1: Configure access point Interface
- Step 2: Register an APX on Sophos Central
- Step 3: Creating DHCP Server & Static IP MAC mapping on Sophos Firewall
- Step 4: Checking of Static IP MAC mapping under the IPv4 lease
- Step 5: Add a dedicated plain firewall rule for APX 320
- Step 6: Creating Clientless users
- Step 7: Create a Firewall rule for Wi-Fi to WAN
- Step 8: Options to explore on Wireless Access Points Sophos Central
- Topology
Overview
The Recommended Reads explains how to set up and manage Sophos access points from Sophos central while managing the DHCP server on the Sophos firewall.
Topology
Step 1: Configure access point Interface
Under the Web-admin GUI > CONFIGURE > Network > Port3
Step 2: Register an APX on Sophos Central
Under Sophos Central> My Products> Wireless> Manage Protection> Access Points> Register
Kindly see the references:
- Documentation: Access Points.
- Video: How to Register an Access Point
- Screenshot
Once Registered, You'll be able to see under the Wireless>Access Points live:
Step 3: Creating DHCP Server & Static IP MAC mapping on Sophos Firewall
Under the Web-admin GUI > CONFIGURE > Network > DHCP > Server > Add
Kindly see the references:
- Documentation: Add a DHCPv4 server
- Screenshot of Binding AP320 with Static IP Mac mapping
For the devices mentioned in the topology above.
Step 4: Checking of Static IP MAC mapping under the IPv4 lease
Once Saved, you can find the static IP MAC mapping under the DHCP > IPv4 Lease:
Step 5: Add a dedicated plain firewall rule for APX 320
*Ensure a rule for APX is present
Under the Web-admin GUI > PROTECT > Rules and policies > Add firewall rule
Kindly see the references:
- Documentation: Add a firewall rule
- Screenshot
Ensure to create a LINKED NAT rule as highlighted in the screenshot below:
Step 6: Creating Clientless Users
Under the Web-admin GUI > CONFIGURE > Authentication > Clientless users > Add
Kindly see the references:
- Documentation: Adding a single clientless user
- Screenshot
Step 7: Create a Firewall rule for Wi-Fi to WAN
Under the Web-admin GUI > PROTECT > Rules and policies > Add firewall rule
You can use any desired authentication method; I have used clientless in my scenario here:
You can check the Devices1, Device2 & Device3 IPv4 leases under the DHCP > IPv4 lease:
You can check the Devices1, Device2 & Device3 live under the Sophos Central > Wireless > Devices:
Step 8: Options to explore on Wireless Access Points Sophos Central
Manage Protection > SSIDs > Basic Settings.
Advance Settings > Client Connection: The VLAN option can be found here
To use this option, you can add a VLAN Interface on Sophos Firewall Port3 to use and also add the VLAN DHCP Server:
And Create a DHCP Server for the new VLAN Interface created:
I hope this Recommended Read helped you meet your requirements and clarify your doubts.
Updated links to latest
[edited by: Raphael Alganes at 1:49 PM (GMT -8) on 15 Nov 2024]