Sophos XG Wireless Controller

Question

Hi, 
 
 Can the Sophos XG Firewall (XG 135v3) be used as a wireless controller only? 
 If yes, how should the configuration be? 
 
 Previous situation: XG 135 as Gateway to the internet with 2 AP100c bridged to LAN. (1 Guest and 1 User LAN) 
 Now: Other Router/Firewall as Gateway to the internet. Uplink to Coreswitch with multiple VLAN's. The XG 135 is now connected on the MGMT VLAN. 
 
 Let's say I have 3 vlans on the new gateway to the core switches. 
 Vlan 10 = MGMT 
 Vlan 20 = Users 
 Vlan 30 = Guests 
 
 How should the trunk towards the AP's be configured like? If I choose to bridge to VLAN it says I have to configure an AP MGMT VLAN. (so no untagged vlan supported when using "bridge to vlan" for management?) 
 How should the connection to the XG be configured like? Does all traffic going over the AP's need to pass over the XG or can I use the XG for controlling the AP's only (which would be great)? 
 
 Thanks for your reply 
 
 Best regards,, 
 Simon

Simon Wauters · Accepted Answer

I got it working on reasonable speed. 
 
 1 Interface on the XG firewall configured VLAN 10 (MGMT) 
 AP's configured on trunk link with untagged VLAN 10 and tagged VLAN 20 and 30 
 2 Wireless networks (SSID's), 1 for VLAN 20 and 1 for VLAN 30 
 Configured magic IP static route and dhcp option to the XG firewall on my DHCP server 
 
 What I don't understand is the option to tag VLAN ID for the access points or access point groups. I've tagged them with another VLAN (40) but the are still communicating with the XG on VLAN 10 MGMT. My confusion was with the obligated configuration of this option when using 'bridge vlan to wlan' 
 It looks like the option doesn't do anything. Can anyone confirm? 
 
 So the traffic doesn't pass the XG. Only mgmt traffic between the AP and the XG is happening. VLAN 20 and 30 are not configured on the XG. 
 To reply: yes, you can use the XG as a wireless controller only. Perfect.