This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM as WAP Controller with Guest Network

I have Sophos UTM along with a few APs at home and want to try out some other firewalls (looking for better tracking and reporting to understand what my kids are doing on the internet). But, Id like to keep the APs and use the UTM as a controller. I see a posting on how to do this (Set UTM 9 to be ONLY wireless AP controller):

Configure UTM with only one interface (LAN) and point default gateway parameter to your new router. Enable DHCP service on UTM and configure it with AP Magic (DHCP 234) option 

But, have a couple of questions:

  • Assuming the wifi is bridged to LAN (APs on the same LAN), does the client traffic from the AP go to the UTM and then back to the LAN, or does the AP bridge it?
  • I also want to do a guest wifi. How would that traffic flow? I imagine it has to flow through the UTM to keep separate from the LAN, and then I should send to the router via a separate VLAN or interface

Asking because I am going to upgrade to 10gbe on the router and switches, but not the UTM, and wondering how much of a bottleneck that would be for wifi. 

Thanks. 



This thread was automatically locked due to age.
Parents
  • It looks like bridge to LAN traffic is bridged at the AP, since I can see a client's MAC on the same switch port as the AP. And, Im guessing the guest zone passes through the UTM to separate from the LAN. 

    If I establish a VLAN on my switch for the guest network, could I bridge the guest wifi to that VLAN and have the ongoing traffic avoid passing thru the UTM? Goal would be to have the UTM not in the path of traffic after DHCP

Reply
  • It looks like bridge to LAN traffic is bridged at the AP, since I can see a client's MAC on the same switch port as the AP. And, Im guessing the guest zone passes through the UTM to separate from the LAN. 

    If I establish a VLAN on my switch for the guest network, could I bridge the guest wifi to that VLAN and have the ongoing traffic avoid passing thru the UTM? Goal would be to have the UTM not in the path of traffic after DHCP

Children
No Data