UTM as WAP Controller with Guest Network

I have Sophos UTM along with a few APs at home and want to try out some other firewalls (looking for better tracking and reporting to understand what my kids are doing on the internet). But, Id like to keep the APs and use the UTM as a controller. I see a posting on how to do this (Set UTM 9 to be ONLY wireless AP controller):

Configure UTM with only one interface (LAN) and point default gateway parameter to your new router. Enable DHCP service on UTM and configure it with AP Magic (DHCP 234) option 

But, have a couple of questions:

  • Assuming the wifi is bridged to LAN (APs on the same LAN), does the client traffic from the AP go to the UTM and then back to the LAN, or does the AP bridge it?
  • I also want to do a guest wifi. How would that traffic flow? I imagine it has to flow through the UTM to keep separate from the LAN, and then I should send to the router via a separate VLAN or interface

Asking because I am going to upgrade to 10gbe on the router and switches, but not the UTM, and wondering how much of a bottleneck that would be for wifi. 

Thanks. 

Parents
  • Ended up making and bridging the wireless network to VLANs. Couldn't have just the guest net bridge to VLAN while the main wifi bridged to AP LAN (config wouldnt accept having both tagged and untagged in a single group). So, I created a guest VLAN and had the ports for APs, UTM and new firewall tag both the guest VLAN and VLAN 1 (the default on my switch) and then bridged guest wifi to the guest vlan and main wifi to VLAN 1. Also had the APs tag to VLAN 1. Then, in the new firewall (Untangle), I had it NAT the guest VLAN separately from the main internal network. Also, set the new firewall do DHCP on the guest VLAN, in addition to the main. Also, remember the above point about DHCP option. 

    Seems to work.

    Still, not sure I like Untangle over UTM. Has more reporting/tracking, but doing simple things is more cumbersome. And, cannot navigate well using a phone browser. So, might switch back to UTM.

Reply
  • Ended up making and bridging the wireless network to VLANs. Couldn't have just the guest net bridge to VLAN while the main wifi bridged to AP LAN (config wouldnt accept having both tagged and untagged in a single group). So, I created a guest VLAN and had the ports for APs, UTM and new firewall tag both the guest VLAN and VLAN 1 (the default on my switch) and then bridged guest wifi to the guest vlan and main wifi to VLAN 1. Also had the APs tag to VLAN 1. Then, in the new firewall (Untangle), I had it NAT the guest VLAN separately from the main internal network. Also, set the new firewall do DHCP on the guest VLAN, in addition to the main. Also, remember the above point about DHCP option. 

    Seems to work.

    Still, not sure I like Untangle over UTM. Has more reporting/tracking, but doing simple things is more cumbersome. And, cannot navigate well using a phone browser. So, might switch back to UTM.

Children
No Data