Sophos Central Wireless - Guest Network Question: Locking down access from general internet to just one site - possible?

I have one location that unlike other locations, wifi AP's are not controlled by the local XG UTM, but rather they (APX320X) are controlled via Sophos Central.

I have setup a guest type network not bridged to the local LAN zone networks and the IP's meted out belong to a separate network 10.1.1.0 /24 - a network that I did not define, but rather seems that AP or Sophos central created.

As of right now clients can connect and have internet access, but I want to limit access to one specific domain only that allows a mobile app access for clocking in and out for the day.

For those locations whose AP's are managed by local UTM this has not been a problem, but for Sophos Central managed AP's I cannot use same method via firewall rules.

Has anyone in this group created a guest network where access has been whittled down to specific sites?

  • I'm an XGS user and don't know UTM, but there wasn't an actual difference when moving my AP to Sophos Central Wireless. Basically had to set up the AP VLANs as the XGS had set them up when it was controlling the AP directly, and then it was back online and everything worked. (The XGS actually used VXLANs, but substituting VLANs in Sophos Central worked.) Is it different on the UTM?