I moved our WAPs to Sophos Central, assigned SSIDs and their currently working on our UTM. We are replacing the UTM this weekend, and I'm not sure of something: Are the Access Points 100% cloud managed in that Wireless Security does not even need to be on?
To add them to our current (UTM) set up I removed them from the gateway and registered them in Central. I know they're different architectures, but on either/both UTM and XG: Does Wireless Security even need to be enabled? I mean, since they're no longer "added" and the gateway just wireless clients aa\s just another LAN client.
Yes that's correct. Once your AP is managed via Sophos Central, there is no need to enable Wireless Security on your firewall. In fact, it should be off as it could conflict.
On the firewall…
On the firewall is where you would set up the pertinent firewall rules.
Actually, I think the wording needs to be stronger: if you enable "Wireless Security" that XG will intercept the AP's attempted communications to Sophos Central and things will not work. You'll either have to Accept the AP on the XG, or turn off Wireless Security and let the AP talk to Sophos Central. (And my guess is that if you have Wireless Security on and your AP boots and you then turn Wireless Security off, the AP could end up in a confused state that could require a reboot or maybe a reset. I think I reset mine to switch over to Sophos Central.)
Remember that Sophos Central Wireless is also a two-part process: the AP needs to come up in such a way that it can reach out to SC Wireless, and you need to tell SC Wireless that your AP is going to contact and request control. Which is why I'm guessing if you change things mid-stream (Wireless Security off, but nothing done to the AP) it may sit in a confused state indefinitely. But I could be wrong about all of this. I just managed to move from XG control so SC Wireless control so I'm familiar with the concepts but no expert.
Thanks much. I turned wireless off on the UTM and wifi not only still works but is faster than it was with the UTM managing it. I'm guessing because now the WAPs talk directly to the radius server.
I'm somewhere between heartened and confused by you saying you moved from XG to SC. The move from UTM to SC went smoothly. But I got a couple new access points and had them on my XG, and when I tried to moved either one of them to SC, they bricked. Like, really bricked, not even the Flashing Tool could pull them back. I'm not sure if it was an issue with the firmware they came with or something about how long I held there reset button when trying to switch them (didn't have to reset at all with the UTM APs, they just worked once I deleted them from the local configuration page). Alas, I think that's a saga for a different thread.
Thanks again for the help & info.
SC Wireless offers advantages in terms of the firmware and control, as compared to the XG Control. Given that I understood what's going on (i.e. Wireless Security off, delete the AP from XG first, then reset/reboot APs), it worked perfectly and has performed well.