Sophos APX and VLANs

Hello everyone,

We are doing a network merge with our sister company. The company uses Sophos as a complex solution for security/routing/vpn/wireless... We would like to continue to use the Sophos APXs but we want to assign end clients addresses from our own router's pools. My question is - can I continue to use Sophos for management and pass the APs a VLAN routed from a different router appliance? Like I pass our data VLAN tagged to the port, where the AP is connected, enable VLAN tagging in Sophos management with that VLAN ID will that work correctly? Does Sophos allow that without problems?

  • The question is confusing. It sounds like you want to use your own non-Sophos DHCP servers, which you should be able to do. (There is a feature in the APX whereby it can run a DHCP server, but you'd of course turn this off if it's currently on.)

    But you're also asking about VLANs and routing. I personally think it would be simplest to switch your APX's to Sophos Central (SC) management, if that's not already the case, and not to manage them from Sophos routers. So your VLANs would be managed by your current routers and you'd configure the APX's via Sophos Central. (There's a step-by-step process for converting Sophos APX's from Sophos Firewall control to SC Wireless control. And obviously the APX must be able to talk to Sophos' servers to do this as well.) You also might need to have each APX not on a VLAN for the Sophos Central setup, then move to the VLAN -- I seem to remember reading that someplace.

    Were you talking DHCP or VLAN/routing, or both?

  • Thank you and sorry for delay in response! I did not know about Sophos Central and it does what I want.