Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is the interaction between an APX NAT Guest Wi-Fi centrally managed and the XGS Gateway?


My question is more academic in nature.

In my office, I am setting up a guest wireless network using SC-managed APXs, and it appears to be working. My NAT configuration isn't Bridged, but how does it go through the XGS? I don't see the address (or network) assigned by the APX's DHCP Server in the gateway, but clients can access the internet, so the address must be going through the gateway in some way.

In order to isolate the traffic, does it use a VLAN hidden from the administrators? Are there any XGS firewall rules that apply?


This thread was automatically locked due to age.
  • Central Wireless is a standalone product. Therefore there is no integration with the firewall. 
    If you use NAT Guest network in central, the APX itself will run a firewall. 


  • If you leave the default MASQ rule in place AND you allow traffic from the WiFi zone to the internet, this will work as you described.

    This default rule is not logged, afaik. So you will not „see“ anything in the logviewr.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.