This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos APX and 802.1x network security

Hi all,

we have a XGS116 in place and 5 APX320 and two APX120 in our environment. As our company will definitely fall under NIS2 directive I am currently testing how to secure our internal network. We already use NPS with internal CA and all AD user and Windows computer have certificates. For WPA2-Enterprise Wifi we already use 802.1x for authentication.

Now I tested 802.1x on the access switches so we could use this wit all wired clients like desktop and laptop (via dock), printers and IP-phones. All our APX are connected via standard wall sockets to the access switches. Of course this is a separate VLAN but still a possible attack point. I did not see any setting that allows any kind of 802.1x authentication for the AP.

In detail I am missing an option to set an authentication for the APX to use with our NPS/RADIUS. The only possible way I see right now is a MCA based access list limited to only the one MAC address learned on the APX network port.

So, there is no EAP-TLS setting for the APX?



This thread was automatically locked due to age.
  • This will most likely not work for the AP switch ports. And MAC authentication would need to allow all Wireless Clients MACs connected to the APX to be allowed too. So this is only for very static environments and not very secure.