Sophos APX and 802.1x network security

Hi all,

we have a XGS116 in place and 5 APX320 and two APX120 in our environment. As our company will definitely fall under NIS2 directive I am currently testing how to secure our internal network. We already use NPS with internal CA and all AD user and Windows computer have certificates. For WPA2-Enterprise Wifi we already use 802.1x for authentication.

Now I tested 802.1x on the access switches so we could use this wit all wired clients like desktop and laptop (via dock), printers and IP-phones. All our APX are connected via standard wall sockets to the access switches. Of course this is a separate VLAN but still a possible attack point. I did not see any setting that allows any kind of 802.1x authentication for the AP.

In detail I am missing an option to set an authentication for the APX to use with our NPS/RADIUS. The only possible way I see right now is a MCA based access list limited to only the one MAC address learned on the APX network port.

So, there is no EAP-TLS setting for the APX?

Added TAGs
[edited by: Raphael Alganes at 5:56 AM (GMT -7) on 18 Mar 2024]