Configuring AP6 420 with VLANs

Dear Support,

We recently purchased an AccessPoint AP6 420 to extend our WiFi configuration.
Prior to that purchase, we had several AccessPoints APX model that were managed by our XGS3100 Firewall On Premise.
As the new AP6 must be configured through Sophos Central, we need some guidelines how to do this.

We will have 3 SSIDs on each access point.

 - HHINTERNAL => This is a bridge access to our default VLAN
 - HHPHONE => Clients connected to this SSID must be isolated from the rest of the devices and not have access to the local devices
 - HHGUEST => As before, clients are isolated. A captive portal will be displayed with use of vouchers

My question is, how do we configure such accesses ?
The AP (AccessPoint) will have an IP Address on the default VLAN in order to register to Sophos Central ?
When configuring Internet Access on the Firewall, are the APs on the "WiFi" zone or on the "LAN" zone ?
The APs receive an IP Address from our internal DHCP (Windows Server) or should the XGS3100 do the DHCP ?

The VLANs must be created on the switches only on also inside of the Firewall ?
Would it be possible to discuss implementation through some kind of schema and/or call ?

Thanks in advance for your cooperation.

Best regards,
Octavio Romano



Added TAGs
[edited by: Erick Jan at 12:17 AM (GMT -8) on 14 Nov 2024]