This is mainly for home users, as I don't recommend using consumer-grade wireless equipment for more than a few users; the Sophos APs are great for larger networks.
If you have a wireless router you want to convert to use as an Access Point with Astaro:
1. decide if you want the wireless network to be part of your LAN, or a new network/DMZ.
If a new network, setup a new interface (or use a VLAN) on the UTM.
Setup the UTM's DHCP & DNS server for the network, and configure Masquerading, firewall rules, desired proxies, etc.
2. tape over the WAN port on the router to avoid creating a double-NAT and other problems
3. change the management IP on the router to an IP on the same network as the LAN or DMZ interface on the firewall.
e.g. if the firewall is 192.168.1.1, set the router to 192.168.1.2
4. disable DHCP on the router
5. plug one of the router's LAN ports into the firewall.
That's it!
Notes: If the router is on a new LAN or DMZ, you won't be able to access it's management interface from another LAN unless you create an SNAT:
Source: LAN (Network) , Service:HTTP or HTTPS, Dest: Router's management IP, Source translation: DMZ (ADDRESS)
If you don't understand this, just remember to connect to the router on wifi or one of the router's LAN ports if you want to manage it.
Advanced topics:
a. Some consumer routers support VLANs and multiple SSIDs natively, or with DDWRT. See https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/21666 for some configuration options.
b. The UTM has a 'HotSpot' mode, in the Wireless Security settings; this can be used with any LAN or DMZ; it doesn't have to be a Sophos AP.
If you have corrections or additions to this information, please post here.
If you have general wireless questions, please start a new thread.
Barry
This thread was automatically locked due to age.
