Hi!
It's about an XG UTM with integrated WIFI and what already struck me as strange during the installation are the limitations of the bridge in terms of LAN and WIFI. Apparently you can only "bridge" WIFI with the LAN zone.
Now the following questions have arisen:
1. Since I only found out later that you have to install the Sophos certificate on all end devices for SSL decryption (dpi engine): Can an exception be defined so that the traffic from all mobile devices is not examined? They are in the same subnet as in the LAN because of the bridge. Or would it then make more sense to define a separate subnet and zone for Wifi.
2. On a LAN port I have created my own network with its own zone and extra subnet 192.168.100.0, quasi as guest access for other people who are not allowed to access the LAN 192.168.138.0. If someone surfs in the LAN zone and accesses a blocked site, he receives the error message from the IP 192.168.100.1 instead of the actual IP of the firewall: 192.168.138.1. Does that have something to do with the bridge between LAN and WiFi?
This thread was automatically locked due to age.