APX 320 X, UTM Firewall + Wireless Protection

Hey Jean-Charles SIEGEL ,

Thank you for reaching out to the community, Please refer the following article:

> Removal of License Requirement in Sophos Central
> Try re-flashing the APX 320X - Recover bricked access points using the Sophos Flashing Tool
> Understand the Network requirements
> Follow - How to Register an Access Point
> APX 320 X is only Supported on Sophos Central.

Actually, I found a way to connect my APX 320 X to Sophos Central while Wireless Protection is activated on my UTM.

Step 1 : Create a dedicated VLAN for APX 32 X on the UTM and switches ....

Step 2 : Configure your UTM's DNS to accept requests from this VLAN.

Step 3 : Configure the DHCP for this VLAN with the UTM's IP address as DNS and gateway, domain if you want. 

Step 4 : Configure a masquerading rule for this VLAN in order to go properly on the Internet

Step 5 : Configure firewall rules to permit outgoing traffic to Internet from this VLAN and also and to permit radius requests to your radius server.

Don't forget to register your APX 320 X on Sophos Central and make the necessary configuration on the cloud platform.

Things you should not do : Add this VLAN to your Wireless Protection configuration on the UTM, so the traffic won't be intercepted by the UTM for this service.

We can say this is a hybrid configuration with Sophos Central and UTM's Wireless Protection.

This configuration works for me. I did it because I need to keep the Wireless Protection enabled for my other APs and I need Sophos Central for the APX 32 X.

Actually, I found a way to connect my APX 320 X to Sophos Central while Wireless Protection is activated on my UTM.

Step 1 : Create a dedicated VLAN for APX 32 X on the UTM and switches ....

Step 2 : Configure your UTM's DNS to accept requests from this VLAN.

Step 3 : Configure the DHCP for this VLAN with the UTM's IP address as DNS and gateway, domain if you want. 

Step 4 : Configure a masquerading rule for this VLAN in order to go properly on the Internet

Step 5 : Configure firewall rules to permit outgoing traffic to Internet from this VLAN and also and to permit radius requests to your radius server.

Don't forget to register your APX 320 X on Sophos Central and make the necessary configuration on the cloud platform.

Things you should not do : Add this VLAN to your Wireless Protection configuration on the UTM, so the traffic won't be intercepted by the UTM for this service.

We can say this is a hybrid configuration with Sophos Central and UTM's Wireless Protection.

This configuration works for me. I did it because I need to keep the Wireless Protection enabled for my other APs and I need Sophos Central for the APX 32 X.

Thank you for the update Jean-Charles SIEGEL !

We are glad it worked for you.

Salut, Jean-Charles - merci pour ta contribution !  C'est la première fois que je vois une solution pour l'UTM et l'APX 320.

Cordialement - Bob
PS Moving this thread to Recommended Reads