APX 320 X, UTM Firewall + Wireless Protection

Hey Jean-Charles SIEGEL ,

Thank you for reaching out to the community, Please refer the following article:

> Removal of License Requirement in Sophos Central
> Try re-flashing the APX 320X - Recover bricked access points using the Sophos Flashing Tool
> Understand the Network requirements
> Follow - How to Register an Access Point
> APX 320 X is only Supported on Sophos Central.

Actually, I found a way to connect my APX 320 X to Sophos Central while Wireless Protection is activated on my UTM.

Step 1 : Create a dedicated VLAN for APX 32 X on the UTM and switches ....

Step 2 : Configure your UTM's DNS to accept requests from this VLAN.

Step 3 : Configure the DHCP for this VLAN with the UTM's IP address as DNS and gateway, domain if you want. 

Step 4 : Configure a masquerading rule for this VLAN in order to go properly on the Internet

Step 5 : Configure firewall rules to permit outgoing traffic to Internet from this VLAN and also and to permit radius requests to your radius server.

Don't forget to register your APX 320 X on Sophos Central and make the necessary configuration on the cloud platform.

Things you should not do : Add this VLAN to your Wireless Protection configuration on the UTM, so the traffic won't be intercepted by the UTM for this service.

We can say this is a hybrid configuration with Sophos Central and UTM's Wireless Protection.

This configuration works for me. I did it because I need to keep the Wireless Protection enabled for my other APs and I need Sophos Central for the APX 32 X.

Thank you for the update Jean-Charles SIEGEL !

We are glad it worked for you.

Salut, Jean-Charles - merci pour ta contribution !  C'est la première fois que je vois une solution pour l'UTM et l'APX 320.

Cordialement - Bob
PS Moving this thread to Recommended Reads

Hi,
I read your success story and wanted to ask you for help.
I have UTM 9 with wireless protection enabled with around 20 APs connected.
I need to expand the signal coverage and I need to buy the new AP6.
I can't turn off wireless protection as suggested in other posts, but I have to do a hybrid configuration for the moment.

On utm eth0 i configured my LAN 192.168.10.X and it is connected with the network cable to a switch that works as a star center for other floor switches.
There are no vlans on the switches.
Could you explain your steps to me in more detail? I'm a little confused about VLANs, tagged and untagged ports, trunks, etc.
thanks in advance.
Matt

Your AP6 has to reach the internet like a simple client. ... but - unfiltered

You need:

- DHCP

- DNS

- (default) masquerading rule to reach the internet

- Firewall Rule AP -> Internet

- transparent proxy exception for AP#s IP

Your AP6 has to reach the internet like a simple client. ... but - unfiltered

You need:

- DHCP

- DNS

- (default) masquerading rule to reach the internet

- Firewall Rule AP -> Internet

- transparent proxy exception for AP#s IP