Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 14714 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge to AP Lan and Hotspot behind RED

Jérôme DUMET

Hello,

We have set up a RED15w for a branch of one of our customers. It is configured in Standard/Split mode. There are WiFi access points on the remote site, AP30s. We have added host 1.2.3.4 in the splited networks so that the access points appear on the Sophos of the main site. Everything works so far. The RED15w Wifi device also appears.

"Separate Zone" mode is problematic, we don't want Wifi traffic to pass through the IPSec RED tunnel. All Internet traffic goes out directly. This seems to be a limitation of SOPHOS RED. So we preferred the "Bridge to AP LAN"configuration.

Now the real problem we are facing. The configuration of a hotspot for this Wifi network does not work. When we combine the RED LAN interface with the hotspot, the IPSec tunnel no longer works (the LAN client workstations can no longer contact the main site servers). We are obliged to declare the network of the main site in the "Walled Garden" for it to work again. But even with this configuration, it is impossible to run the hotspot (which is essential for this client who uses the "password of the day" for his Wifi clients). We can connect to the Wifi network but we are not redirected to the hotspo login page...

Using the "Separate Zone" function, the hotspot works for information.

Is it possible to run the hotspot with RED and Bridge to AP LAN configuration?

Thank you for your suggestions.



This thread was automatically locked due to age.
Parents
  • 0

    Hey Kromasm.

    I think you would need RED50 for that, so you could work with VLANS on the RED interfaces. I've read somewhere that you could create a VLAN interface over the RED interface, but I haven't tried this approach and cannot vouch for it. If it works, it might help you solve this, as you would have a separate interface that you could add to hotspot configuration.

    Regards,

    Giovani

  • 0 in reply to giomoda

    Thank you for your reply. Unfortunately the price asked for a RED50 is a bit high, I don't think it will please my customer.

  • 0 in reply to Jérôme DUMET

    It's cheaper and more flexible to use an SG 115 with Network Protection.  Over six years, the cost of hardware and subscriptions is less than the cost of a RED 50 with warranty extensions.  In general, the smallest I like to use is the 115, but a 105 that will never use anything more than a Network Protection subscription would probably be fine.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thank you, they were using ASG120 but they think they are a bit expensive. Don't forget the required wireless subscription too.

    It can definitely be concluded that the hotspot cannot work behind a RED in Bridge to AP LAN mode.

    Thank you for your help.

  • 0 in reply to Jérôme DUMET

    The Hotspot would work, but it would apply to the entire LAN to which the Wireless Network was bridged.  You could create a separate Wireless Network behind the RED and create a Hotspot wit it.  Another thought would be the new XG series - an XG 85 with Network Protection is about the same cost over six years as a RED 15.

    The Wireless subscription is only necessary in the central UTM as it can manage an AP through a RED or VPN tunnel.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Jérôme DUMET

    The Hotspot would work, but it would apply to the entire LAN to which the Wireless Network was bridged.  You could create a separate Wireless Network behind the RED and create a Hotspot wit it.  Another thought would be the new XG series - an XG 85 with Network Protection is about the same cost over six years as a RED 15.

    The Wireless subscription is only necessary in the central UTM as it can manage an AP through a RED or VPN tunnel.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML