Client-Isolation across Accesspoints?

Hi,

please provide more information about your setup.

What is the client-traffic mode for the affected Wifi (separate zone, bridge to vlan, bridge to lan)?

If bridge-to-lan: are all Accesspoints in the same subnet?

Yours Lukas

Hi,

it's bridge to VLAN. In this Case the affected Wifi-Network is bridged to VLAN 1, wich is our default vlan. 

(But all connections between the Wifi-AccessPoints and the switches are using VLAN-Tagging for every VLAN available) 

I noted, that one of the clients is connected using 2.4 GhZ, while the other uses the 5GhZ Band. 

Might this cause any issues in General? (Seen as different Wifis, Isolating clients?)

For the tests we did with the same accesspoint, they both needed to use the 2.4 GhZ Band, cause that's only a AP15C.

I will disable 5GhZ temporary for the other Accesspoints and see if that resolves the issue. 

How are you testing "access" between devices on different APs?  Do you see anything related in the Firewall log?

Cheers - Bob

Hello,

i have the same problem.

I use the AP in Bridge to LAN Modus.

Is there a solution to fix the problem?

Thanks a lot.

Markus said:

Hello,

i have the same problem.

I use the AP in Bridge to LAN Modus.

Is there a solution to fix the problem?

Thanks a lot.

Hey there, 

for us the issue was, that clients that connect through different APs (and different Bands, i.e. 2.4 and 5 GhZ) can't see each other. (Even if we have disabled client isolation at all)
If both are on different Accesspoints, but the SAME band, everthing is fine. (i.e. 2.4 to 2.4 and 5 to 5 is fine)

this suggestion over here however seems to describe the problem the other way round: 
https://ideas.sophos.com/forums/17359-sg-utm/suggestions/34011193-client-isolation-between-clients-connected-to-same

They have client isolation NOT working between different bands, only works on the same band. 

So, guess there is at least something strange with how that feature is supposed to work and how it really works. 

hey,

I switch the band to 2,4Ghz but still the same problem.

no connection to the other clients. :-(

Hallo Markus and welcome to the UTM Community!

Are you certain that you don't have 'Client isolation' enabled in the 'Advanced' section of the Wireless Network definition?

Cheers - Bob

Hello Bob,

Thank you for the welcome.

Yes, i do Double Check.

Is disabled.

It works if I connected with my phone on the same AP as the client. Ping and all are fine.

If I connect to a different AP nothing work.

Other client is not pingeble.

Best regards

Markus

Hey,

It’s me again.

I set the client isolation to enable -> save.

Than back to disable-> save.

Now it seems to work.

Client connected to different AP are possible to ping.

I will observe the next Day an we will see.

This feels like a bug, Markus.  Have your reseller open a case with Sophos Support and let us know what they say.

Cheers - Bob