This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client-Isolation across Accesspoints?

Hello, 

 

we are using 9 Sophos Access-Points accross our company. For the Main-Wifi-Network the Client isolation is disabled. 

However, we are facing the issue, that Clients that are connected to DIFFERENT AccessPoints can't access each other. 
If both Clients are connected to the same AccessPoint, everything works fine. 

(When connected to different accesspoints, another client being connected (wired) can access both, and both can access the

wired client) 

Seems to be some "Client-Isolation", but only when connected to different AccessPoints? 

Any Idea, which configuration setting to check? 

 

(UTM 9.510-5 )



This thread was automatically locked due to age.
Parents
  • Hello,

    i have the same problem.

    I use the AP in Bridge to LAN Modus.

    Is there a solution to fix the problem?

    Thanks a lot.

  • Markus said:

    Hello,

    i have the same problem.

    I use the AP in Bridge to LAN Modus.

    Is there a solution to fix the problem?

    Thanks a lot.

    Hey there, 

    for us the issue was, that clients that connect through different APs (and different Bands, i.e. 2.4 and 5 GhZ) can't see each other. (Even if we have disabled client isolation at all)
    If both are on different Accesspoints, but the SAME band, everthing is fine. (i.e. 2.4 to 2.4 and 5 to 5 is fine)

    this suggestion over here however seems to describe the problem the other way round: 
    https://ideas.sophos.com/forums/17359-sg-utm/suggestions/34011193-client-isolation-between-clients-connected-to-same

    They have client isolation NOT working between different bands, only works on the same band. 

    So, guess there is at least something strange with how that feature is supposed to work and how it really works. 

  • hey,

    I switch the band to 2,4Ghz but still the same problem.

    no connection to the other clients. :-(

  • Hallo Markus and welcome to the UTM Community!

    Are you certain that you don't have 'Client isolation' enabled in the 'Advanced' section of the Wireless Network definition?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob,

    Thank you for the welcome.

    Yes, i do Double Check.

    Is disabled.

    It works if I connected with my phone on the same AP as the client. Ping and all are fine.

    If I connect to a different AP nothing work.

    Other client is not pingeble.

    Best regards

    Markus

  • Hey,

    It’s me again.

    I set the client isolation to enable -> save.

    Than back to disable-> save.

    Now it seems to work.

    Client connected to different AP are possible to ping.

    I will observe the next Day an we will see.

  • This feels like a bug, Markus.  Have your reseller open a case with Sophos Support and let us know what they say.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It works for the first time.

    If I connect again to the same AP and when back to a different it’s doesn’t work.

    Enable -> disable client isolation it works again.

    I run at home the home license. So I don’t have a reseller to connect.

    Any other way to make a case by Sophos?

  • Hello Markus,

    Thank you for contacting the Sophos Community.

    I can try to replicate the issue and get GES to investigate, I just to make sure I am on the same page as you!

    Could you please tell me how are you testing connectivity between the clients is this trough Ping or https://x.x.x.x or a different method?

    Are the SSID in a Separate Zone or bridge to LAN?

    Does your Firewall is only configured for Gues Network >> Service = Any >> Destination = Any IPv4?

    Regards,

     


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hello,

    I noticed the problem at my sonos speakers.

    So if I connected to a different AP no control from with the iPhone App are possible.
    After that I us a ping tool iNetTool to ping the speaker. No ping possible.

    If I connected to the same AP as the speaker ping and control are possible.

    If I connected to a different AP I switch Client isolation to enable -> Save. Then I switch Client isolation Disable -> Save. Then it works from different AP.

    SSID in the are the Same I have just one WLAN = SSID running. So I use “bridged to AP LAN”

    So ware I would say no firewall rules are necessary.

    Thanks a lot

    Markus

  • Hello,

    did you here something new?

    Best regards

    Markus

  • Hello Markus,

    Thank you for the follow-up.

    Sorry, I forget to respond.

    It seems like this is a limitation on the AP. It looks like the documentation needs to be updated. 

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply Children