Couple of questions for Sophos wireless

"IDEA: with sophos central (connecting via https), it would be good if the magic address of 1.2.3.4 could be configured on the AP and the wireless could https to a UTM from an external source?"

I'm not sure what you're suggesting, Louis.  Since 1.2.3.4 is not routable to anything other than 1.2.3.4 in the public Internet, there's no way that the AP could get to "its" remote UTM except via a site-to-site VPN - and that's already possible.

Cheers - Bob

Hi Bob,

I suspect and hope he is suggesting something like I do with the work supplied AP, it sets up its own tunnel after it has been setup on the same network as the controller.

but it would be nice to configure the "magic ip" on a accesspoint manually. So the Accesspoint can connect to ANY utm on the world and REDs are no longer needed for wireless clients xD

That's it. They do it with Sophos Central with a https connection to SC. All new Sophos Ap's come with the 1.2.3.4 address but they also come with a routeable Sophos Central address.

Why can't they do it with https to a UTM? I suspect it's because of the REDs??

x.cr3w said:

but it would be nice to configure the "magic ip" on a accesspoint manually.

You actually can configure a different magic ip via a DHCP option, see also:

community.sophos.com/.../119131

Nice catch there. Opens up possibilities.

But, from what I can see you need the remote site to have a dhcp server capable of providing options. I think the aim was to have an AP at a remote site with the AP providing the connectivity (VPN) back to the head office server functions.

Reiner, have you tried this?  Anyone?  It seems like one would just need to specify the External interface as Allowed.  I don't know yet how I'd feel about the secure-ness of that though...

Cheers - Bob

and more interesting is, traffic between accesspoint and wan interface is encrypted? i dont think so

No, I haven't tried it for connecting the AP to remote sites. And I also wouldn't recommend it.