This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Couple of questions for Sophos wireless

Hi, I have a couple of questions with regards to Sophos wireless on the UTM

1. How many acccess points can be connected?
2. How much of a performance hit does this have?
3. If you have more than 1 UTM in an organisation, can the access points be load balanced or go into failover?
4. Do the access points run if the UTM is down?
5. Can anybody offer their experiences with these? We are possibly looking at 150x 15c's and a smaller number of 55c's/100x

 

regards,

Louis



This thread was automatically locked due to age.
  • "IDEA: with sophos central (connecting via https), it would be good if the magic address of 1.2.3.4 could be configured on the AP and the wireless could https to a UTM from an external source?"

    I'm not sure what you're suggesting, Louis.  Since 1.2.3.4 is not routable to anything other than 1.2.3.4 in the public Internet, there's no way that the AP could get to "its" remote UTM except via a site-to-site VPN - and that's already possible.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    I suspect and hope he is suggesting something like I do with the work supplied AP, it sets up its own tunnel after it has been setup on the same network as the controller.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • but it would be nice to configure the "magic ip" on a accesspoint manually. So the Accesspoint can connect to ANY utm on the world and REDs are no longer needed for wireless clients xD


    Sophos Platinum Partner 
    Sophos Certified Architect
    (Ceritfied UTM Architect / Certified XG Architect)

  • That's it. They do it with Sophos Central with a https connection to SC. All new Sophos Ap's come with the 1.2.3.4 address but they also come with a routeable Sophos Central address.

    Why can't they do it with https to a UTM? I suspect it's because of the REDs??

  • x.cr3w said:

    but it would be nice to configure the "magic ip" on a accesspoint manually.

    You actually can configure a different magic ip via a DHCP option, see also:

    community.sophos.com/.../119131

  • Nice catch there. Opens up possibilities.

  • But, from what I can see you need the remote site to have a dhcp server capable of providing options. I think the aim was to have an AP at a remote site with the AP providing the connectivity (VPN) back to the head office server functions.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Reiner, have you tried this?  Anyone?  It seems like one would just need to specify the External interface as Allowed.  I don't know yet how I'd feel about the secure-ness of that though...

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • and more interesting is, traffic between accesspoint and wan interface is encrypted? i dont think so


    Sophos Platinum Partner 
    Sophos Certified Architect
    (Ceritfied UTM Architect / Certified XG Architect)

  • No, I haven't tried it for connecting the AP to remote sites. And I also wouldn't recommend it.