I am unable to get internet access on my Cisco WAP371 connected to my XG firewall.

Hi Corey,

when your users connect to the APs do they get an IP address? Are the IP addresses assigned to the AP users allowed out of the XG with a firewall rule?

Ian

Hi, 

I do get a valid IP when connecting to the SSID. I am able to access devices on the LAN just not the internet. IPCONFIG reveals that the DNS servers are not resolving. What sort or rule would I need to create?  I have 5 WAP's setup with static IP's connecting to a POE switch which is connected to my LAN port on the Sophos Firewall. The LAN ports are all bridged with a Lan - Lan firewall rule. There is also a Lan-Wan firewall rule to allow traffic out to the web ( default rule with Sophos XG ). All other devices on the LAN are able to connect to the internet. DHCP and DNS are handled by my domain controllers. Thanks for the help! 

Additionally, I am able to see my IP lease in DHCP for my computer connecting to the SSID. If I go into the properties of the WiFi adapter and change the DNS entry to manual I can set the DNS servers and internet access is restored. The odd thing is that this was all working before I switched over to the Sophos firewall. 

LAN, Any Host --> LAN, Any Host

LAN, Any Host --> WAN, Any Host

Do wifi connected users stays under LAN zone or are there another zone?

WiFi users stay under the LAN zone and are assigned an IP address from the same subnet. I am not using the Firewall to manage the AP's. I do have them clustered through the Cisco software. 

Ah this is fine, i'd worked cisco controller software before. The odd thing is i needed to add dns servers to controller software to make it work on my latest deployment. But you can still write your domain servers to dns on cisco. I think its not about Sophos.