Sophos Firewall - Wireless Protection

Overview

Overview

Deployment

Wireless Networks

Hotspots

Overview

It’s possible to deploy access points in remote offices that are connected to the Sophos Firewall with a RED

Magic IP

The access point will send a discovery packet to 1.2.3.4, this is referred to as the magic IP.
This is a valid internet address and so will be routed to the default gateway.

If the Sophos Firewall is the default gateway, or on the route to the internt, it can intercept and respond to the discovery packet beginning the registration process.

Deployment

  1. Connect the access point to the network
  2. Navigate to PROTECT – Wireless – Access points
  3. Accept the pending access point
  4. Assign wireless networks to broadcast

Wireless Networks

Wireless Networks are the configuration that access points use to allow clients to connect.
They define the security and authentication requirements for devices that want to access the network as well as network parameters such as IP range and gateway.

Creating Wireless Networks

Configured in:
PROTECT – Wireless – Wireless networks

Security Modes

Bridge to AP LAN

Bridge to AP Lan is used when traffic needs to be routed to the network that the access point is directly connected to.

The traffic is never send to the Sophos Firewall by the access point. The traffic is directly in the LAN.

The Sophos Firewall is only used for management of the AP and to collect logs

Bridge to VLAN

With Bridge to VLAN, wireless traffic is tagged by the access point, this allows to identify that the traffic is associated to a specific VLAN.

The access point must be connected to a trunk or hybrid port on the switch so that it is able to read the VLAN tags adn route the traffic correctly.

Separate Zone

Separate Zone allows to segment the wireless traffic without using a VLAN.

Hotspots

Hotspot types

  • Terms of acceptance
    users must agree to a set of terms before getting access through the hotspot
  • Password of the day
    a password needs to be provided by users and is generated daily
  • Voucher
    each user has their own voucher to access

Hotspots are deployed to interfaces on the Sophos Firewall, whether that’s a physical port or a wireless interface from a seperate zone.

Creating Hotspots

  1. select any interface that is not in the WAN zone.
  2. select policies
  3. select Hotspot type

When you save the hotspot a firewall rule and linked NAT rule will be created.

Configured in:
Wireless – Hotspots

Scroll to Top