Using Sophos Access Points behind a RED

In case you are using split-tunnel with your Sophos UTM and an Access Point behind a RED, you need to configure some additional parameters. The Access Point always wants to connect to the WLAN Controller address 1.2.3.4 so you need to add this host to the split-network area:

red-device-wlan 

after this the RED will reboot and the access point will try to connect to the controller address. You can see blocked packets in the firewall live log:

packet-deny 

to allow the communication between the UTM WLAN controller address and the branch office, you need to add this network under the wireless protection / global settings:

wireless-protection 

after this configuration changes, you will see a new access point in the WebAdmin and can allow the joining. The access point will download the new firmware and restart itself. Keep in mind that you need to add the AP to your existing WLAN group to provision the configured SSIDs.

2 thoughts on “Using Sophos Access Points behind a RED”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.