Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 9044 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge Wifi Protection to Physical Port

Brian Hawkins

 I am looking to see if this is possible, I have a Wifi Protected Zone setup that has no internet which works great, but I also want to bridge it to a physical port on the XG router so wifi clients can access a server thats plugged into the port. I added this port to the same zone, but I am not getting DHCP on the server thats plugged in. Is there a way to create a bridge?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    Quick question and maybe this is just my understanding of that setting, but if I set that would it route the traffic to the same LAN as the access point? Or is all traffic tunneled first to the XG and then routed back to the proper interface? I need to keep this traffic isolated to its own network, and not the network that the AP's are installed to.  Until recently I had just setup a WiFi protection scheme with its own DHCP range and firewall rules that kept this data off our network. 

  • 0 in reply to Brian Hawkins

    Brian Hawkins said:

    Quick question and maybe this is just my understanding of that setting, but if I set that would it route the traffic to the same LAN as the access point? Or is all traffic tunneled first to the XG and then routed back to the proper interface? I need to keep this traffic isolated to its own network, and not the network that the AP's are installed to.  Until recently I had just setup a WiFi protection scheme with its own DHCP range and firewall rules that kept this data off our network. 

     

    Yes it will.  So that's not what you want right?

    This server, I assume is on your LAN in the LAN Zone.

    The WiFi is in a separate Zone.

    Build a firewall rule between WiFi zone, any and LAN Zone + Server IP only.  Restrict it to the protocols/services you need to pass from WiFi to LAN.

    Assuming you get DHCP on WiFi zone from Sophos XG and the Sophos XG is configured as the gateway to the WiFi Zone (on the wiFi Zone IP subnet), then this should work.

  • 0 in reply to Brian Hawkins

    Brian,

    you need to create a separate zone and create proper firewall rule to allow traffic back and forth. If you bridge the AP to LAN, XG will be not able to filter traffic on the same LAN.

    Regards