Hi, good day.
I have a router that has bandwidth control and ip groups, this is very usefull for me. From the router i take the Internet service to a port on my Sophos Firewall (its a dell optiplex server with 3 lan ports). This PORT 1, works on the firewall as WAN, a second port PORT 2 works as LAN and here goes to the main switch (a cisco 48 ports), then the third port PORT 3 works also as LAN but on the zone WIFI. I do a bridge with this 3 ports and works great.
The problem comes here:
Note: Main router has the ip 192.168.110.1/255.255.0.0, DHCP: 192.168.111.10-199 (192.168.110.2-254 are for static ip for some groups)
LAN ZONE (wired): all devices are free of any authentication (captive portal). Usually DHCP but static ip in some cases. Works ok.
LAN ZONE (wifi - ap connected without dhcp): the devices get also the ip from the main router (cuz im using relay), when i set up the firewall rules, i choose an ip group to ask for an user through a captive portal WHEN the source zone is wifi. If a device connects to the any of this AP, gets an ip on the range 111.10-199 and the firewall ask for a valid user. For me this works ok.
WIFI ZONE (wifi - routers with dhcp on the range 192.168.110.11-12): When a device connects to this, gets an ip on the range 192.168.1.100-199, and ask for a valid user. This is ok, but the problem comes when a second device connects, cuz the firewall doesnt ask for any user. I understand this is because it verify the ip of the router, not the ip of the client. So here is what i dont know how to solve. I have been thinking about the option to set up the sophos dhcp server only for the wifi zone or for the PORT 3 that in my case if for the wifi zone, but looks it is not possible or i dont know how to make it.
Does anybody has any advice? thanks.
BTW: i have an extra port (PORT 4), that i could make maybe another bridge with port 4 and 3 to work only with the WIFI zone if necesary.
This thread was automatically locked due to age.
