XG Firewall and RED with Wifi guests and LAN access - different VLANS?

Question

We have a XG firewall with AP55C Access Points. 
 There is a Wifi network now for Guest (WPA2 Personal) with internet access only. No access to local LAN and isolated. The reseller set this up as Sophos bridge to AP LAN. 
 I would also like to set up a Wifi VLAN for LAN access with AD authentication. 
 Furthermore I want to set up a RED for a remote office with the RED acting as a gateway. A cabled connection to the RED needs to become part of a LAN VLAN. When connecting with the RED to the Wifi Guest network I would like it to become part of the Wifi Guest VLAN. When connecting to the LAN WIFI network I would like it to become part of the Wifi LAN VLAN. 
 Our core switches have a routing table. 
 When I connect to the Wifi Guest network via the RED I get an IP adress of the RED adress range. 
 Are there instructions / best practices for setting up such a scenario on the XG? 
 TIA, 
 Fred

LuCar Toni · Accepted Answer

So basically you have to setup two steps. 
 Radius Authentication for Wireless. 
 https://community.sophos.com/kb/en-us/122790 
 https://community.sophos.com/kb/en-us/127328 
 
 Your VLAN Topic needs some more research. 
 RED is a layer 2 cable (and Bridge). 
 So basically RED is bridging a Cable between its LAN Port and XG. 
 So to get the same VLAN, you will have to start to bridging on your XG, with is just a bad idea. (At least i am not quite a fan of it). 
 I would suggest to build up a new VLAN ID on the RED site. With own network Domain. 
 Most of the time, there is no "real" reason to transport the VLAN ID from remote site to headquarter. 
 XG / RED can support such setups, but i am not the fan of this.