In the last 2 weeks we've migrated into Sophos, and away from a very old Sonicwall and a questionably 3rd party maintained GravityZone arrangement.
So far, beyond some small teething issues, it's been pretty smooth and almost everything is up and running.
The one piece of kit I've got left that's not quite playing ball is our WiFi AP, which in order to provide signal is upstairs (my comms space is downstairs behind some Georgian era stonework, so the XG's wifi might as well be dead for all the signal that's getting out) - but I digress.
Our config at the moment is:
Port1 - LAN > HP ProCurve > Rest of the office (with our DC providing DHCP for the corp hardline & wifi)
Port2 - WAN > Primary Broadband
Port3 - WAN > Failover Broadband
Port4 - Unused
The Sophos XG is plugged into the ProCurve on Port1, and the Zyxel Nebula AP is plugged into Port2 on the ProCurve, the Zyxel has 2 SSID's, one for corp, one for guest. Corp on VLAN1, Guest on VLAN10. The ProCurve is configured appropriately for the tagging.
The corp wifi works absolutely fine, no dramas there.
The guest wifi however doesn't, doesn't get an IP (machines default to a 169.254.xxx.xxx), and thus doesn't get traffic.
In the past, our old Sonicwall was providing DHCP just for VLAN10, and routing that straight to the outside world, with no crossover.
I'm trying to figure out how I do that on our XG. Referencing this: https://community.sophos.com/kb/en-us/123127 I'd thought to add the VLAN to Port1, but when I go to add a VLAN, it doesn't let me select that port. I assume because it's in a bridge.
I then read through this: https://community.sophos.com/kb/en-us/123508 - but I'm unclear if using 'set' would replace any other current set VLAN ID's? If I'm setting a VLAN, do I//Can I set multiple VLAN's? If so, what's the syntax to do so? I read through the CLI manual, but it wasn't any clearer on the topic.
Now the bridge seems rather redundant to me, it was made by the wizard during the initial config I assume, but I'm not clear on what the Interface:Sophos, Zone:LAN entity is really for? I'd assumed something to do with Sophos Central perhaps, or the native Sophos WiFi, but if that's the case, why is the zone LAN instead of WiFi?
Additionally - I'm not clear on how I'd delete the bridge to re-configure Port1 as a standalone without losing all connectivity to the device?
Could I do it via an alternative connection and Sophos Central? Assuming that Central wouldn't need Port1, as it would be connecting in via WAN?
Any input would be welcomed.
This thread was automatically locked due to age.