Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 704 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding UnFi WiFi to XG Firewall

Pete Matthews

Hi, 

I'm bringing a XG310 (v18) firewall into my network to replace a UniFi Security gateway as the main firewall. 

 

I have two WiFi networks controlled by my USG (one staff and one guest) the staff can access the corporate LAN, but the guest can only access the internet. 

 

I'm basically struggling to figure out how best to implement this . 

Here is my current system.

 

 

My understanding is that i need to remove the Unifi gateway. Sooooo....

Would i be best to plug my WiFi switch into its own port on the sophos and then bind the vlans?  Such as 

 

Am i correct in assuming I am best to use the XG310 for DHCP server on these?

 

Are there any guidance videos out there for this sort of setup?  Am I correct in my assumption that the Sophos WiFi channel is only accessible to Sophos hardware?

 

If there are help videos on the sort of setup please steer me in the right direction

Thanks

 

Pete



This thread was automatically locked due to age.
Parents
  • +1

    Hey there,

    Setup looks ok. You would need to ensure that the port the Sophos is attached to the switch is a trunk port so all the Vlans are passed.

    Then you would need to configure Firewall Rules for allowing each Vlan access to the WAN

     

    I'd do each Vlan as a seperate rule, so you can configure seperate IPS and Content Filtering policies if required.

     

    The Wifi settings in the XG require Sophos Wifi Hardware, You could look at replacing the Ubiquiti Access Points with Sophos ones, which allows you to create the Wifi zones and SSID's in the XG, and manage all from there, but it would be additional expense.

     

     

Reply
  • +1

    Hey there,

    Setup looks ok. You would need to ensure that the port the Sophos is attached to the switch is a trunk port so all the Vlans are passed.

    Then you would need to configure Firewall Rules for allowing each Vlan access to the WAN

     

    I'd do each Vlan as a seperate rule, so you can configure seperate IPS and Content Filtering policies if required.

     

    The Wifi settings in the XG require Sophos Wifi Hardware, You could look at replacing the Ubiquiti Access Points with Sophos ones, which allows you to create the Wifi zones and SSID's in the XG, and manage all from there, but it would be additional expense.

     

     

Children
No Data