Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 21374 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Guest WIFI Configuration

SamsonPacharne1

Hello,

I just need help configuring the guest Access on my WIFI Devices. We have a Sophos XG135, and 3 Sophos AP-55.

All the three AP's are connected to the Firewall on the LAN Port eth0 through a Switch, we have a Windows DHCP Server Connected to the Same LAN Segment through the Same Switch.  The Windows DHCP Server has the following IP Pool 172.30.1.0 / 24.

All the three access point AP-55 are grouped together in a Single Group, and we have created 2 SSID's for the Entire AP-Group.

1. Employees in Bridge to AP LAN mode.

2. Guests in Separate Zone.

I have configured a Separate DHCP Server for the Guest SSID, with the IP Address of 172.16.1.1 and DHCP Pool from 172.16.1.10 - 172.16.1.200 for this particular IP.

I just want to confirm the following,

1. Will this Firewall DHCP Server in any way Conflict with the Windows DHCP Server?

2. Do I need to mention any Alias for the LAN Interface from the Firewall DCHP Pool for Communication?

What I am trying to achieve is

1. People connected to Employees SSID should be able to access the Internet as well as the local LAN Segment.

2. People connected to Guest SSID should be able to access the Internet only and not the LAN Segment.

Thanks & regrads,

Samson Pacharne.



This thread was automatically locked due to age.
Parents
  • 0

    Samson,

    what ip is configured on XG lan interface? Also can you explain more in depth the meaning:

    Do I need to mention any Alias for the LAN Interface from the Firewall DCHP Pool for Communication?

    Thanks.

  • 0 in reply to lferrara

    Dear lferrara,

    The firewall LAN interface has an IP Address of 172.30.1.251 reserved on the Windows DHCP Server.

    Guest WIFI Interface has an IP of 172.16.1.1.

    Do I need to configure any additional Alias for LAN Interface as well from the 172.16.1.0/24 segment.

    Regards,

    Mr. Samson Pacharne.

  • 0 in reply to SamsonPacharne1

    Samson, now it is clear.

    Once you are connected the AP and created the different Wireless LAN, make sure you added both Wireless Networks to AP, inside Protection > Wireless Protection > Access Points.

    Configure DHCP Server for the Separete Network and have a look at interfaces. XG will create Separate Interface IP and link it to Wifi zone.

    The last thing, create Firewall rules to allow traffic from Wifi Zone to Internet.

    Windows DHCP server is not a problem, because it will listen on different subnet.

  • 0 in reply to lferrara

    Thanks for informative reply.

    By the way im creating Guest Wifi too.

    Stuck at last part. For creation Firewall rule;

    The last thing, create Firewall rules to allow traffic from Wifi Zone to Internet.

     

    How to manage that.
    Thanks alot.

  • +1 in reply to Can carmack

    Hello Murat,

    A simple setup I use.

    1)  2 Wireless Networks - a) WiFi Zone b) Bridge to AP LAN

    For the GuestAP you will have an interface:

    Your DHCP for the GueatAP interface:

    A Guest WiFi network in Hosts and Services:

    A firewall rule to tie the WiFi zone to your Guest Network:

    Paul

Reply
  • +1 in reply to Can carmack

    Hello Murat,

    A simple setup I use.

    1)  2 Wireless Networks - a) WiFi Zone b) Bridge to AP LAN

    For the GuestAP you will have an interface:

    Your DHCP for the GueatAP interface:

    A Guest WiFi network in Hosts and Services:

    A firewall rule to tie the WiFi zone to your Guest Network:

    Paul

Children