I've hit a wall in my move from UTM 9 to XG and I'm not quite sure why...
I have two Apple AirPort Extreme APs in bridge mode with an ethernet connection between the two and directly connected to my XG (no switch between). I'm broadcasting two wifi networks, My WPA2 encrypted network and my wide open guest network. Apple places all the guest traffic on VLAN 1003 and sends it to the gateway configured on the APs (which is my Sophos XG).
Sophos XG is running on an ESXi 6 host with two NICs. External and Internal. The internal NIC is an onboard 1Gbps Broadcom and external NIC is an Intel PCI 1Gbps NIC.
Inside the ESXi host are two vSwitches, External and Internal.
External has one port group dedicated to WAN traffic.
Internat has two port groups: one internal port group without VLAN tagging; one guest port group with VLAN 1003 tagged.
The XG has three interfaces. WAN, LAN, and Guest. Guest is NOT tagged because the Guest port group strips off VLAN tagging.
I have a DHCP server setup for LAN and Guest. LAN works fine, all my internal clients are working fine. I cannot get DHCP to respond to any client that connects to the Guest Wifi network.
The kicker is, this same setup worked for UTM 9 - in fact, I have the VM for UTM turned off but still configured to support this network - and guests connect without issue. I'm missing something here that's preventing me from successfully implementing XG in my network.
This thread was automatically locked due to age.
